BKUMASSC.RVW 930817 International Security Technology Inc. 99 Park Avenue, 11th Floor New York, NY 10016 212-557-0900 fax: 212-808-5206 "Using McAfee Associates Software for Safe Computing", Jacobsen, 1990 70732.270@compuserve.com There are many books which are aimed at helping you use specific commercial programs. Usually, however, such books are either targeted at "dummies" or purpose to reveal secret or undocumented features. The title here seems to suggest both a generic goal, safe computing, and a specific means. Those "in the know" of course, realize that safety here is being limited to protection against viral programs. Certain other works have been associated with the company named here, and have resulted in rather unfortunate products. In the Foreword and Preface we see the game "rah, rah" chauvinism. It is, therefore, a rather pleasant surprise to find that chapter one, in defining viral programs, doesn't do a bad job. A computer virus is said to execute with other programs, but that explanation is immediately extended with a lucid and factual account of the boot sequence on MS-DOS computers. It even distinguishes between the boot sector and the master boot record (although Jacobson loses points for referring to the MBR as the partition table.) The rigorous will find errors in the first chapter. Program infection is shown strictly in terms of an appending virus. Although FAT or system viri (referred to as "cluster-point") are described, companion viri are not. The statement is made that "viruses may include a Trojan Horse": the definition is that of a trojan, the examples are clearly logic bombs. Chapter two is entitled "Planning a Virus Control Program". This would seem to be concerned with establishing the level of risk for a company and producing policy and procedures for virus protection. Unfortunately, the detail included here is very sparse. Some extremely broad guidelines are given, but the reader is literally left with more questions than answers after reading this chapter. Eventually a companion volume by the same author is mentioned as dealing with the details. At the beginning of chapter two one is told that chapter three, "Virus Prevention Techniques" gives the answers for protecting a single computer. Rule one: write protect everything. Rule two: Buy SCAN. Rule three: buy *more* SCAN. Rule four: have extra copies of SCAN around (be sure to buy extra licences.) Chapters four to seven are basically reworkings of the documentation for VSHIELD, SCAN, CLEAN and the network uses thereof. One immediately asks, of course, which version was used. One is not immediately answered: chapter eight indicates, and nine supports, the presumption that version 85 was used. In the mailing with my review copy I received a letter indicating that update files are produced. The files, USINGxxx.ZIP, where xxx is the version number, are stated to be available on the McAfee BBS and the McAfee forum on Compuserve. Apparently the updating is not constant: the "current" version of the McAfee products, as this was received, was 106, and had been for some time. According to the letter, the "current" version was USING102 and USING106 was due out shortly. Chapters eight and nine tell you how to get technical support, first, and a copy of the program, second. The answers are to call the McAfee BBS, the McAfee Compuserve forum, or call McAfee Associates and buy it. An order form for the McAfee products is bound into the back of the book: it will surprise no one that the publisher of the book is a McAfee agent. Chapter ten is entitled "The Ten Most Common Viruses". Those familiar with the sometimes unfortunate accuracy of the VSUM lists will recognize the entries. In a listing at the end of the chapter, BRAIN and Stoned are included in a list of "stealth" viri which can cause "catastrophic damage" or "cause all files to become infected during the scanning process". Essentially, what you have here is printed (and dated) documentation for the McAfee programs. Since the functions of the programs change less frequently than the scan strings, most of the material is still relevant. Problems can be checked against the current McAfee documentation. As such, this may be a useful book, fairly reasonably priced considering the cost of the programs themselves. One shortcoming is that the network section still relies on the combination of stand-alone software: the NLM versions are not mentioned. In contrast to most "third party" books, though, there is little here that will either change the performance or ease the use, of the product under discussion. copyright Robert M. Slade, 1993 BKUMASSC.RVW 930817 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" (Oct. '94) Springer-Verlag