BKAVNMDG.RVW 20080420 "AVIEN Malware Defense Guide for the Enterprise", David Harley et al, 2007, 978-1-59749-164-8, U$59.95 %A David Harley David.A.Harley@gmail.com %A Ken Bechtel %A Michael Blanchard %A Henk K. Diemer %A Andrew Lee %A Igor Muttik %A Bojan Zdrnja %C 800 Hingham Street, Rockland, MA 02370 %D 2007 %G 1-59749-164-0 978-1-59749-164-8 %I Syngress Media, Inc. %O U$59.95 781-681-5151 fax: 781-681-3585 www.syngress.com %O http://www.amazon.com/exec/obidos/ASIN/1597491640/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1597491640/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1597491640/robsladesin03-20 %O Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation) %P 540 p. %T "AVIEN Malware Defense Guide for the Enterprise" The preface and introduction stress that this work is a collaborative effort, combining the views of a number of AVIEN (Anti-Virus Information Exchange Network) and AVIEWS (Anti-Virus Information and Early Warning System) members, trying to avoid the blind spots that result from perspectives limited to one individual or company. Chapter one outlines the history of AVIEN, noting the tensions between the (rather small) community that has concentrated on research about malware and protection against the various threats and the general user population. (The general user population includes, for various reasons, many of the producers and vendors of antivirus products.) It is noted (although not stressed) that AVIEN concentrates on protection of medium to large companies, and this point is important in regard to protective approaches. A brief, historically-oriented, look at malware and related issues, in chapter two, tries to eliminate common confusion and sets a groundwork for further discussion. The Web is now a major source of security vulnerabilities, but the malware literature has seldom considered the problem as a specific category, so chapter three's excellent overview of the related technologies and exploits is particularly welcome. Botnets are a major threat (or threats: they are used in a variety of ways), and there is a good examination of the major associated concepts in chapter four. Unfortunately, the material is somewhat loosely structured and may be confusing to some readers, and occasionally emphasizes specific (and sometimes dated) technologies rather than the basic ideas. Chapter five examines the often-asked question of who writes malware, bringing up a good deal of interesting material. The text itself may be of scant use to system administrators, although the points made in the summary do indicate trends of concern. Chapter six turns to protective measures, covering not just the usual antiviral technologies, but advising on layered defence, with the attendant required planning and management. Outsourcing, of security functions in general, and antiviral protection in particular, is reviewed in chapter seven, with attention paid to both the dangers and the conditions, agreements, and other factors that might provide success. Chapter eight's look at security awareness training and user education seems to be intended to promote the idea, but is weaker in providing solutions than other areas of the book, concentrating primarily on the difficulties and failures. A variety of tools that might be used in malware analysis, ranging from system information utilities through debuggers to online virus detectors, are listed in chapter nine. Chapter ten considers aspects of evaluating antiviral products, and makes a good, general guide. Chapter eleven notes that the AVIEN organization is changing, and feels like a promotional item to get the reader to become involved, but the lack of detail of what the institution might become does not seem calculated to appeal to busy administrators. The book contains a tremendous wealth of information and references to specific resources and studies. This is not surprising, given the background of the authors, and would, alone, make the text worthwhile. Overall this work provides a solid overview and compendium of advice on the current malware situation, and should be a required starting point for anyone protecting corporate assets in the current, highly threatening, environment. copyright Robert M. Slade, 2008 BKAVNMDG.RVW 20080420