August 1989 Computer Fraud 8 Security Bulletin

developed over the years to such an extent that it offers clear concise functions. Such remarks seem to be merely a marketing ploy.

Should you buy the anti-virus toolkit?

On the down-side I’m unsure that inoculating disks against a possible future

virus infection is a good tactic. Inoculation is by its very nature virus specific, and could conceivably cause problems. There are many loose ends in the programs provided in the toolkit, the error handling is abysmal, and some of the virus specific features can be obtained for free from programs placed in the public domain by their authors. These are

written by people who have hadto fight infections of specific viruses.

However if you think you may have a virus, the explanations of what to do are excellent, the virus specific portions of the toolkit seem comprehensive, and at f49 you can’t go far wrong ‘price-wise. I’d recommend that you also purchase a copy of one of the utility programs such as Norton and PC-Tools. They offer much more functionality than the

anti-virus toolkit for inspecting disks, and when combined with the virus specific sections of the toolkit offer what is probably one of the best combinations currently available to fight a

computer virus infection.

Keith Jackson

BOOK REVIEW

Title: The protection of computer software -

its technology and application

Editor: Derrick Grover

ISBN: 0 521 35335 1

Publisher: University Press, The Pitt Building, Trumpington Street, Cambridge CB2 1 RP, UK.

Price: f32.50 (263 pp, hardback)

01989 Elsevier Science Publishers

This book is published as one of the British Computer Society Monographs in Informatics, and has the stated aim of trying to create “a general awareness of the aims and possibilities of software protection”. This is a field affected by technical, legal and social considerations.

Individual chapters of the book fit loosely within the overall theme of software protection, and are devoted to various methods of

protection, cryptography, hacking, along with legal issues such as patents, copyright and licensing. The book has a 5 page index, and an excellent 12 page glossary of all the

technical words used in the book.

The main strength of the book is its diversity. It takes a broad sweep across its subject matter, but this is coloured by the varying quality of the writing. Each chapter is written by a different author, and the varying writing styles shine through.

The book will be of most use to people on the fringes of software protection who wish to delve into the details of how various methods are used. I use the phrase ‘on the fringes’ because all those involved in developing methods of software protection will not find much new in the book. They will however find it offers a good summary, and an authoritative work of reference.

The introductory review chapter points out that although copyright is the most used method of software protection, this is not applicable in all parts of the world. Therefore other technical methods can sometimes be required. Hence the amount of development

effort that has been poured into protecting software from illegal copying.

Nearly all the diagrams in the introductory review chapter have “Copyright D.J. Grover 1987” in the bottom right corner. I suppose that this makes a point in a book where copyright protection is discussed, but the author of this chapter (who is also the editor of the book) must be mad to think that he can impose this on the reader at every opportunity. At least

13

Computer Fraud & Security Bulletin August 1989

none of the authors of the other chapters have used this silly idea.

The chapter on the history of disk based protection methods is very crisply written. Similarly cryptography is very well explained, much as one would expect from such an eminent author as Donald Davies. However other parts of the book don’t fit together so well. The whole of the review contained in the first chapter could be disposed of. It adds very little to the discussion contained in the following chapters. The chapter on hacking is well written and well explained, but I can’t really see its relevance to the rest of the book which is abut software protection.

I admit to not understanding much of the

legal discussion to any significant depth, but I

would use the sections covering the legal

aspects of software protection as a source of

reference if the need every arose. In particular

the discussions of patents, copyright, trade

marks and licensing, and how they can be

used for software protection, are very illuminating.

The last page of the book is an Appendix

on “User opinion of software protection in the

United Kingdom”. This user has strong

opinions on software protection. I will not use

anything that prevents me from taking as many

backups as I desire, requires some form of

extra hardware, or requires a floppy disk to be

present at all times. Under any circumstances.

Such attitudes have become prevalent in

recent years, and apart from games,

commercial PC software is nowadays rarely

sold in protected form.

In conclusion the book has excellent

content, but cries out for better editing.

Because software protection methods appear to cause a decline in sales volume, they have

largely disappeared from the world of commercial software, and the book reads

rather like the history of an era which has now

largely passed by.

Keith Jackson

EVENTS

GALACTIC HACKERS PARTY

August 2-4, 1989, This suspicious event features a variety of computer equipment, modems etc. Location: Paradiso, Amsterdam, The Netherlands; tel: +31-20-6001480.

THE EDP AUDIT MANAGERS ROUNDUP VIII

August 14-l 6, 1989, Location: San Diego, California, USA. Contact: MIS Training Institute, 498 Concord Street, Framingham,

MA 01701, USA; tel: 508-879-7999; fax: 508-872-l 153.

THE NINTH ANNUAL CONFERENCE ON CONTROL, AUDIT AND SECURITY OF IBM SYSTEMS

September 18-21, 1989, Contact: Russell Bennett, MIS Training Institute, 498 Concord Street, Framingham, MA 01701, USA; tel: 508-879-7999; fax: 508-872-l 153.

SMART CARD 2000

October 4-6, 1989, Location: Amsterdam, The Netherlands, Contact: Smart Card 2000, Paulus Potterstraat 40, 1071 DB Amsterdam, The Netherlands; tel: +31-20-751-808; fax: +31-20-662-8136.

THE 12th NATIONAL COMPUTER SECURITY CONFERENCE

October 1 O-l 3, 1989, Location: Baltimore, USA. Contact: Irene E. Gilbert, National Computer Systems Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899, USA; tel: 301-975- 3360.

14 01989 Elsevier Science Publishers Ltd