[ISN] Book review: "Computer Security for the Home and Small Office" by Thomas C. Greene

InfoSec News isn at c4i.org
Wed Jun 2 05:12:38 EDT 2004 

http://www.powells.com/cgi-bin/partner?partner_id=28327&cgi=product&isbn=1-59059-316-2

Computer Security for the Home and Small Office
Thomas C. Greene
Paperback - 405 pages (2004)
$39.99 - Apress ISBN: 1-59059-316-2

[Full Disclosure: I have been quoted by Greene for past articles in a 
friendly/professional capacity. He has also written articles that were 
accusatory to me and attrition.org in the past. Translated: I owe him 
nothing.]

The first and most obvious question that will come to some people is 
where an alleged hack from The Register [1] gets off writing a book on 
computer security. After reading the entire book, you'll understand 
that his last five years covering computer security and playing 
Windows solitaire has paid off. Just as he writes his news material in 
an "irreverent editorial style", so shall I in this quippy review.

Computer security isn't just for hackers or professionals, it's 
something every computer owner and operator should be aware of. When 
we read about the worm-of-the-week, it is infecting and compromising 
tens of thousands of machines, often owned by you, the end user. How 
are the average computer users expected to protect their home systems 
when security is a discipline and career? In the past, they were 
expected to read web sites, trust Microsoft and possibly struggle 
through an overly technical book detailing the ins and outs of 
firewalls or other security technology. Some books came out to address 
this issue but ended up being dull, covering the absolute basics while 
ignoring serious issues, or contained more errors than facts. After 
all this time, one book seems to be ideal for the everyday user, and 
read to educate them on more than configuring a Windows machine or 
personal router.

Overall, the book favors the end Windows user in time spent explaining 
the gritty details of basic security. However, neophyte Linux users 
will be able to learn some of the basics as applies to them, as Greene 
considers both platforms when dealing out information. Using plain 
wording unencumbered by superflous jargon, the lessons you need are 
easy to understand, well organized and well written. Fortunately for 
you, the book was technically reviewed by Robert Slade [2] before 
hitting the shelves, and it shows. It's a pleasant change of pace 
reading a book without sighing in disgust every few pages when the 
author typically proves they are better off working at McDonalds. The 
Greene/Slade combination is definitely worthy of Subway.

The last third of the book moves beyond configuring your computer and 
delves into the single most aspect of computer security: Common Sense 
and Awareness. Rather than continue on with tech tips, Greene opts to 
educate the end user about the security industry, which is a blessing 
in disguise. Later chapters warn you on FUD (Fear, Unscertainty and 
Doubt), how to avoid industry charlatans, and how to apply common 
sense toward keeping unwanted people out of your system.

Greene also delves into some of the great debates of our time, like 
open vs closed operating systems (Windows vs Linux). His journalistic 
experience shines through here and Greene delivers perhaps the single 
best summary of why Linux may be a better option for you than Windows. 
He dispels the myth that it is too complex, that it doesn't run the 
programs you want, and the shortcomings of Windows. 

The last section covers a wide variety of topics that move beyond the 
personal computer and into daily life, as computers may affect you. 
This is a nice touch as a large part of the population doesn't follow 
technology news despite the drastic effects it can have on your life. 
By understanding what is looming around the corner, you can better 
prepare for changes that affect the Internet, your computer, and your 
security.

No review is complete without a little criticism! The biggest 
complaint I can direct at this book is the practice of lengthy and 
largely worthless Appendix. Starting on page 297 (Appendix B) and 
ending on page 392 (Appendix C), about half of the material would have 
been better left on Greene's new website [3]. Giving us long lists of 
trojan port numbers for example, isn't the most helpful thing you 
could have filled those pages with.

All in all, if you are an average Joe when it comes to computers and 
security, grab a copy of this book. It *will* help you learn what you 
need to know, and it will make you realize that security is more than 
tweaking options on a computer configuration screen. That lesson is 
still hard to teach to some so-called security professionals, but one 
you will learn rapidly with this book.

[1] http://www.theregister.com/

[2] http://victoria.tc.ca/int-grps/books/techrev/mnbk.htm

[3] http://www.basicsec.org/

More information about the ISN mailing list