Defending Microsoft Windows against viruses requires careful attention to emerging technical alerts and diligence in installingmanufacturers’ latest patches and upgrades. You’ll do a better job of keeping Windows secure if you have a body of background knowledge about security weaknesses in Windows and familiarity with good security practices. That, for the most part, is what Malicious Mobile Code is about. Roger Grimes shares facts, tells stories, and reveals technical details that will make you realize how serious a threat is posed by malicious mobile code (a catch-all term Grimes uses to describe viruses, Trojans, and the like). Further, his exposition will likely motivate you to take the precautions he recommends.
Some of Grimes’s advice is by now obvious (don’t run executable files that arrive attached to e-mail messages), but a lot of it will be news to Windows users and even system administrators. For example, he goes into considerable detail on how BackOrifice works, with particular attention to how black-hat hackers use it to build networks of compromised machines that they can use in further attacks. He’s liberal with defensive advice, as well, describing how to adjust the settings of your browser, instant messaging client, and other software to stave off attacks. There’s much discussion of Registry manipulation, too. More coverage of risks specific to Windows 2000 (and Windows XP, which isn’t covered here at all) would make this book better, but since many attacks are generic to 32-bit Windows environments, Grimes’s work remains current. –David Wall
Topics covered: Viruses, Trojans, worms, and other nasties–particularly those that can be distributed with e-mail messages, Web pages, or instant messaging tools–that can disable Microsoft Windows, or turn control of it over to unauthorized hackers. Coverage is explanatory, in a “know your enemy” sort of way, and includes lots of defensive strategies.
Over 75% of network attacks are targeted at the web application layer. This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications. This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality […]