If you think computer security has improved in recent years, The Myths of
Security will shake you out of your complacency. Longtime security
professional John Viega, formerly Chief Security Architect at McAfee,
reports on the sorry state of the industry, and offers concrete suggestions
for professionals and individuals confronting the issue. Why is security so
bad? With many more people online than just a few years ago, there are
more attackers -- and they're truly motivated. Attacks are sophisticated,
subtle, and harder to detect than ever. But, as Viega notes, few people
take the time to understand the situation and protect themselves accordingly.
Table Of Contents:
Chapter 1. The Security Industry Is Broken
Chapter 2. Security: Nobody Cares!
Chapter 3. It's Easier to Get "0wned" Than You Think
Chapter 4. It's Good to Be Bad
Chapter 5. Test of a Good Security Product: Would I Use It?
Chapter 6. Why Microsoft's Free AV Won't Matter
Chapter 7. Google Is Evil
Chapter 8. Why Most AV Doesn't Work (Well)
Chapter 9. Why AV Is Often Slow
Chapter 10. Four Minutes to Infection?
Chapter 11. Personal Firewall Problems
Chapter 12. Call It "Antivirus"
Chapter 13. Why Most People Shouldn't Run Intrusion Prevention Systems
Chapter 14. Problems with Host Intrusion Prevention
Chapter 15. Plenty of Phish in the Sea
Chapter 16. The Cult of Schneier
Chapter 17. Helping Others Stay Safe on the Internet
Chapter 18. Snake Oil: Legitimate Vendors Sell It, Too
Chapter 19. Living in Fear?
Chapter 20. Is Apple Really More Secure?
Chapter 21. OK, Your Mobile Phone Is Insecure; Should You Care?
Chapter 22. Do AV Vendors Write Their Own Viruses?
Chapter 23. One Simple Fix for the AV Industry
Chapter 24. Open Source Security: A Red Herring
Chapter 25. Why SiteAdvisor Was Such a Good Idea
Chapter 26. Is There Anything We Can Do About Identity Theft?
Chapter 27. Virtualization: Host Security's Silver Bullet?
Chapter 28. When Will We Get Rid of All the Security Vulnerabilities?
Chapter 29. Application Security on a Budget
Chapter 30. "Responsible Disclosure" Isn't Responsible
Chapter 31. Are Man-in-the-Middle Attacks a Myth?
Chapter 32. An Attack on PKI
Chapter 33. HTTPS Sucks; Let's Kill It!
Chapter 34. CrAP-TCHA and the Usability/Security Tradeoff
Chapter 35. No Death for the Password
Chapter 36. Spam Is Dead
Chapter 37. Improving Authentication
Chapter 38. Cloud Insecurity?
Chapter 39. What AV Companies Should Be Doing (AV 2.0)
Chapter 40. VPNs Usually Decrease Security
Chapter 41. Usability and Security
Chapter 42. Privacy
Chapter 43. Anonymity
Chapter 44. Improving Patch Management
Chapter 45. An Open Security Industry
Chapter 46. Academics
Chapter 47. Locksmithing
Chapter 48. Critical Infrastructure
Appendix A. Epilogue