The Myths of Security: What the Computer Security Industry Doesn't Want Your to Know

Description

If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue.

 Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells you:

* Why it's easier for bad guys to "own" your computer than you think
* Why anti-virus software doesn't work well -- and one simple way to fix it
* Whether Apple OS X is more secure than Windows
* What Windows needs to do better
* How to make strong authentication pervasive
* Why patch management is so bad
* Whether there's anything you can do about identity theft
* Five easy steps for fixing application security, and more

 Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.

CONTENTS:

ForewordPrefaceChapter 1: The Security Industry Is BrokenChapter 2: Security: Nobody Cares!Chapter 3: It's Easier to Get "0wned" Than You ThinkChapter 4: It's Good to Be BadChapter 5: Test of a Good Security Product: Would I Use It?Chapter 6: Why Microsoft's Free AV Won't MatterChapter 7: Google Is EvilChapter 8: Why Most AV Doesn't Work (Well)Chapter 9: Why AV Is Often SlowChapter 10: Four Minutes to Infection?Chapter 11: Personal Firewall ProblemsChapter 12: Call It "Antivirus"Chapter 13: Why Most People Shouldn't Run Intrusion Prevention SystemsChapter 14: Problems with Host Intrusion PreventionChapter 15: Plenty of Phish in the SeaChapter 16: The Cult of SchneierChapter 17: Helping Others Stay Safe on the InternetChapter 18: Snake Oil: Legitimate Vendors Sell It, TooChapter 19: Living in Fear?Chapter 20: Is Apple Really More Secure?Chapter 21: OK, Your Mobile Phone Is Insecure; Should You Care?Chapter 22: Do AV Vendors Write Their Own Viruses?Chapter 23: One Simple Fix for the AV IndustryChapter 24: Open Source Security: A Red HerringChapter 25: Why SiteAdvisor Was Such a Good IdeaChapter 26: Is There Anything We Can Do About Identity Theft?Chapter 27: Virtualization: Host Security's Silver Bullet?Chapter 28: When Will We Get Rid of All the Security Vulnerabilities?Chapter 29: Application Security on a BudgetChapter 30: "Responsible Disclosure" Isn't ResponsibleChapter 31: Are Man-in-the-Middle Attacks a Myth?Chapter 32: An Attack on PKIChapter 33: HTTPS Sucks; Let's Kill It!Chapter 34: CrAP-TCHA and the Usability/Security TradeoffChapter 35: No Death for the PasswordChapter 36: Spam Is DeadChapter 37: Improving AuthenticationChapter 38: Cloud Insecurity?Chapter 39: What AV Companies Should Be Doing (AV 2.0)Chapter 40: VPNs Usually Decrease SecurityChapter 41: Usability and SecurityChapter 42: PrivacyChapter 43: AnonymityChapter 44: Improving Patch ManagementChapter 45: An Open Security IndustryChapter 46: AcademicsChapter 47: LocksmithingChapter 48: Critical InfrastructureEpilogueColophon