Jan Hruska
Ellis Horwood, p.224
ISBN 0-13-036377-4
1992
Given the relationship between Hruska, Sophos, and Virus Bulletin, the similarity of material which also appears in "The Survivor's Guide to Computer Viruses" is not terribly surprising. We have the identical Virus Bulletin virus reports (frequency of total reports), the same interest in the AIDS Information diskette scam, the same vendor list (also without product information), the same insistence on calling the virus everyone else knows as Stoneed by the term, "New Zealand", and the same MS-DOS only emphasis.
There is no statement as to the intended audience for the book, but it seems to be directed at that very small segment of the population who are interested in computer virus research. Unfortunately, and very oddly, much of the material in this book is of as much use to the virus writer as to the antiviral researcher. There are no full virus samples in the book, but there are handy snippets such as a simple encryption scheme, a master boot record extractor and a chunk of the dBASE virus, with full instructions for turning it into a disk killer.
Those lowly souls who wish merely to protect their own systems may not be lost by this book, but will very probably be bemused by it all. There is a short but helpful (to the virus writer) section on disassembly of a virus. Two paragraphs are devoted to explaining how to use the DEBUG program to write your own code to extract the master boot record for examination. There follows the off-hand comment that the same thing can be done with common utility programs. The hygiene rules for reducing the risk of virus infection include the usual lame points regarding BBSes, shareware, and public domain programs. Recommended is a setup to "quarantine" a workgroup from outside disks (surprise, surprise: Sophos makes software to support this) and change detection antiviral software (surprise, surprise: Sophos makes such a program).
The book is good at the basic technical explanations. How viral programs function, and how antiviral programs function, are clearly set forth in basic terms. Most of the illustrations and figures are helpful, although some are extremely puzzling. (The inclusion of the full text of a virus source code opening comment seems to have no justification, nor does the highlighting of portions thereof.) An examination of Novell operations and testing against viral programs is probably a useful inclusion. As long as Hruska sticks with technical details, he's fine.
Given the names mentioned in the acknowledgements, parts of the commentary are very odd in their departure from general understanding within the research community. Hruska speaks of the recent rise of "network aware" viral programs. (I can recall, and he gives as an example, only one.) There is mention of a media sensation over the BRAIN virus in 1986; I don't recall any such thing. Early viral programs from 1987 are contrasted with more recent, destructive, viral programs; both Lehigh and Jerusalem caused erasure of materials. The ABC News report of the mythical Desert Storm/Iraqi printer virus is mentioned as barely believable, even though the story had been utterly debunked months before the book was written.
Chapter five, Who Writes Viruses, is astonishing. Hackers are defined as being "analogous to drug addicts". Then there are freaks, who have "serious social adjustment problems". University students are linked to software piracy. Employees are mentioned, even though employee "attacks" usually utilize insider knowledge which viral programs don't need. Computer clubs are mentioned (I get the impression Hruska is *not* a joiner) as are terrorist organizations. All of these profiles are caricatures, if not outright fabrications. Ultimately, this entire section is not only useless, but promotes misunderstanding of the situation by fostering false images. Virus writers tend to be self-important and irresponsible - but they aren't freaks (and they generally grow out of it).
For those with antiviral policies and procedures already in place, this work has a position in ongoing study and development. (R. Slade)