BKZERDAY.RVW 20111109 "Zero Day", Mark Russinovich, 2011, 978-0-312-61246-7, U$24.99/C$28.99 %A Mark Russinovich www.zerodaythebook.com markrussinovich@hotmail.com %C 175 Fifth Ave., New York, NY 10010 %D 2011 %G 978-0-312-61246-7 0-312-61246-X %I St. Martin's Press/Thomas Dunne Books %O U$24.99/C$28.99 212-674-5151 fax 800-288-2131 %O josephrinaldi@stmartins.com christopherahearn@stmartins.com %O http://www.amazon.com/exec/obidos/ASIN/031261246X/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/031261246X/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/031261246X/robsladesin03-20 http://www.amazon.com/gp/mpd/permalink/m3CQBX46DOK0AK/ref=ent_fb_link %O Audience n Tech 1 Writing 1 (see revfaq.htm for explanation) %P 328 p. %T "Zero Day" Mark Russinovich has definitely made his name, in technical terms, with Winternals and Sysinternals. There is no question that he knows the insides of computers. What is less certain is whether he knows how to write about it within the strictures of a work of fiction. The descriptions of digital forensics and computer operation in this work are just as confusing, to the technically knowledgeable, as those we regularly deride from technopeasant authors. "[T]he first thing Jeff noted was that he couldn't detect *any* data on the hard disk." (Emphasis in the book.) Jeff then goes on to find some, and notes that there are "bits and pieces of the original operating system." Now there is a considerable difference between not finding *any* data, and having a damaged filesystem, and Russinovich knows this perfectly well. Our man Jeff is a digital forensics hacker of the first water, and wouldn't give a fig if he couldn't see "the standard C: drive icon." Generally, you would think that the reason a technically competent person would write a novel about cyberwar would be in order to inject a little reality into things. Well, reality seems to be in short supply in this book. First of all, this is the classic geek daydream of being the ultimate 'leet hacker in the world. The Lone Hacker. Hiyo SysInfo, away! He has all the tools, and all that smarts, about all aspects of technology. Sorry, just not possible any more. This lone hacker image is unrealistic, and the more so because it is not necessary. There are established groups in the malware community (among others), and these would be working together on a problem of this magnitude. (Interestingly, these are generally informal groups, not the government/industry structures which the book both derides and relies upon.) Next, all the female geeks (and there are a lot) are "hot." 'Nuff said. The "big, bad, new" virus is another staple of the fictional realms which does not exist in reality. Viruses can be built to reproduce rapidly. In that case, they get noticed quickly. Or, they may be created to spread slowly and carefully, in which case they can take a while to be detected, but they also take a long time to get into place. Anti-malware companies don't necessarily rely on honeypots (which are usually there to collect information on actual intruders), but they do have bait machines that sit and wait to be infected (by worms) or emulate the activity of users who are willing to click on any link or open any file (for viruses). Malware can be designed to fail to operate (or even delete itself) under certain conditions, and those conditions could include certain indications of a test environment. However, the ability to actively avoid machines that might be collecting malware samples would be akin to a form of digital mental telepathy. Rootkits, as described in the novel, are no different than the stealth technology that viruses have been using for decades. There are always ways of detecting stealth, and rootkits, and, generally speaking, as soon as you suspect that one might be in operation you start to have ideas about how to find it. A backup is a copy of data. When it is restored, it is copied back onto the computer, but there is no need for the backup copy to be destroyed by that process. Therefore, if a system-restored-from- backup crashes, nothing is lost but time. You still have the backup, and can try again (this time with more care). In fact, the first time you have any indication that the system might be corrupted enough to crash, you would probably try to recover the files with an alternate operating system. (But, yes, I can see how that might not occur to someone who works for Microsoft.) After all, the most important thing you've got on your system is the data, and the data can usually be read on any system, and with a wide variety of programs. (Data files from a SQL Server database could be retrieved not only with other SQL programs, but with pretty much any relational database.) Some aspects are realistic. The precautions taken in communications, with throwaway email addresses and out-of-band messaging, are the type that would be used in those situations. There is a lot of real technology described in the book. (Although I was slightly bemused by the preference for CDs for data and file storage: that seems a bit quaint now that everyone is using USB drives.) The need, in this type of work, for a level of focus that precludes all other distractions, and the boredom of trying step after step and possibility after possibility are real. The neglect of security and the attendant false confidence that one is immune to attack are all too real. But in a number of the technical areas the descriptions are careless enough to be completely misleading to those not intimately familiar with the technology and the information security field. Which is just as bad as not knowing what you are talking about in the first place. Other forms of technology should have had a little research. Yes, flying an airliner across an ocean is boring. That's why the software designers behind the interface on said airliners have the computer keep asking the pilots to check things: keeps the pilots from zoning out. I don't know how quickly you can "reboot" the full control system in an airplane, but the last one I was on that did it took about fifteen minutes to even get the lights back on. I doubt that would be fast enough to do (twice) in order to pull a plane out of a dive. And if you are in a high-G curve to try and keep the plane out of the water, a sudden cessation of G-forces would mean that a) the plane had stalled (again) (very unlikely), or b) the wings had come off. Neither of which would be a good thing. (And, yes, the Spanair computer that was tracking technical problems at the time was infected with a virus, but, no, that had nothing to do with the crash.) Russinovich's writing is much the same as that of many mid-level thriller writers. His plotting is OK, although the attempt to heighten tension, towards the end, by having "one darn thing after another" happen is a style that is overused, and isn't very compelling in this instance. On the down side, his characters are all pretty much the same, and through much of the book the narrative flow is extremely disjointed. Overall, this is a reasonable, though unexceptional, thriller. He was fortunate in being able to get Bill Gates and Howard Schmidt to write blurbs for it, but that still doesn't make it any more realistic than the mass of cyberthrillers now coming on the market. copyright, Robert M. Slade 2011 BKZERDAY.RVW 20111109