REVIEW: “Computer Viruses and Other Malicious Software”, Organization for Economic Co-operation and Development

BKCVAOMS.RVW   20100607

“Computer Viruses and Other Malicious Software”, Organization for
Economic Co-operation and Development, 2009, 978-92-64-05650-3
%A   Organization for Economic Co-operation and Development
%C   2 rue Andre Pascal, 75775 Paris Cedex 16, France
%D   2009
%G   978-92-64-05650-3 92-64-05650-5
%I   OECD Publishing
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   244 p.
%T   “Computer Viruses and Other Malicious Software”

The executive summary doesn’t tell us much except that malware is bad, and that this report is seen as a first step in addressing the issue in a global, comprehensive manner.

Part one, entitled “The Scope of Malware,” is intended to provide background to the problem.  Chapter one, as an overview, is a random collection of technical issues, with poor explanations.  Although it is good to see that the malware situation is defined in terms that are more up-to-date than those in all too many security texts, the lack of foundational material provided by the authors will necessarily limit the perception of the issue for those readers who have not done serious research themselves.  Various stories of attacks and payloads (not all related to malware) are listed in an equally disjointed manner in chapter two.  There are numerous errors, including in simple aspects like arithmetic.  (20 million is not “5 times” one million.)   The explanation of why we should be concerned, in chapter three, boils down to the fact that the net is important, and malware imposes costs.

Part two turns to the economics of malware.  Chapter four, while it promises to deal with cybersecurity and economic incentives, merely states that security is hard.  Chapter five does deal with economic factors influencing decisions of key players on the Internet, but does so only on the basis of an opinion survey, rather than any measured costs or benefits.  Descriptions of different types of economic situations are given in chapter six, but a final set of “findings” doesn’t seem to have much background support.

Part three is supposed to contain recommendations about actions to take, or policies to follow, to address the malware issue.

Unfortunately, this work does not have sufficient technical depth on areas of malware to contribute to the literature.  The concept of addressing the economic aspects is interesting, but is not sufficiently fulfilled.  Overall, this text has nothing to add to existing information.

copyright, Robert M. Slade   2010     BKCVAOMS.RVW   20100607