Security Alert

jnazario writes "As a computer security professional, one of the things I notice is that for our proposals to be effective, they often require the participation of the vast majority of computer users out there. Almost all of them are not computer security professionals, so it's imperative that our methods be usable by the non-professionals. What makes this even worse is that most computer users are not terribly savvy about what they're using. Terms like hard drives and memory don't mean anything to them, and a browser is just a window to the internet. A computer is a tool for information use, not an end in itself. So, a book like Security Alert: Stories of Real People Protecting Themselves from Identity Theft, Scams and Viruses sounded like it had real promise." Read on for Nazario's review of the book. Security Alert: Stories of Real People Protecting Themselves from Identity Theft, Scams and Viruses author Becky Worley pages 266 publisher Pearson Education rating 3/10 reviewer Jose Nazario ISBN 0735713529 summary Real world tips for regular people to protect themselvs online

If it can communicate threats and solutions effectively to the average computer user, then we're making real progress. After all, even computer security professionals often fail to employ basic measures to protect themselves from typical attacks, we'll have to make sure this stuff is understandable by the general population. Not that they're the "great unwashed" -- hardly. They're just not focusing on this stuff. Hence, we have a challenge: make this stuff understandable by your mom if you want everyone to just get it.

Becky Worley is (was? I haven't watched TechTV in a while) a TechTV on-air personality. She's reported news and events for TechTV for a number of years, and has often done so clearly and at a level you'd expect for a general TV station devoted to technology issues. So, you'd think she'd be a in a great position to collect information and know how to present it. Sadly, Worley's book doesn't fit that niche; it's not going to educate the large masses. In putting myself in the shoes of an average computer user, I found it fails in a number of ways.

The first and foremost failure of the book is right from the beginning. Worley opens up by saying that you're not a target of hackers, yet the rest of the book goes on to discuss how you are. While you're probably not going to be attacked by the same people who try and break in to Pentagon computer networks, virus writers and con artists fall into the same category for most purposes. All of these sorts of people, and what they can do, is described in chapter 1.

There's no discussion of phishing in the chapter on identity theft, which is chapter 2. Identity theft is a large, complicated subject, yet Worley only focuses on credit card number theft. While she talks about social security numbers, she doesn't demonstrate how they have been used to destroy victims' lives. Some advice is given as to how to react to credit card theft, but little information is given here about how to protect yourself to begin with, aside from being careful about whom you give your SSN to.

The book repeats itself often, covering similar material in several places. Chapter 3, which covers online purchasing, covers credit card info theft and email scams again. What it doesn't cover very well is how to spot a legitimate website, how to really use an escrow service, if and how you can get eBay or a shipper to help you out of a scam auction, and the like. Useful information about verifying who owns a certificate for an SSL server, or even making sure you're using an SSL server, is not given. Examples of false websites and auctions would have been useful. After all, after telling us how scammers operate and look so legitimate, illustrating the points about how to spot them would be valuable.

The book is full of anecdotes but few useful pieces of information are placed where they need to be. Chapter 4, which covers viruses, is one of these examples. It spends most of its time covering typical viruses and the usual, but doesn't get into anything beyond "use antivirus software." Never mind that the biggest threat in recent years has been from automated worms and that personal firewalls are useful; that's covered later. We hope you remember the quick tutorial on viruses from before.

The book's organization is poor, with material scattered throughout the book in a fashion that doesn't progress well or develop the information seamlessly. More virus and scam information is placd in Chapter 5, along with virus hoaxes. Several websites are refered to, but little in the way of really spotting a virus hoax or the common scam. Since they still abound, and people still fall prey to them, couldn't a better job have been done to describe what people are looking at have been offered?

In short, the book is a decent collection of links and material but is so poorly organized or so thinly presented it's hard to get what's going on. Take chapters 6 and 7, "Safe and Sane Online Interactions" and "Protecting the Family." Lots of information, somewhat poorly organized, and very skimpy on content. It seems to me that worrying about who is pestering my kids is more important than hearing about someone's EverQuest addiction, so that was a wasted page.

Finally, Chapters 8 and 9 should have been moved up front more. The topic of chapter 8, "Privacy," is perfect for the topics in chapter 2, where worley talks about identity theft. The topics covered here, including spyware and key loggers, are far more germane to the threat against your privacy and bank account information, and have been a growing trend for at least a couple of years. Chapter 9, differentiating being safe and being paranoid, should have been placed up front to help temper the arguments given in the rest of the book. It does a decent job of articulating the threats, what's to fear, and what's at stake.

The book is laden with plenty of anecdotes about online activitis gone awry. What's missing are solid examples of how to do it right, how to use your credit card on trusted sites safely and ensure that you're using services you know are worthwhile. While the book has some useful information in it, it's buried under poor organization, unclear language and presentation, and finally repetition in all the wrong places.

While the world needs a book or two to help every day people understand online security, this isn't the one. If you're looking for something for your kids, your spouse, or your parents, keep looking. This book wont help them make sense of what's going on. I don't think that's too much to ask for, especially from an organization like TechTV which has access to lots of material, people, and motive to produce a solid book.

You can purchase Security Alert: Stories of Real People Protecting Themselves from Identity Theft, Scams and Viruses from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

It burrrns the eyes!

[joranbelar]

How about Security Alert: Stories of Real People Protecting Themselves from Slashdot's IT color scheme. ?

Re:Liver

[geomon]

Let's eat his liver with some fava beans and a nice chianti.

Hannibal?

Ummmm.... Look... You see, this whole eating thing....

Well you can see that it can only be possible if we *first* gut him, and then burn him at the stake.

That would take some of the fun out of the whole burning-the-heretic thingy.

But I'm with you, you know.

Re:Skip the technical details

[Limburgher]

Explaining how these things are dangerous has little affect on the "normal" computer user who doesn't know the difference between a DSL/cable router and a hub, who doesn't know how the Internet works (such as how TCP works, packets, routing).

Or like explaining the difference between effect and affect? :)