The Myth of Security

A really excellent book that clearly explains all the areas in which computer security is lacking. The reader will end up with a much clearer understanding of where their computer security is failing them but will unfortunately have no way of really rectifying the situation. Not for security newbies who may gain the false impression that they don't need security.

My Rating: yesyesyesyesno

Pros

Cons

Description

Review

n some ways this is a very scary book in that it very clearly explains how impossible that it is to actually secure a computer or network and clearly shows how some options give a false sense of security and may even make your system less secure. On the other hand, the book does make it clear what parts of security software do work and how well they work (where having security software works better than not having it). For the most part I agree fully with what the author says about security software worth having and what isn't worth it both for those who know nothing about security and for those more knowledgeable. With those areas where I did not have sufficient prior knowledge to have formed an opinion the viewpoint in the book appears logical.

The closest that I come to actually disagreeing with the author is with regard to personal firewalls. He points out that unless the firewall itself is preconfigured to know what software should and shouldn't have access that the computer user is presented with a whole lot of popups from all the components of the software that they have installed that ask for access. Obviously only someone really knowledgeable on what components belong to what software with a high level of security knowledge as well can reasonably answer all those questions and the typical user will either answer no inappropriately and block their software from running or will answer yes to everything and so defeat the purpose in having the software running in the first place. I agree fully with the author up to that point and yet I still run a personal firewall on all the computers I have at home. The reason that I do this is not really security related (although having a firewall alert pop up at a time when I am not starting a new program is still a good clue to it being something that should be blocked).Basically I run a firewall to control what programs have access to the web. For example I have a copy of Google Chrome installed on my computer that I use for occasional testing of JavaScript that I write. Since I only perform these tests occasionally there is no need for the program to be allowed to check for updates every day and I therefore have it blocked from performing that function in the personal firewall.

Perhaps the biggest problem that this book has is identifying just who its target audience is. For the most part (as acknowledged in the book) the typical computer user has no interest in security and therefore is unlikely to even look at the book. Many of those actually working in security probably think that they already know all the answers and so would also not read this book (even though they are the ones who would probably benefit the most from reading it).

The second biggest problem with this book is that it presents you with all the reasons why various parts of computer security don't work but doesn't (and can't) provide the solutions to those problems. While someone who has read the book will have a much greater understanding of how their computer security isn't protecting them as well as it should, they are still stuck with nothing better to put in its place.

More Information from the Publisher

 

This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow
Donate