Book Reviews and Papers
Updated: 3 Feb 2014
I am now participating in O'Reilly's Reader Review program so I hope to have a lot more reviews posted here as time goes on.
Review of Spyware and Adware
by John Aycock
145 pages, Hardcover
Spyware and Adware are two of the most common threats that internet users have to deal with. Anyone who has dealt with the surprisingly malicious, but generally real-looking, "Your computer is infected" popup has experienced this first hand. These types of programs can execute tasks ranging from the monitoring of online browsing habits to the malicious harvesting and transmitting of a user’s personal data. Additionally, even if these programs aren't profiling users or stealing information, they can be equally malicious by using up a large portion of a system’s resources, rendering that system almost completely inoperable.
Spyware and Adware, written by John Aycock, is a book published by Springer and is part of an 85-book series "Advances in Information Security." This particular title in the series is a reference to the definition, characteristics, and actions specific to today's most common spyware and adware. Aycock uses this small sized book to present a large quantity of data on this topic. He divides this information between nine chapters that are organized in a logical manner. This organization begins with an introduction and discussion on how these programs can get installed and how they behave, while moving through topics such as "phoning home" and "tracking users." Chapters 2 through 8 present the bulk of the material.
"Getting There" is the title of chapter 2 and this is an informative discussion on how spyware and adware can be installed and executed. The installation methodologies discussed include those of voluntary installation, drive-by downloads, and installation through other malware. The second focus of this chapter is that of the execution of these programs, which can be as covertly started during kernel startup, or started by a well-intentioned mouse-click in an infected GUI screen. It is worth noting that while there are some complex topics in this chapter, Aycock uses a style of writing and illustrations that allow for an ease of understanding. Chapter 3 discussed the logical follow-on to the installation and execution chapter, which is that of avoiding detection or, "Staying There." Aycock discusses some of the methodologies used to avoid detection by the user as well as some of those methods used in avoiding detection of anti-virus/anti-spyware programs.
Chapters 4 through 8 discuss the actual primary activities of spyware and adware. Chapter 4 presents informative information on key logger, software (and sometimes hardware) that captures and records the order and value of each keyboard key pressed by the user. These applications have been effective over the years with providing a means to garner usernames and passwords, in addition to possible financial, corporate, or private information. Key loggers have been a commonly malicious tools used to gather information to send back to someone with generally criminal intents. Chapter 5 describes the way in which this information can typically leave the users home or work computer: "Phoning Home." Phoning home is the term used to describe the activity of adware and/or spyware communicating back to a location controlled by someone other than the user. As described by Aycock, there are four general aspects to phoning home: Push/Pull, steganography, finding "home," and defense of information leakage. Pushing is a method in which spyware transmits user information back to, who Aycock names as, the "adversary." Pulling is the opposite action in which the adversary will establish a connection with the spyware on the user's machine and subsequently attempt to exfiltrate date back to the adversaries location. Aycock tackles steganography, the art of hiding information in graphic, with relative ease. Steganography can be a rather complex topic but Aycock uses simple to understand illustrations and figures that really compliment his discussion on the topic. After discussing steganography, the discussion in chapter 5 moves to "Finding Home." There are multiple methods that spyware can use to find its "Home." Aycock presents a quick discussion on some of the more common tactics such as changing/overwriting the hosts file and "fast-flux" DNS lookups. Fast-flux is a term used to describe the logic used in the spyware to quickly cycle through a large(r) number of IP address to communicate with. Chapter 5 concludes with a discussion of protection against information leakage, which is the over-arching term describing the unauthorized movement of user information to the adversary.
Chapters 6 and 7 address adware specifically. Chapter 6 deals with the specific types of advertisements, such as annoying pop-ups, Tear-backs, and banners. Adware is not generally illegal, but, as Aycock points out: "it enjoys enough of a poor reputation that mainstream advertisers may always avoid its use." Aycock spends a larger amount of his efforts in this chapter and the next, which is probably due to a belief that two parties are involved in advertisement: the advertiser and the user. It is in the beginning chapter 6 that Aycock discusses advertisements from the user's perspectives. The differences in implementations are actually discussed in Chapter 7.
Chapter 8 is the final discussion in Aycock's book before his summation in Chapter 9. It is here in Chapter 8 that he focuses on methodologies for tracking users. In this discussion Aycock presents one of the better explanations on cookies, how they are used, and the privacy implications. Following the detailed explanation on cookies are some smaller discussions of other methods to track users such as Cascading Style Sheets (CSS's) and third-party tracking sites. What readers may find of interest here are the short discussions on Social Networks (Facebook, MySpace, etc) and Physical Location. In the case of physical location, Aycock makes the reader aware reverse geolocation.
Aycock begins Chapter 1 with: "Most of us don't parade around nude". Although he is using an analogy here to open the discussion of privacy, his apparently relaxed approach makes this book open to a larger audience base than the "usual" technology books in print today. Point in fact, Aycock's style throughout this work his would allow for an audience ranging from a high-school aged computer novice to an experienced computer science professor. In summary, Spyware and Adware is a well-written book that stays on focus and presents the reader with easy-to-understand explanations of each of the sub-topics. As someone who has worked network security for almost 15 years, I still found this book to be educational and accurate and I would recommend it to anyone who has even a slight interest in the topics of adware and spyware.
Review of Coding for Data and Computer Communications
by David Salomon
Reviewed for: ACM SIGACT News, Dec 2010, Vol. 41 No. 4
David Salomon, a professor at California State University Northridge, produced his tenth book as an attempt to explain the three factors that affect the storage and transmission of data: Time (source coding), Reliability channel coding), and Security. Specifically, this book focuses on the different coding methods used to address these three factors. For the casual reader or new computer science student, this book is NOT about programming source code. The most appropriate target audience for this book is anyone involved in the computer science field, with the caveat that the reader should have some understanding of topics such as finite state machines and binary trees.
To summarize this book in non-technical terms: this book is very Intensive! The amount of material that Salomon covers is enormous, ranging many specific topics dealing with coding. However, Salomon does an excellent job in that he stays on topic without delving deep into underlying principles.
This book is logically organized into three main sections: Part I: Channel Coding (Chapters 1 and 2), Part II: Source Code (Chapters 3,4,5), and Part III: Secure Codes (Chapters 6 through 15). In addition to the primary sections of the book, there is a fourth section: Part IV: Essential Resources (four appendices). In addition to having its logical structuring, the book uses more than an adequate number of diagrams, figures, and MatLab code in order to present the reader with strong visual depictions of the related topic.
Part I focus on channel coding. In these two chapters, Salomon discusses the coding methods used for both error control (chapter 1) and error detection (chapter 2). The discussions in this section move relatively quickly as Salomon purposely avoids (throughout the entire text) the use of in-depth mathematical explanations. While these two chapters discuss multiple coding methods, the focus is primarily placed on Hamming codes (including a little mini-biography of Richard Hamming). Any student of computer science should find these two chapters interesting, either as a review, or an introduction to a topic that can be found throughout many disciplines of computer science.
Part II discusses source codes in the form of statistical methods (chapter 3), dictionary methods (chapter 4), and image compression (chapter 5). Source codes deal with the compression of data by the reducing of the number of bits of a data file. Source coding is also referred to as data compression and is most commonly recognized as the algorithms used in graphical data files. This section does tend to move a little deeper into theory, but not so much as to confuse a reader from the targeted audience. Salomon makes good use of trees in this section to explain methods such as the Huffman method and the LZ78 Dictionary Tree.
The quality of an algorithm is equally important as its cost of use. Salomon appears to subscribe to this theory in that he not only explains these methods, but also includes methods used for error metrics in Part II.
Part III is, by far, the most intensive section of the text. This section is comprised of ten chapters that are devoted entirely to secure coding. This section covers in-depth the methods used in securing coding. As with any discussion of secure coding, Salomon begins this section with the Caesar Cipher, a simple rotated alphabet cipher. Moving from Caesar Ciphers to the use of Steganography for data hiding, Salomon takes the time to explain a number of different secure coding methods. His discussions in this section should be of particular interest to anyone interested or involved in information security.
In all three of these parts of the text, Salomon makes an effort to present both the pros and the cons of each method. This allows the reader to have a better understanding of how to choose a particular method to t a coding need. Additionally, this balanced explanation of methods tends to show that Salomon, who is a known veteran in the computer science arena, does know his subject matter and has made an attempt to pass this wealth of knowledge on to anyone who may be inclined to read this text.
Throughout the first three sections of this book, Salomon presents the reader with many exercise questions that are designed to encourage the reader to not only understand Salomon's explanations, but to go further and do more research on a topic. It is in Part IV that Salomon provides the answers to these exercise questions, relieving a frustration not readily available in a large number of computer science textbooks. Part IV also contains some other vital information in its appendices.
Appendix A is a four-page discussion of symmetry groups that is presented well to the reader. Appendix B is a review section, or introduction for some, to Finite fields. Finite fields are used in conjunction with a number of methods discussed throughout the book, so this review appendix proved helpful while reading more than one section. Appendix C is a short but accurate discussion on Cyclic Redundancy Codes and Appendix D provides, in the form of projects, a little more challenge than the exercise questions found in the text. The projects themselves range from short tasks to more detailed tasks that will require the reader to look further and serve the purpose of reinforcing the methods discussed in the text, how they work, and, most importantly, how to use them these methods.
It is my opinion that any individual involved with information theory, information systems, or information security will benefit from a study in this book. Salomon does an excellent job in covering the methods used to solve data storage and communication problems, and does so with an understanding that not every method can t every situation.
The structure of this text, as well as the exercise questions throughout the chapters and the suggested project questions in the appendix easily allow for this book to be utilized as a textbook for a third or fourth year undergraduate student. However, even a seasoned veteran of computer science should find helpful and useful information about coding while reading this text.
Review of TCP/IP Architecture, Design, and Implementation in Linux
by Sameer Seth, M. Ajaykumar Venkatesulu
Reviewed for: ACM SIGSOFT Software Engineering Notes Sep 2010 Vol. 35 No. 5
TCP/IP Architecture, Design and Implementation in Linux is written by Sameer Seth and M. Ajaykumar Venkatesuu, and published by Jon Wiley & Sons, © 2008, 978-0470-14773-3, 772 pp..
As the title indicates, this book is about the architecture, design and implementation of the TCP/IP protocol in the Linux kernel. The book starts with a general overview of both the TCP/IP stack used in the Linux kernel as well as the stack itself, and then progresses in a relatively logical form. This progression begins with a more in-depth examination of the kernel implementation, basic to more advanced TCP details, and then moves on to discuss the IP implementation and design.
Throughout this book there are a large number of examples of the code (in C) used to implement the functions, buffers, timers,etc., being explained. In addition to the code snippets used in this book, there are a considerable number of diagrams that do an excellent job of detailing state changes, timing relationships. These listings and figures are probably the best and most accurate portion of this book.
The actual text of the book is, at best, difficult to read. Improper verb forms that are found throughout the text, especially of the “Be” verb, will add a level of frustration to anyone but the most patient of readers. Additionally, I found two other anomaly types present in the text. The first of these is the lack of consistency between the author’s stated target audiences and the acronyms used throughout the text. The authors presented their target audience in terms that were somewhat vague, requiring the reader to decide what technical level each target group should possess. Furthermore, the author’s appear to make an assumption that readers (at least those from the target audiences) will understand all of the acronyms used, because the authors did not explain multiple acronyms that are used in the text; these were not well-known acronyms and could lead to some confusion for the reader.
The other concern that presented itself during this review was the appearance of a number of ambiguous or contradictory statements pertaining to important points of a specific topic. The presence of these types of errors throughout the book only serves to remind me that this subject matter is extensive and that precise statements must be utilized when trying to explain how the Linux kernel makes use of the TCP/IP protocol.
The authors did an excellent job of compiling and shaping the information on the subject and should be commended for this work. However, the grammatical errors (verb forms as well as errors on words that should be pluralized), coupled with both the ambiguous and contradictory statements lead to the only logical
conclusion: this book should not be utilized until a full review and correction/new edition is released. The effort required to read this book in its current state would most likely cause confusion for students and even to some IT professionals.