2011-05-01
Abstract
VB usually reserves book reviews for factual books dedicated to the subject of information security. This month, however, we break away from tradition to review a piece of fiction written by renowned Windows systems internals expert and Microsoft Technical Fellow, Mark Russinovich.
Copyright © 2011 Virus Bulletin
Title: Zero Day
Author: Mark E. Russinovich
Publisher: Saint Martin’s Press Inc. (4 Jan 2011)
Pages. 336 (hardcover)
ISBN-13: 978-0312612467
RRP: £17.99 (hardcover)
Before I start, let me say that I am an omni-lector (reader of all), and while thrillers are not usually my genre of choice I do, on occasion, enjoy them. When Virus Bulletin asked me to review a thriller I was happy to oblige and awaited its arrival with a mixture of excitement and apprehension.
The arrival of the novel coincided with a few days of unusually warm spring weather and I was afforded the rare luxury of some outdoor reading time while I got to grips with the plot.
The book’s main character, Jeff Aiken, is an independent security researcher who is scarred from time spent working for the US government. He is called to New York City – somewhere he hasn’t visited since his girlfriend died in the 9/11 attacks on the Twin Towers – to investigate a computer system failure. Aiken is racked with guilt because, in the weeks leading up to the 9/11 attacks, he had found evidence to suggest that such a terrorist attack was likely. As he begins his investigation of the computer failures in New York a disturbing series of problems on other critical systems starts to unravel and Aiken fears another attack.
The dust jacket boasts comments from some pretty impressive names: the authors Nelson DeMille and William Landry; White House Cyber Security Coordinator Prof. Howard A. Schmidt (who has also written a foreword); and the entrepreneur and philanthropist Bill Gates all sing the book’s praises.
There are long and short answers to this question. The short answer is yes – the writing makes enough sense for the errors/misapprehensions about malware and anti-malware techniques to be lost in the flow of the story. The long answer is that, while Mark is an expert in Windows systems and rootkits, he isn’t an expert on the anti-malware industry, and vendors are portrayed in a very naïve way. If we ignore the premise that vendors are bad and the government is good at fighting malware, the rest of the book is technically believable (although one also hopes that nuclear power stations aren’t running Windows in the real world).
The book is divided into five sections corresponding to four weeks’ build-up and the aftermath. The first half of the novel reminds me of some of Michael Crichton’s stories – particularly Airframe – and as a whole the novel is very filmic. It is very teachy, though, and explaining that ‘the kingdom’ is how Saudis refer to their country since the 2007 movie of the same name put the term into common parlance is a little too teachy.
The second half of the novel moves into action after the cerebral beginnings and at that point the plot begins to lose a little of its integrity. An editor should have tightened this up and a screen writer would have to.
I suspect that the book will make it to the big screen as it has all the elements of a movie: a dashing hero and beautiful heroine (which security conferences has Mark been attending?) with a fast-paced story line that screams ‘film me’. It even has the customary bad guy with an English accent.
I believe that the three elements of a genre novel are plot, characterization and idea. Scoring these out of five I would give Zero Day:
Plot: 3–4
Characterization: 3
Idea: 4
The main characters are well formed, but others are slightly more one-dimensional. The idea is good and the plot fast-paced. I would buy this book, and if you are looking for some holiday reading then you could do a lot worse than getting your hands on a copy.