Monday, October 24, 2005

Reviews of Computer Security 20 Things Every Employee Should Know, 2nd Ed, The Symantec Guide to Home Internet Security Posted

The drought has ended. Amazon.com just posted my two newest reviews. First was Computer Security 20 Things Every Employee Should Know, 2nd Ed by Ben Rothke. I gave it three stars, but I would give the next edition higher ratings if Ben addresses my suggestions. From the review:

Ben Rothke's Computer Security: 20 Things Every Employee Should Know, 2nd Ed, contains a great deal of sound advice for nontechnical employees. At least 10 tips could be eliminated by combining redundancies. I would reduce the list to the following topics:

(1) Beware malware, spyware, and phishing; (2) Protect your identity; (3) Protect the organization's data; (4) Choose sound passwords and protect them; (5) Use organization resources for authorized purposes; (6) Beware of social engineers; (7) Call the experts when things go wrong; (8) Protect laptops, PDAs, cell phones, and other mobile devices as you would corporate resources.

I also reviewed The Symantec Guide to Home Internet Security by Andrew Conry-Murray and Vincent Weafer. I gave this book four stars. From the review:

The Symantec Guide to Home Internet Security (TSGTHIS) is Symantec's latest offering in its new series of books published through Addison-Wesley. This is a very solid introductory desktop security book for home power users. This is not the book to give to your grandmother, unless she likes to tweak Windows or wants to understand differences between file infector and polymorphic viruses. With one caveat, I liked this book...

The book suffers one major flaw that robbed a star from my rating. The single most important defensive measure a home user can take is to not perform daily operations as a user with administrative privileges. Home users should not browse the Web, read email, chat in IM, write documents, or do much anything else using an admin account. Users should only assume admin level power when they need to install software or authorized Active X controls. This single defensive measure is not mentioned by TSGTHIS, but it has protected numerous customers and my family from thousands of client-side attacks.

1 comment:

Anonymous said...

This ain't funny ! It is a serious mistake.