BKVRSDAE.RVW 951108 "Virus Detection and Elimination", Rune Skardhamar, 1996, 0-12-647690-X %A Rune Skardhamar %C 1300 Boylston Street, Chestnut Hill, MA 02167 %D 1996 %G 0-12-647690-X %I Academic Press Professional %O 619-699-6362 fax: 619-699-6380 app@acad.com 800-321-5068 publisher@igc.org %P 290 %T "Virus Detection and Elimination" Plagiarism is the sincerest form of flattery, so I should, perhaps, be gratified to find that almost the first thing I saw was references to material that I have provided. (I might be forgiven for being less pleased to find sentences copied almost verbatim.) There are a number of common mistakes which Skardhamar does *not* make, and that's good. However ... Although he credits some of my writings ("History of Viral Programs By Robert M. Slade Available on computer."), he hasn't read them carefully enough. He gets names, sequences and technical details wrong. (CMOS RAM is *not* "just normal RAM", the boot sector is not a file, Michelangelo does not "format" the disk, and it's Lehigh University and virus, not "Leigh".) Almost every page contains factual errors, some more important than others. He contradicts himself in many places, often within the same paragraph. (Perhaps the author would like to blame this last on his command of English: there are numerous grammatical errors, and a trick is a ruse, not a "rouge".) My main objection, though, is that Skardhamar, under the "information wants to be free" banner, is distributing virus code. He states that people with the right kind of information make it a policy not to share their knowledge. (This might come as a surprise to Cohen, Denning, Ferbrache, Feudo, Highland, Hoffman, Kane, Solomon and the whole VIRUS-L FAQ team.) Of course he considers the "right kind of information" to be virus code, in spite of the fact (which he even tacitly acknowledges) that for most users such code would do more harm than good. His language, postures (and technical accuracy) are all strongly reminiscent of the vx (virus exchange) groups and publications. (To be fair to both the author and Academic Press Professional, I suspect that the code provided would not assemble as it is. On the one hand, I'm glad he isn't spreading working code. On the other, it's too bad he's even trying to fool his vx buddies.) A disk is included with some snippets of uncommented assembly code which is supposed to help you disinfect a virus. Few average users would have the resources to produce working code from it. Even fewer would have the time to work through it and make sure that the programs weren't malicious. In sum, this work is badly written, technically inconsistent and, if it can be relied upon at all, more likely to contribute to virus production and spread than detection and elimination. copyright Robert M. Slade, 1995 BKVRSDAE.RVW 951108 ====================== ROBERTS@decus.ca slade@freenet.victoria.bc.ca RSlade@cyberstore.ca "A fool's brain digests philosophy into folly, science into superstition, and art into pedantry. Hence University education." -G B Shaw Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0