Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Rootkits for Dummies", Larry Stevenson/Nancy Altholz

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Rootkits for Dummies", Larry Stevenson/Nancy Altholz
Date: Mon, 28 May 2007 21:11:52 -0800 
BKRTKTDM.RVW   20070228

"Rootkits for Dummies", Larry Stevenson/Nancy Altholz, 2007,
978-0-471-91710-6, U$29.99/C$35.99/UK#19.99
%A   Larry Stevenson @castlecops.com
%A   Nancy Altholz @castlecops.com
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2007
%G   978-0-471-91710-6
%I   John Wiley & Sons, Inc.
%O   U$29.99/C$35.99/UK#19.99 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0471917109/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0471917109/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0471917109/robsladesin03-20
%O   Audience s- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   380 p.
%T   "Rootkits for Dummies"

Part one outlines the basics of rootkits.  Chapter one defines malware
and rootkits, although many of the definitions are rather careless. 
For example, rootkits are defined, properly, in terms of software for
hiding processes or other evidence of intrusions on the computer, but
various passages in the chapter imply that rootkits are viruses or
other similar malware, or that rootkits are simply any stealthy
program.  Resistance, recognition, and recovery are given, in chapter
two, as the keys to having a resilient system.  These themes are
expanded in parts two to four, but the content provided in chapter two
is not terribly helpful.

Part two turns to resistance.  Chapter three reviews intermediate
level computer maintenance: many of the suggestions are beyond the
capabilities of the average user.  Similarly, chapter four's
recommendations are good, but much of the advice would be difficult
for a non-specialist to perform, and the explanations for items such
as limited user accounts would not be sufficient to get them through
the full process.  It is always good to suggest users keep up to date
with patches, but chapter five does not provide any of the
alternatives to the Windows Update site.  Miscellaneous measures are
listed in a disorganized fashion in chapter six.  Some of the material
duplicates that given in chapter four, but there still isn't enough
detail for the instructions to be useful for most readers.

Recognition makes up part three.  Chapter seven looks at various
interesting means rootkits use to hide, but there is also a lot of
uninformative verbiage taking up space, here.  Detection, in chapter
eight, is mostly restricted to advanced activities and limited
information is provided to the reader.  Chapter nine describes both
general system tools and also software specific to rootkit detection.

Although part four is supposed to be about recovery, the material is
scant.  An assortment of utilities, some for recovery, but a number
for forensics, are described in chapter ten.  Eleven covers the
process of erasing the hard disk and re-installing Windows.

Part five lists ten rootkits, in chapter twelve, and twelve security
sites in thirteen.

There is no indication as to the intended audience for this book.  The
material is, in most sections, far beyond the capabilities of the
average computer user, and a great deal is even beyond the normal
level of the average help desk worker or system administrator.  At the
same time, the specialist or researcher will find much of the text to
be useless or superfluous, and even some of the professional class
content is poorly explained for those who are not thoroughly familiar
with certain utilities.  The work will have some value, particularly
for those in rarified fields of research, but the lack of consistency
will limit that value.

copyright Robert M. Slade, 2007   BKRTKTDM.RVW   20070228


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
You can't wait for inspiration. You have to go after it with a
club.                                                  - Jack London
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Rootkits for Dummies", Larry Stevenson/Nancy Altholz, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] SSCP exam, shakun kumar
Previous by Thread:  [CISSP-D] SSCP exam, shakun kumar
Indexes:  [Date] [Thread] [Top] [All Lists]