"Of all the computer-related books I've read recently, this one influenced my thoughts about security the most. There is very little trustworthy information about computer viruses. Peter Szor is one of the best virus analysts in the world and has the perfect credentials to write this book."

—Halvar Flake, Reverse Engineer, SABRE Security GmbH

Symantec's chief antivirus researcher has written the definitive guide to contemporary virus threats, defense techniques, and analysis tools. Unlike most books on computer viruses, The Art of Computer Virus Research and Defense is a reference written strictly for white hats: IT and security professionals responsible for protecting their organizations against malware. Peter Szor systematically covers everything you need to know, including virus behavior and classification, protection strategies, antivirus and worm-blocking techniques, and much more.

Szor presents the state-of-the-art in both malware and protection, providing the full technical detail that professionals need to handle increasingly complex attacks. Along the way, he provides extensive information on code metamorphism and other emerging techniques, so you can anticipate and prepare for future threats.

Szor also offers the most thorough and practical primer on virus analysis ever published—addressing everything from creating your own personal laboratory to automating the analysis process. This book's coverage includes

• Discovering how malicious code attacks on a variety of platforms

• Classifying malware strategies for infection, in-memory operation, self-protection, payload delivery, exploitation, and more

• Identifying and responding to code obfuscation threats: encrypted, polymorphic, and metamorphic

• Mastering empirical methods for analyzing malicious code—and what to do with what you learn

• Reverse-engineering malicious code with disassemblers, debuggers, emulators, and virtual machines

• Implementing technical defenses: scanning, code emulation, disinfection, inoculation, integrity checking, sandboxing, honeypots, behavior blocking, and much more

• Using worm blocking, host-based intrusion prevention, and network-level defense strategies

© Copyright Pearson Education. All rights reserved.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 24 Ratings

A Must-Read on Computer Virus - 2005-08-12
Reviewer Rating:
I was wondering in the bookshop trying to find some in-depth books on Computer Virus and Network Security and suddenly I came across this book. In a few pages the book lit up my eyes and the author successfully attracted my attention and I was simply amazed by his solid background and rich knowledge and also his effort in presenting all the materials in an orderly and logical way that has successfully flatten the learning curve for people fresh to the area.
Well, some people may complain that this is a disappointing book in that it hasn't gone far enough to illustrate the necessary virus writing skills and they believe only in this way can one speciallized in virus defense benefit most. Again, this is not the truth as far as I see. If one simply want to write virus by following existing codes he can only gain a narrow horizon by focusing upon one or two popular virus. But as the old idiom goes, you will miss the forest by seeing a tree only. New virus are produced by those high-intelligent poeple everyday and promises to continue to come in the forseeable future. New technologies too, emerge and then disapper with the patch or hot fixes. But as long as you have a comprehensive knowledge of the basic of virus research and defense you will never lose in this battle against virus. I think the author has trying to model his book to be some thing beyond the mere technology collection but to present to us how one might equip himself with the fundamental knowledge of the virus's history, main ideas, or even try to give definition in some places. So this is why the author names his creation to be "Virus research & defense" instead of "virus writing & defense". And as far as I see, his attempt has been a huge success.
And what's more, even for people who are crazy about writing virus this book is not such a disappointment. It incorporate many code snippet into the book and these code has actually reveal the dark side of the virus and one smart enough and with some knowledge in coding will be able to rebuild the complete viruses. Those who complain about the lack of virus writing skills might better try to figure out the reason in themselves. Anyway, there are a lot of sample virus within your easy reach on the internet. So why take the trouble to reproduce it here?
And finally I would like to show my thanks for the great effort Peter has spent on this book. For me this book has brought to me great pleasures and it has helped to orgnize my knowledge about computer virus in a more systematical manner. For those either new to the area or those professionals this is a must read and you shouldn't miss it.

Excellent Source of Information - 2005-10-14
Reviewer Rating:
As a relative amature in the subject of computer viruses, this book was very helpful. With a little background in basic computing, you can easily understand this book. The book starts off simple virus from back in the day, describing the first viruses to appear. The book then goes into detail about the more advanced forms of virus infections and viruses to appear on more modern systems. After reading the book, i came away with a new respect for the art of self replicating code (aka Virus), and the techniques that virus researchers use to develop software to protect your PC from these threats.

The virus researcher's Bible - 2007-12-07
Reviewer Rating:
Peter Szor's book is definitely THE book any aspiring anti-virus researcher and computer security professional must read. It is very broad and information-packed, covering just about every single important aspect of computer viruses and anti-virus research. The book is very technical which, from my point of view, is a big plus - although beginners might find some parts of it daunting. This is definitely no "viruses for dummies" book. In the field of computer viruses and anti-virus research, this book is what Donald Knuth's Art of Computer Programming, The, Volumes 1-3 Boxed Set (2nd Edition) (The Art of Computer Programming Series) is for computer scientists.

The only gripe I have is that it is perhaps not deep enough. While every important aspect of viruses and anti-virus defense is covered, some of them are not covered deeply enough. This is not the author's fault but the publisher's. Originally, the author intended to write two separate volumes (one dedicated to computer viruses and one dedicated to anti-virus defenses), covering in depth every aspect of these two areas. However, the publisher imposed size restrictions on him. Although the book is rather thick (700+ pages), the space is still not enough to cover in sufficient depth every important aspect of this field.

However, each chapter contains references for further reading and the interested reader can do their own research of the aspects that are not covered deeply enough.

In summary: excellent book, useful both as a textbook and as a reference. Great read, information-packed, useful. Just don't expect to find any "how to write a virus" recipies there - fortunately, the author went to great lengths to avoid them.

Complicated, Confusing - 2009-06-21
Reviewer Rating:
This book as a lot of good information, but it is seems to be more difficult than it should be at times. The examples are based in x86 ASSEMBLER. So if you don't have a clue about x86 assembler, it's going to be difficult.

The book does NOT show the code to infect programs, just what it looks like before the infection and after the infection. I understand why. If it included the code, it would be a manual about how to write viruses. Clearly, we don't need one of those. But, it does make the descriptions more obtuse than they would need to be if it just showed the code.

There are several typos in the book, but most of them are easy to overcome.

--
My big complaint is the physical book itself. The binding is not good, and the pages are starting to come loose from the spine.

Fried Air - 2008-05-29
Reviewer Rating:
Computer viruses are code. And this waste of paper would want to be a book on computer viruses without any viral code? You must be kidding me....

Browse Similar Topics

Top Level Categories:
Networking

Sub-Categories:
Networking > Security