BKRTKTDM.RVW 20070228 "Rootkits for Dummies", Larry Stevenson/Nancy Altholz, 2007, 978-0-471-91710-6, U$29.99/C$35.99/UK#19.99 %A Larry Stevenson @castlecops.com %A Nancy Altholz @castlecops.com %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2007 %G 978-0-471-91710-6 %I John Wiley & Sons, Inc. %O U$29.99/C$35.99/UK#19.99 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0471917109/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0471917109/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0471917109/robsladesin03-20 %O Audience s- Tech 2 Writing 1 (see revfaq.htm for explanation) %P 380 p. %T "Rootkits for Dummies" Part one outlines the basics of rootkits. Chapter one defines malware and rootkits, although many of the definitions are rather careless. For example, rootkits are defined, properly, in terms of software for hiding processes or other evidence of intrusions on the computer, but various passages in the chapter imply that rootkits are viruses or other similar malware, or that rootkits are simply any stealthy program. Resistance, recognition, and recovery are given, in chapter two, as the keys to having a resilient system. These themes are expanded in parts two to four, but the content provided in chapter two is not terribly helpful. Part two turns to resistance. Chapter three reviews intermediate level computer maintenance: many of the suggestions are beyond the capabilities of the average user. Similarly, chapter four's recommendations are good, but much of the advice would be difficult for a non-specialist to perform, and the explanations for items such as limited user accounts would not be sufficient to get them through the full process. It is always good to suggest users keep up to date with patches, but chapter five does not provide any of the alternatives to the Windows Update site. Miscellaneous measures are listed in a disorganized fashion in chapter six. Some of the material duplicates that given in chapter four, but there still isn't enough detail for the instructions to be useful for most readers. Recognition makes up part three. Chapter seven looks at various interesting means rootkits use to hide, but there is also a lot of uninformative verbiage taking up space, here. Detection, in chapter eight, is mostly restricted to advanced activities and limited information is provided to the reader. Chapter nine describes both general system tools and also software specific to rootkit detection. Although part four is supposed to be about recovery, the material is scant. An assortment of utilities, some for recovery, but a number for forensics, are described in chapter ten. Eleven covers the process of erasing the hard disk and re-installing Windows. Part five lists ten rootkits, in chapter twelve, and twelve security sites in thirteen. There is no indication as to the intended audience for this book. The material is, in most sections, far beyond the capabilities of the average computer user, and a great deal is even beyond the normal level of the average help desk worker or system administrator. At the same time, the specialist or researcher will find much of the text to be useless or superfluous, and even some of the professional class content is poorly explained for those who are not thoroughly familiar with certain utilities. The work will have some value, particularly for those in rarified fields of research, but the lack of consistency will limit that value. copyright Robert M. Slade, 2007 BKRTKTDM.RVW 20070228