BKCBRCRM.RVW 980425 "Cyber Crime", Laura E. Quarantiello, 1997, 0-936653-74-4, U$16.95 %A Laura E. Quarantiello 73733.1653@compuserve.com %C P.O. Box 493, Lake Geneva, WI 53147 %D 1997 %G 0-936653-74-4 %I Limelight Books/Tiare Publications %O U$16.95 +1-414-248-4845 %P 144 p. %T "Cyber Crime: How to Protect Yourself from Computer Criminals" Running through the text of "About This Book," the preface, and the introduction, is a statement that this work is for the protection of the average computer user. Unfortunately, the "average" computer user is a fairly ill-defined concept, and it is difficult to know specifically what type fo user and what type of risks the book is about. As the author notes, generic computer security books are of daunting size, but that is because data security is a large field of study. Chapter one opens with a general look at computer crime. Most of the chapter discusses the computer criminal, however. While Quarantiello at least acknowledges the multiple users of the term "hacker" the origins of unauthorized computer exploration lie at least two decades further back than the book states, and the division between ethical and non-ethical uses of computers is hardly the amicable separation implied by the text. The more serious error, however, is that computer crime somehow involves some extra level of skill or knowledge. Not even system security breakers are the evil genii suggested by the book, and, in fact, the bulk of computer crime is committed by insiders with little knowledge of computers beyond menial use. A very similar review of phone phreaks and system crackers constitutes chapter two, which also includes a brief and jumbled collection of the common types of telephone and computer scams and myths, including the amazingly resilient legend of the "salami scam." Except for the mention of shoulder surfing and social engineering, though, little is of help to the common user. The coverage of viruses in chapter three is abysmal. Although I am well used to misinformation in general security texts, there is not a paragraph that does not contain at least one error of fact, and most are not minimal mistakes. (This is the more disappointing when the book twice quotes from Fred Cohen.) Chapter four looks at the various dangers of fraud, harassment, and invasion of privacy online. Unfortunately, details are few, confusing criminal invasion with legitimate, commercial databases of information, and weakening the warnings about stalking by failing to explain the situations realistically. Part two of the book discusses protective and defensive measures users can take to safeguard themselves. Chapter five recommends a number of steps to take. Unfortunately, few of the suggestions are practical. Make a policy never to discuss company computers with anyone aside from the sysop? This is a simple rule? It'll last until the first coffee break. "Take a minute or two to back up your hard disk" each time you look at a new diskette or CD-ROM? I suppose it'll work if your backup device is /dev/null. Get a copy of all public records about you? You probably have no idea what they are, or how to access them, and even if you have records of them all (updated how often?), the records will still be public. Use encryption for all email? *Which* encryption? The proposals for password choice are acceptable, although nothing special. The advice for protecting children online is basic but reasonably good. Chapter six seems to be a collection of stories about the times that authorities have been able to deal with computer crime. The final chapter is a brief and rather naive personal view of the security field. This book is yet another attempt by a complete novice to inform the world about data security. There are, regrettably, a great many similar tomes, long on frantic warnings and short on both facts and useful counsel. I have no doubt that many of the cautions are based on true stories, taken from court cases and possibly personal correspondence. However, I also know that a number of the tales are mythic, and even the true anecdotes are presented in a spectacular fashion. Statistics given are questionable, or not presented in sufficient detail to give a true picture. Overall, this is unlikely to be of value to the average computer user, however defined. copyright Robert M. Slade, 1998 BKCBRCRM.RVW 980425