========================================================================= Date: Mon, 22 Aug 1994 10:42:37 -0600 Sender: Small Computing Systems Software Issues Discussion List From: "Rob Slade, Ed. DECrypt & ComNet, VARUG rep, 604-984-4067" Subject: "The PC Virus Control Handbook" by Jacobson BKPCVRCH.RVW 940602 Miller Freeman Publications, Inc. 500 Howard Street San Francisco, CA 94105 "The PC Virus Control Handbook", Jacobson, 1990, 0-87930-194-5, U$24.95 As well as being dated, this is a very uneven book. Significant portions are concerned primarily with promoting certain products; others seem to have been added quickly in order to round out the text. Still, it does have some good points, even today. Chapter one is a purported overview of virus technology. Starting with a definition that includes only file infecting viral programs, it then launches into a very lengthy, and very technical, discussion of the boot process, boot sector and partition boot record. There are indications that the material for this second edition wasn't edited very carefully when it was updated from the first. An example is the promise to define four types of viral programs-- followed by outlines of *five* types. Chapter two is basically a listing of viral programs, but the identification checklists, based upon symptom, may be helpful. Again, there are indications that International Security Technologies (IST) was primarily concerned with file infectors and added the boot sector material as an afterthought. (Having denigrated virus naming conventions in favour of the IST numbering scheme earlier in the book, the boot sector virus IDs seem to be listed in a remarkably "alphabetical" order.) Chapter three is probably the best part of the book. This is a step-by-step guide for investigating and disinfecting a suspected virus infection. It relies very heavily on the Virus-Pro and McAfee programs, but, if you can understand the generic types of these specific programs, the guide is very detailed and useful. It is, however, amusing to note that the book makes much of "stealth" viral technology, but fails to use the "self-cleaning" feature of such programs. Chapter four is a sample policy and procedures document. Unfortunately, without additional discussion and background, readers may not be able to make the necessary modifications to fit their own situation. A closing bibliography is sadly out of date (and heavily biased). While the price may seem a bit high, for the sake of one chapter, the detailed disinfection procedure in chapter three may be worth it. Certainly, those with a major responsibility for corporate protection may wish to use it in building their own guides.