Zero day: a novel


Paul Baccas

Sophos, UK
Editor: Helen Martin


VB usually reserves book reviews for factual books dedicated to the subject of information security. This month, however, we break away from tradition to review a piece of fiction written by renowned Windows systems internals expert and Microsoft Technical Fellow, Mark Russinovich.

Title: Zero Day

Author: Mark E. Russinovich

Publisher: Saint Martin’s Press Inc. (4 Jan 2011)

Pages. 336 (hardcover)

ISBN-13: 978-0312612467

RRP: £17.99 (hardcover)

Before I start, let me say that I am an omni-lector (reader of all), and while thrillers are not usually my genre of choice I do, on occasion, enjoy them. When Virus Bulletin asked me to review a thriller I was happy to oblige and awaited its arrival with a mixture of excitement and apprehension.

The arrival of the novel coincided with a few days of unusually warm spring weather and I was afforded the rare luxury of some outdoor reading time while I got to grips with the plot.


The book’s main character, Jeff Aiken, is an independent security researcher who is scarred from time spent working for the US government. He is called to New York City – somewhere he hasn’t visited since his girlfriend died in the 9/11 attacks on the Twin Towers – to investigate a computer system failure. Aiken is racked with guilt because, in the weeks leading up to the 9/11 attacks, he had found evidence to suggest that such a terrorist attack was likely. As he begins his investigation of the computer failures in New York a disturbing series of problems on other critical systems starts to unravel and Aiken fears another attack.


The dust jacket boasts comments from some pretty impressive names: the authors Nelson DeMille and William Landry; White House Cyber Security Coordinator Prof. Howard A. Schmidt (who has also written a foreword); and the entrepreneur and philanthropist Bill Gates all sing the book’s praises.

Is the story technically believable?

There are long and short answers to this question. The short answer is yes – the writing makes enough sense for the errors/misapprehensions about malware and anti-malware techniques to be lost in the flow of the story. The long answer is that, while Mark is an expert in Windows systems and rootkits, he isn’t an expert on the anti-malware industry, and vendors are portrayed in a very naïve way. If we ignore the premise that vendors are bad and the government is good at fighting malware, the rest of the book is technically believable (although one also hopes that nuclear power stations aren’t running Windows in the real world).

The book is divided into five sections corresponding to four weeks’ build-up and the aftermath. The first half of the novel reminds me of some of Michael Crichton’s stories – particularly Airframe – and as a whole the novel is very filmic. It is very teachy, though, and explaining that ‘the kingdom’ is how Saudis refer to their country since the 2007 movie of the same name put the term into common parlance is a little too teachy.

The second half of the novel moves into action after the cerebral beginnings and at that point the plot begins to lose a little of its integrity. An editor should have tightened this up and a screen writer would have to.


I suspect that the book will make it to the big screen as it has all the elements of a movie: a dashing hero and beautiful heroine (which security conferences has Mark been attending?) with a fast-paced story line that screams ‘film me’. It even has the customary bad guy with an English accent.

I believe that the three elements of a genre novel are plot, characterization and idea. Scoring these out of five I would give Zero Day:

  • Plot: 3–4

  • Characterization: 3

  • Idea: 4

The main characters are well formed, but others are slightly more one-dimensional. The idea is good and the plot fast-paced. I would buy this book, and if you are looking for some holiday reading then you could do a lot worse than getting your hands on a copy.



Latest articles:

VB2019 paper: DNS on fire

Cisco Talos has identified malicious actors that have been targeting the DNS protocol successfully for the past several years. In this paper, researchers Warren Mercer & Paul Rascagnères present two of the threat actors they have been tracking.

Dexofuzzy: Android malware similarity clustering method using opcode sequence

This paper proposes the use of the ‘Dalvik EXecutable Opcode Fuzzy’ (‘Dexofuzzy’) hash to find similar malware variants without the need for an analyst to have systematic or mathematical knowledge.

VB2019 paper: We need to talk – opening a discussion about ethics in infosec

Several professionals defend the notion that technology and ethics have nothing to do with each other. This paper presents various schools of thought pertaining to the philosophy of justice, and explores how they could help us solve some of the…

VB2019 paper: Inside Magecart: the history behind the covert card-skimming assault on the e-Commerce industry

Magecart is an umbrella term given to at least 12 cybercrime groups that are placing digital credit card skimmers on compromised e-commerce sites at an unprecedented rate and with frightening success. This paper presents a timeline of the Magecart…

VB2019 paper: Exploring Emotet, an elaborate everyday enigma

Since its appearance more than five years ago, the Emotet trojan has been – and remains – the most notorious and costly active malware. This paper discusses the reverse engineering of its components, as well as the capabilities and features of…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.