http://www.powells.com/cgi-bin/partner?partner_id=28327&cgi=product&isbn=1-59059-316-2

Computer Security for the Home and Small Office

Thomas C. Greene

Paperback - 405 pages (2004)

$39.99 - Apress ISBN: 1-59059-316-2

[Full Disclosure: I have been quoted by Greene for past articles in a friendly/professional capacity. He has also written articles that were accusatory to me and attrition.org in the past. Translated: I owe him nothing.]

The first and most obvious question that will come to some people is where an alleged hack from The Register [1] gets off writing a book on computer security. After reading the entire book, you'll understand that his last five years covering computer security and playing Windows solitaire has paid off. Just as he writes his news material in an "irreverent editorial style", so shall I in this quippy review.

Computer security isn't just for hackers or professionals, it's something every computer owner and operator should be aware of. When we read about the worm-of-the-week, it is infecting and compromising tens of thousands of machines, often owned by you, the end user. How are the average computer users expected to protect their home systems when security is a discipline and career? In the past, they were expected to read web sites, trust Microsoft and possibly struggle through an overly technical book detailing the ins and outs of firewalls or other security technology. Some books came out to address this issue but ended up being dull, covering the absolute basics while ignoring serious issues, or contained more errors than facts. After all this time, one book seems to be ideal for the everyday user, and read to educate them on more than configuring a Windows machine or personal router.

Overall, the book favors the end Windows user in time spent explaining the gritty details of basic security. However, neophyte Linux users will be able to learn some of the basics as applies to them, as Greene considers both platforms when dealing out information. Using plain wording unencumbered by superfluous jargon, the lessons you need are easy to understand, well organized and well written. Fortunately for you, the book was technically reviewed by Robert Slade [2] before hitting the shelves, and it shows. It's a pleasant change of pace reading a book without sighing in disgust every few pages when the author typically proves they are better off working at McDonalds. The Greene/Slade combination is definitely worthy of Subway.

The last third of the book moves beyond configuring your computer and delves into the single most aspect of computer security: Common Sense and Awareness. Rather than continue on with tech tips, Greene opts to educate the end user about the security industry, which is a blessing in disguise. Later chapters warn you on FUD (Fear, Uncertainty and Doubt), how to avoid industry charlatans, and how to apply common sense toward keeping unwanted people out of your system.

Greene also delves into some of the great debates of our time, like open vs closed operating systems (Windows vs Linux). His journalistic experience shines through here and Greene delivers perhaps the single best summary of why Linux may be a better option for you than Windows. He dispels the myth that it is too complex, that it doesn't run the programs you want, and the shortcomings of Windows.

The last section covers a wide variety of topics that move beyond the personal computer and into daily life, as computers may affect you. This is a nice touch as a large part of the population doesn't follow technology news despite the drastic effects it can have on your life. By understanding what is looming around the corner, you can better prepare for changes that affect the Internet, your computer, and your security.

No review is complete without a little criticism! The biggest complaint I can direct at this book is the practice of lengthy and largely worthless Appendix. Starting on page 297 (Appendix B) and ending on page 392 (Appendix C), about half of the material would have been better left on Greene's new website [3]. Giving us long lists of trojan port numbers for example, isn't the most helpful thing you could have filled those pages with.

All in all, if you are an average Joe when it comes to computers and security, grab a copy of this book. It *will* help you learn what you need to know, and it will make you realize that security is more than tweaking options on a computer configuration screen. That lesson is still hard to teach to some so-called security professionals, but one you will learn rapidly with this book.





[1] http://www.theregister.com/
[2] http://victoria.tc.ca/int-grps/books/techrev/mnbk.htm
[3] http://www.basicsec.org/


main page ATTRITION feedback