If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue. Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells you:
- Why it's easier for bad guys to "own" your computer than you think
- Why anti-virus software doesn't work well -- and one simple way to fix it
- Whether Apple OS X is more secure than Windows
- What Windows needs to do better
- How to make strong authentication pervasive
- Why patch management is so bad
- Whether there's anything you can do about identity theft
- Five easy steps for fixing application security, and more
Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.
✦ Table of Contents
Contents......Page 6
Foreword......Page 10
Preface......Page 14
Why Myths of Security?......Page 16
Acknowledgments......Page 17
How to Contact Us......Page 19
Safari® Books Online......Page 20
The Security Industry Is Broken......Page 22
Security: Nobody Cares!......Page 26
It’s Easier to Get “0wned” Than You Think......Page 30
It’s Good to Be Bad......Page 40
Test of a Good Security Product: Would I Use It?......Page 46
Why Microsoft’s Free AV Won’t Matter......Page 50
Google Is Evil......Page 54
Why Most AV Doesn’t Work (Well)......Page 62
Why AV Is Often Slow......Page 70
Four Minutes to Infection?......Page 76
Personal Firewall Problems......Page 80
Call It “Antivirus”......Page 86
Why Most People Shouldn’t Run Intrusion Prevention Systems......Page 92
Problems with Host Intrusion Prevention......Page 96
Plenty of Phish in the Sea......Page 100
The Cult of Schneier......Page 108
Helping Others Stay Safe on the Internet......Page 112
Snake Oil: Legitimate Vendors Sell It, Too......Page 116
Living in Fear?......Page 120
Is Apple Really More Secure?......Page 126
OK, Your Mobile Phone Is Insecure; Should You Care?......Page 130
Do AV Vendors Write Their Own Viruses?......Page 134
One Simple Fix for the AV Industry......Page 136
Open Source Security: A Red Herring......Page 140
Why SiteAdvisor Was Such a Good Idea......Page 148
Is There Anything We Can Do About Identity Theft?......Page 150
Virtualization: Host Security’s Silver Bullet?......Page 156
When Will We Get Rid of All the Security Vulnerabilities?......Page 160
Application Security on a Budget......Page 166
“Responsible Disclosure” Isn’t Responsible......Page 174
Are Man-in-the-Middle Attacks a Myth?......Page 184
An Attack on PKI......Page 188
HTTPS Sucks; Let’s Kill It!......Page 192
CrAP-TCHA and the Usability/Security Tradeoff......Page 196
No Death for the Password......Page 202
Spam Is Dead......Page 208
Improving Authentication......Page 212
Cloud Insecurity?......Page 218
What AV Companies Should Be Doing (AV 2.0)......Page 224
VPNs Usually Decrease Security......Page 234
Usability and Security......Page 236
Privacy......Page 238
Anonymity......Page 240
Improving Patch Management......Page 242
An Open Security Industry......Page 244
Academics......Page 246
Locksmithing......Page 248
Critical Infrastructure......Page 250
Epilogue......Page 252
Index......Page 254