Home

Malware: Fighting Malicious Code

Jun 11, 2004  By Ibrahim Haddad
 in
A comprehensive guide for defending against viruses, worms, rrotkits and more.

by Ed Skoudis and Lenny Zeltser

Prentice Hall PTR, 2003

ISBN: 0131014056

$44.99 US

Malware: Fighting Malicious Code is the most comprehensive book to date on the subject. The book devotes a full chapter to each type of malware, including viruses, worms, malicious mobile code, backdoors, Trojan horses, user-mode rootkits and kernel rootkits. Each chapter presents the characteristics and methods of attack, evolutionary trends and advice for how to defend against each. In addition, scenarios are presented in which malicious code has been planted in systems and directions are given for how to analyze potential and real malware safely and effectively.

The book focuses both on attacks and defenses. It reveals how attackers install malicious code and evade detection and then explains how to defeat their schemes, secure systems and protect networks from being affected by malware. The book discusses attacks in both Microsoft Windows and UNIX and Linux systems by using examples of recent kernel rootkits.

The book also introduces new ideas and theories, such as the discussions on new attacks to BIOS and Microcode. Here, the authors explain how these attacks are conducted, the results the attackers might be hoping for and how to protect from it. In Chapter 11 for instance, the authors cover reverse engineering. They use a lab setup to dissect malware and discuss some common tools and approaches, then provide a checklist for your own lab. I thought this was a nice feature, especially for people who would like to know more on this subject but are not security experts. This chapter allows them to get some hands-on experience safely in the comfort of their own labs.

The book provides great information for beginners to gain a better understanding but also provides in-depth information for more advanced users. It is well-written and fun to read. The writing style is simple but elegant, allowing readers from different backgrounds to follow the explanations and discussion. The authors have put a lot of effort into making complex topics and concepts understandable, especially with the use of analogies to help explain the difficult sections and scenarios. Malware: Fighting Malicious Code is a must read and an excellent resource.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Malware: Fighting Malicious Code

Anonymous's picture
Submitted by Anonymous on Wed, 06/23/2004 - 02:00.

I'm sure that if the author had written in his introduction : "stop using Windows", he would have had less than 50 pages left to deal with Unix or Linux related malware

Malware: Fighting Malicious Code

Anonymous's picture
Submitted by Anonymous on Tue, 06/29/2004 - 02:00.

Ohhh, very clever! Perhaps you could write a book?

Or, better yet, the introduction should say "Stop using Windows. But, also stop using Linux, Mac OS Classic and X. Use the Newton OS. An old version of Minix, perhaps! NeXTSTEP 3.3 seems pretty clean. That would stop pesky virus and spyware problems quick, and the solution would be a lot more comprehensive than switching to Linux, where by comparison, plenty of malware exists.

Malware: Fighting Malicious Code

ciptension's picture
Submitted by ciptension (not verified) on Wed, 06/16/2004 - 02:00.

Hi !
If you want to find out more about Linux Mail server Antiviruses, try www.benchmarks.dmz.ro
Enjoy,

Cipri

Malware: Fighting Malicious Code

Anonymous's picture
Submitted by Anonymous on Mon, 06/14/2004 - 02:00.

Windows and Linux, eh? How much Windows and how little Linux?

Malware: Fighting Malicious Code

Anonymous's picture
Submitted by Anonymous on Sun, 06/20/2004 - 02:00.

That's what I was thinking. I don't want to buy a book that goes on and on about windows, reverting back to Linux every chapter or so.

Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState