What do you think?
Rate this book
The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue.
Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.
Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.
260 pages, Paperback
First published March 15, 2009
9 people are currently reading
138 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 15 of 15 reviews
August 25, 2009
Several security bloggers recommended this book, so I picked up. It's a very fast read, not only because of the short chapters but also the anemic content. As a veteran with a decade in infosec and a couple decades in IT, the whole thing struck me as an amuse bouche of obviousness. Basically, I read a short essay, nodded my head "uh huh, uh huh" and then it turned the page and it was the end of the chapter. Basically I learned very little new, except that SiteAdvisor was cool (the author's service) and that was that. I think I blew through the whole thing in about an hour. Of course, if you're not working in security and are curious about what's really going on, then this is worth checking out. It summarizes a lot of arguments and suppositions, basically saving a dozen or so hours of trolling security blogs to pick up the same issues.
(from my Amazon review)
(from my Amazon review)
June 12, 2013
This book is aimed at a more general audience so a lot of the advice seemed very practical to me. Don't open email attachments, don't install software from unknown sites, install updates, etc.
One thing I disagreed with was the advice on passwords. Instead of trying to remember a password from lyrics to a song, just use a phrase and throw in some special characters. Even the xkcd advice on passwords is more sound (using 3 or 4 random words).
If you are really paranoid, use a separate machine specifically for sensitive email, banking, etc. One thing to be make sure you do is to use https:// when accessing those websites.
I think the constant name dropping of McAfee was very unprofessional, enough to warrant a 2 star rating.
If you have a passing interest in security this book will be useful. If you are familiar with the concepts, you won't find much new content here.
One thing I disagreed with was the advice on passwords. Instead of trying to remember a password from lyrics to a song, just use a phrase and throw in some special characters. Even the xkcd advice on passwords is more sound (using 3 or 4 random words).
If you are really paranoid, use a separate machine specifically for sensitive email, banking, etc. One thing to be make sure you do is to use https:// when accessing those websites.
I think the constant name dropping of McAfee was very unprofessional, enough to warrant a 2 star rating.
If you have a passing interest in security this book will be useful. If you are familiar with the concepts, you won't find much new content here.
May 12, 2016
Software industry prides itself in its authors almost exclusively evangelizing whichever technology they may be writing about and this book is a rare gem in that regard. There is no sacred cows for John Viega. It'd be almost a Frankfurter kind of reading experience, only if Viega wasn't all to ready to make over-the-top criticisms of the current state of affairs in security industry and then immediately step back and advertise McAfee and himself as being the avant-garde. Nevertheless, it's well worth your time, even if only to scare you off of the Internet (if you are a regular user accustomed to believing any IT marketing spin about its security practices) or to induce a healthy amount of doubt when it comes to your own skills and practices (if you are an IT professional). I would actually force this book down through every Facebook user's throat.
Read
February 7, 2016I wanted to be able to recommend this book, but truthfully, it didn't work for me. Viega did a good job discussing some shortcomings of computer security, but wasn't able to really show anything new. Also, too much time was spent discussing Anti-Virus, which in my mind is nowadays more of the IT management problem than information security problem.
Still, I like that someone even try to shake up the information security beliefs a bit. Book is useful for information security novices to show some problems they will face in their career. Could also work as a reminder for seasoned professionals, who have got lost in work for too long.
Still, I like that someone even try to shake up the information security beliefs a bit. Book is useful for information security novices to show some problems they will face in their career. Could also work as a reminder for seasoned professionals, who have got lost in work for too long.
September 8, 2011
John Viega (главен архитект по сигурността в McAfee) разказва за това колко е зле положението в областта на компютърната сигурност. Книгата е написана на достъпен език и е сбор от кратки размисли в областта на компютърната сигурност: „Какво мотивира лошите?“, „Защо антивирусните програми не работят добре?“, „Опасност ли са телефонните вируси?“, „Пишат ли вируси антивирусните компании?“ и др. Също така дава своите идеи за развитието на компютърната сигурност.
May 5, 2012
A good accessible book on computer security by an expert. Aimed at a general population and avoiding too much jargon and technical detail, it is a good piece that lets a non-techie understand the challenges we face in regards to computer security. Not perfect and I don't always agree with him but he puts the information in bit sized and accessible terms that lay persons can work with. Looking at using this book for a class on security.
June 5, 2015
This is not an expose as the title implies but rather the musings of a security professional at McAfee. Each section is about his opinion of an aspect of information security. The book starts out so whiny that I almost put it down, but later he does give some interesting viewpoints of some of the subjects. That does not mean that his viewpoints are correct, only that he approaches some of the them from interesting angles.
December 10, 2012
I am not a computer security expert so I am not in a position to either support or oppose the author's views expressed in this book. But I found the articles written with a sense of humor a very good read and understood around 75 % of what he has to say.
Read my summary of this book at
http://bookwormsrecos.blogspot.in/201...
Read my summary of this book at
http://bookwormsrecos.blogspot.in/201...
February 11, 2013
It is an excellent book for readers who are not in the IT Security Industry. The book is easy to read and provides a broad perspective to the IT Security Industry. While it doesn't actually debunk the myths with actual proofs, the explanations are simple. Highly recommended for people with interest or are curious about computer security but do not know about technical jargon.
January 5, 2010
There was not a lot of substance to the book. The chapters described the issue but didn't really give any depth on them. It read much more like a blog than a book.
I knew about and agreed with many of the issues before reading this book. There's not a lot of value here.
I knew about and agreed with many of the issues before reading this book. There's not a lot of value here.
May 5, 2014
Easy to read, very basic book on security. Used it for Communications/Technology Convergence course.
April 24, 2016
A big fat 'meh'. Wanted to read it for a while & it had some good points but super fluffy overall and not my favorite writing style.
September 18, 2010
Probably won't read it again.
February 21, 2011
Short, interesting essays on computer and Internet security.
February 26, 2016
it's not as technical as I expected, but helps the average user understand the security industry.
Displaying 1 - 15 of 15 reviews