The Myths of Security

  • ISBN13:


  • ISBN10:


  • Edition: 1st
  • Format: Paperback
  • Copyright: 2009-06-29
  • Publisher: Oreilly & Associates Inc

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $29.99 Save up to $7.50
  • Buy Used


Supplemental Materials

What is included with this book?


"The Myths of Security" takes you to the inside of the professional security world. Covering topics ranging from anti-virus software to the NTSA, this book is provocative, insightful, and always controversial. Is OS X really more secure than WIndows? What are antivirus vendors really thinking about? What does anti-virus software actually accomplish, and is a poor solution better than no solution at all? How do black-hats plan their careers? Why don't computer users care about privacy? What's does the future hold for the security industry? Written by a long-term veteran of the security industry, this book is the ultimate insider's guide.

Author Biography

John Viega is CTO of the Software-as-a-Service Business Unit at
McAfee, and was previously Vice President, Chief Security Architect at
McAfee. He is an active advisor to several security companies,
including Fortify and Bit9, and is the author of a number of security
books, including Network Security with OpenSSL (O'Reilly) and Building
Secure Software (Addison-Wesley).

John is responsible for numerous software security tools and is the
original author of Mailman, the popular mailing list manager. He has
done extensive standards work in the IEEE and IETF, and co-invented
GCM, a cryptographic algorithm that NIST (US Department of Commerce)
has standardized. He holds a B.A. and M.S. from the University of

Table of Contents

Forewordp. ix
Prefacep. xiii
The Security Industry Is Brokenp. 1
Security: Nobody Cares!p. 5
It's Easier to Get "Owned" Than You Thinkp. 9
It's Good to Be Badp. 19
Test of a Good Security Product: Would I Use It?p. 25
Why Microsoft's Free AV Won't Matterp. 29
Google Is Evilp. 33
Why Most AV Doesn't Work (Well)p. 41
Why AV Is Often Slowp. 49
Four Minutes to Infection?p. 55
Personal Firewall Problemsp. 59
Call It "Antivirus"p. 65
Why Most People Shouldn't Run Intrusion Prevention Systemsp. 71
Problems with Host Intrusion Preventionp. 75
Plenty of Phish in the Seap. 79
The Cult of Schneierp. 87
Helping Others Stay Safe on the Internetp. 91
Snake Oil: Legitimate Vendors Sell It, Toop. 95
Living in Fear?p. 99
Is Apple Really More Secure?p. 105
Ok, Your Mobile Phone Is Insecure; Should You Care?p. 109
Do AV Vendors Write Their Own Viruses?p. 113
One Simple Fix for the AV Industryp. 115
Open Source Security: A Red Herringp. 119
Why SiteAdvisor Was Such a Good Ideap. 127
Is There Anything We Can Do About Identity Theft?p. 129
Virtualization: Host Security's Silver Bullet?p. 135
When Will We Get Rid of All the Security Vulnerabilities?p. 139
Application Security on a Budgetp. 145
"Responsible Disclosure" Isn't Responsiblep. 153
Are Man-in-the-Middle Attacks a Myth?p. 163
An Attack on PKIp. 167
HTTPS Sucks; Let's Kill It!p. 171
CrAP-TCHA and the Usability/Security Tradeoffp. 175
No Death for the Passwordp. 181
Spam Is Deadp. 187
Improving Authenticationp. 191
Cloud Insecurity?p. 197
What AV Companies Should Be Doing (AV 2.0)p. 203
VPNs Usually Decrease Securityp. 213
Usability and Securityp. 215
Privacyp. 217
Anonymityp. 219
Improving Patch Managementp. 221
An Open Security Industryp. 223
Academicsp. 225
Locksmithingp. 227
Critical Infrastructurep. 229
Epiloguep. 231
Indexp. 233
Table of Contents provided by Ingram. All Rights Reserved.

Rewards Program

Write a Review