* Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition. By Joel Scambray and Stuart McClure; published by McGraw-Hill Osborne Media, www.mhprofessional.com; 451 pages; $49.99.
This third edition of the Hacking Exposed series for Microsoft Windows provides a valuable tutorial on protecting operating systems against cyberattack, one that IT and security practitioners should consult when building a security program.
Authors Joel Scambray and Stuart McClure offer leading-edge concepts and present their opinions in an informative and interesting fashion, while basing them on accepted doctrines and philosophies. The text is concise and is organized so that readers can find exactly what they need by consulting the table of contents or index.
Some material is understandably repeated from the book’s first two editions, but it is all updated with current threats and solutions. Most readers, even expert IT professionals, can expect to learn something new. Most important, the book remains relevant amid the ongoing evolution of Windows. Since Windows Vista’s Service Pack 2 update was chock full of security patches, some of the weaknesses mentioned in the book are now moot, but the vast majority of the book is still valid. The book should also remain useful well after the scheduled fall release of Windows 7, which is expected to be a modest update of Vista.
The book offers graphical illustrations, in-depth discussion of the technical threats and impacts of Windows operating systems, solutions, advanced tables, thorough checklists, and guidelines. The authors also provide extensive lists of reference sources. The sentence structure, grammar, and syntax all reflect the style of the subject matter, with none of the typos that often occur in technical works. In another refreshing change from many IT security texts, the book is not a sales pitch for a single security method or product.
Scores of books on computer security should be chucked for being pedantic rehashes of the same material or for being uninformative. This book is neither; it should prove useful to technology and security managers as well as generalists considering how to build and defend enterprisewide wireless methodologies and applications.
Reviewer: Lew Wagner, CPP, CAS (Certified Antiterrorism Specialist), CISSP (Certified Information Systems Security Professional), is president and CEO of Dynamic Defense in Depth, Inc., of Dallas. He is a member of the ASIS Information Technology Security Council.