BKLUDWIG.RVW   930112

Book Review - The Little Black Book of Computer Viruses, Mark Ludwig

Let us make it clear, from the very beginning, that this is not a book which is
going to help you to protect your computer against viral programs.  This book
is not really even, as stated in the Introduction, *about* viral programs. 
This book is written to help the person who wants to write a computer virus
under MS-DOS.

Excerpt from the cover letter received with the review copy of the book:

     "Please note that most of the official reviews of the book have been
     either negative or controversial ...  It seems that for the most part,
     the computer press is all too ready to take their cues from the self-
styled anti-virus experts, who hate the book because it gives away
     their secrets.  This is a classic case of an insider's group trying to
     control people for their own benefit.

     "I would really like to see a review that was more than just another
     whitewash - a real attempt to see what people who read the book think
     of it.  Find out why the Writer's Foundation of America named this the
     best computer book of 1992!"

Well, Mark, you get your wish.  This review certainly isn't going to be any
whitewash ... at least, not of you.

It is very difficult to know where to begin this review.  What do you say about
a book which has a very important message ... and says it so very, very badly?

As you can see from the excerpt above, Mark Ludwig might be considered just a
tad paranoid.  One suspects that he has reason.  There are a considerable
number of people to whom the very thought of the writing of viral programs is
anathema.  The one positive contribution of the book is the challenge to
consider the possibilities of the benefits of viral programming.

Viral programs have a potential for extraordinary power.  The famous Xerox Worm
was, after all, an experiment directed at using the otherwise wasted resources
of networked machines.  The ability of viral programs to reproduce is as great
a jump as the ability of parallel processing machines to overcome the von
Neumann bottleneck.  In addition, although many viral programs are either
hostile or a nuisance, it is not automatically true that self-reproduction must
be evil.

However, the potential "merits" of viral programs have been argued before. 
Others, notably Dr. Fred Cohen, have put significant work into the field. 
(Substantially more, it should be noted, than Ludwig demonstrates.)  Viral
programs would appear to have many possible uses, particularly in a
"distributed" computing environment.

It has not yet been conclusively demonstrated, though, that viral programs can
be safely used in an uncontrolled environment.  Viral programs *must* change
the computing environment in some way.  It is inherently impossible to
determine in advance what will be "safe" and what won't.  It might be stated
that a certain program, whether viral or not, can be safely used in a
"standard" computing environment, but anyone who has had anything to do with
software development knows that the phrase is meaningless.  As only one
example, it is "well known" that MS-DOS is a "single tasking" operating system. 
I am writing this on a very old MS-DOS machine.  There are currently two
different TSR programs running, I have "shelled" out of a third "disk manager"
in order to use the word processor, and I occasionally "shell" out of the
editor in order to look up reference material.

The major problem with Ludwig's book, however, is not the difficulty of
defending his premise that viral programs should be accessible.  Both his
defence, and his book, have major shortcomings.

The volume received is labelled as volume one of three.  However, although more
than two years have passed since it was published, volumes two and three are
conspicuous by their absence.  This is a pity.  Volume two, supposedly a
discussion of "artificial life", looks particularly interesting in the blurb it
is given in the Introduction to this book.  However, given the general quality
of volume one, it might be a bit beyond Ludwig's scope.

In the Introduction, Ludwig attempts to justify his promulgation of viral code. 
First he states that viral programs are not necessarily destructive.  Then he
says that viral programs can be used to fight against the elite upper classes. 
Needless to say, his arguments are not very persuasive.

Most importantly (and probably fortunately so) Ludwig's information just is not
that accurate.  This is not someone who has been in the mainstream of virus
research.  (This may account for the frustration of his diatribes against
"anti-virus experts".)  Even his vocabulary seems a bit odd, using the word
"extent" to refer to what everyone else calls filename extensions, and a
definition of "worm" which is almost diametrically opposite to that of the
mainstream.

There are nuggets of information in the book.  There are even some premises
which, at first glance, seem to have some merit in explaining viral operation. 
Ultimately, though, one finds that the valuable data is available in many other
sources and that the explanations are only superficial.  In the words of one
particularly cruel editor, the book is both good and original, although the
parts that are good aren't original, and the parts that are original aren't
good.

The book does not cover any material that is not relevant to MS-DOS.  There is
no mention of any other operating system, and really no discussion of the
general principles of viral operation.  That material which is of value is
related to MS-DOS program structure but, interestingly, stops short of a full
explanation many times, with reference to other well-known MS-DOS programming
texts.

To give credit where due, it must be said that the few commented assemblies
listed in the book are far superior to those included in Ralph Burger's book. 
Not only is the code fully and completely commented, but many parts are used as
examples in the general discussions.  Unfortunately, Ludwig also gives "hex
dump" listings of the programs.  It is difficult to see the justification for
this, as no skill or understanding is required in order to turn these listings
into working viral code (although the typing involved might be tedious).

In the end, though, it appears that Ludwig's book, although controversial, has
made little difference to the viral arena.  The viral programs he lists cannot
be said to be successful.  In more than two years, none of them have become
widespread "in the wild".  It may be that everyone who has purchased the book
has been responsible for ensuring that the code never "escaped".  Since the
likelihood of this is very slight, one is forced to the conclusion that the
viral code isn't very good.

copyright Robert M. Slade, 1993   BKLUDWIG.RVW   930112
 
======================
DECUS Canada Communications, Desktop, Education and Security group newsletters
Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733
Author "Robert Slade's Guide to Computer Viruses" (Oct. '94) Springer-Verlag