Posted by on Sep 16, 2019
Security researcher Paul Baccas reviews 'Cyberdanger: Understanding and Guarding Against Cybercrime' by Eddy Willems
Title: Cyberdanger: Understanding and Guarding Against Cybercrime |
This was a difficult book to review for two reasons – first, because I know Eddy from the conference circuit, and second, because it was not without flaws. Many, if not all, of the flaws are probably due to the editing and translation (this is an English translation from the original Dutch), but I have a feeling that the book would have been better had it been either been longer (it struggles to cover everything), or else shorter and tighter.
The book has an introduction and a familiar three-part structure. There are no appendices or footnotes, making it different from other books I have reviewed here. We are introduced to the author in his inimitable, friendly and frenzied style before starting the 12 chapters of content.
The first part, consisting of the first two chapters, concerns itself with a short summary of the history of malware and a description of the people who write malware.
The second part – the next four chapters – is concerned with the current dangers on the Internet, the types of threat actors (nation-state actors, hacktivists, criminals, etc.), anti-virus companies and associations, and types of threats.
The third and final part provides some practical advice and recommendations, with a final thought on the future.
The book is rounded off in the 13th chapter with a short techno-thriller which, while entertaining, is not quite up to the standards of Mark Russinovich (1, 2, 3, 4) or Daniel Suarez.
The content of each chapter is self-contained and probably should be read piecemeal. Indeed, the book's structure is more like a set of articles with a structure imposed from above than a book built from the ground up. Eddy himself says:
"Many of the views I hold, and tactical tips as expressed in this book, were drawn from [...] blogs."
This means there is some repetition, for example between the first chapter, 'Thirty Years of Malware: A Short Outline', and the chapter on 'Today's Threats' in the definitions. Later, the importance of patching and backing up is repeated, and while I think we can all agree that they are important, the manner in which you repeat things is crucial.
That said, you can feel the author's love and knowledge of the subjects coming through the pages. He has obviously enjoyed his 30 years in the industry and is looking forward to the next 14.
This is the first security book on the subject of malware that I remember being written by an AV industry insider. The computer security field, is very broad and diverse, ranging from anti-virus to encryption, hardware to software, bug hunters to pen-testers. Everyone has an opinion on malware and the anti-virus companies, and most appear to denigrate AV and lionize others: malware authors or independents. This is probably because it is difficult to like the faceless multi-nationals. Eddy's opinions and insights are a refreshing change, working as he has in industry and with government, and he presents the softer face of the AV industry.
What really makes this book are the vignettes scattered through the pages like flowers in a meadow, whether his own ('the story of the Saudi airport') or others articles from industry stalwarts such as Righard Zwienenberg and even Graham Cluley. The book will find an audience in those entering the computer security field or those who wish to know slightly more about the inside of the AV industry and don't have 30 years to spend immersed in the day-to-day grind.
At VB2019, Eddy Willems will present a paper, co-written with ESET's Righard Zwienenberg, on how the same security events keep occurring, drawing on the experiences of 30-years of working in this field. VB2019 takes place in London 2-4 October - register now!