Goodreads helps you keep track of books you want to read.
Start by marking “The Myths of Security: What the Computer Security Industry Doesn't Want You to Know” as Want to Read:
The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
Enlarge cover
Rate this book
Clear rating
Open Preview

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know

3.21 of 5 stars 3.21  ·  rating details  ·  48 ratings  ·  12 reviews
If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue.

Why is security so bad? With ma
Paperback, 264 pages
Published June 26th 2009 by O'Reilly Media (first published March 15th 2009)
more details... edit details

Friend Reviews

To see what your friends thought of this book, please sign up.

Reader Q&A

To ask other readers questions about The Myths of Security, please sign up.

Be the first to ask a question about The Myths of Security

Community Reviews

(showing 1-30 of 124)
filter  |  sort: default (?)  |  rating details
This is not an expose as the title implies but rather the musings of a security professional at McAfee. Each section is about his opinion of an aspect of information security. The book starts out so whiny that I almost put it down, but later he does give some interesting viewpoints of some of the subjects. That does not mean that his viewpoints are correct, only that he approaches some of the them from interesting angles.
This book is aimed at a more general audience so a lot of the advice seemed very practical to me. Don't open email attachments, don't install software from unknown sites, install updates, etc.

One thing I disagreed with was the advice on passwords. Instead of trying to remember a password from lyrics to a song, just use a phrase and throw in some special characters. Even the xkcd advice on passwords is more sound (using 3 or 4 random words).

If you are really paranoid, use a separate machine speci
Several security bloggers recommended this book, so I picked up. It's a very fast read, not only because of the short chapters but also the anemic content. As a veteran with a decade in infosec and a couple decades in IT, the whole thing struck me as an amuse bouche of obviousness. Basically, I read a short essay, nodded my head "uh huh, uh huh" and then it turned the page and it was the end of the chapter. Basically I learned very little new, except that SiteAdvisor was cool (the author's servi ...more
Easy to read, very basic book on security. Used it for Communications/Technology Convergence course.
John Viega (главен архитект по сигурността в McAfee) разказва за това колко е зле положението в областта на компютърната сигурност. Книгата е написана на достъпен език и е сбор от кратки размисли в областта на компютърната сигурност: „Какво мотивира лошите?“, „Защо антивирусните програми не работят добре?“, „Опасност ли са телефонните вируси?“, „Пишат ли вируси антивирусните компании?“ и др. Също така дава своите идеи за развитието на компютърната сигурност.
Jj Kwashnak
A good accessible book on computer security by an expert. Aimed at a general population and avoiding too much jargon and technical detail, it is a good piece that lets a non-techie understand the challenges we face in regards to computer security. Not perfect and I don't always agree with him but he puts the information in bit sized and accessible terms that lay persons can work with. Looking at using this book for a class on security.
It is an excellent book for readers who are not in the IT Security Industry. The book is easy to read and provides a broad perspective to the IT Security Industry. While it doesn't actually debunk the myths with actual proofs, the explanations are simple. Highly recommended for people with interest or are curious about computer security but do not know about technical jargon.
I am not a computer security expert so I am not in a position to either support or oppose the author's views expressed in this book. But I found the articles written with a sense of humor a very good read and understood around 75 % of what he has to say.
Read my summary of this book at
There was not a lot of substance to the book. The chapters described the issue but didn't really give any depth on them. It read much more like a blog than a book.

I knew about and agreed with many of the issues before reading this book. There's not a lot of value here.
This book is in a simple to read format; max 1-3 pages for each chapter clearly discussing what they are intended for. An insight into Security industry and the challenges Security companies are facing are very well written.
Short, interesting essays on computer and Internet security.
Chun Kit Lee
Probably won't read it again.
Jake Steier
Jake Steier marked it as to-read
Aug 24, 2015
Hassan Bouba
Hassan Bouba marked it as to-read
Aug 20, 2015
Joel added it
Aug 11, 2015
Stephen Bush
Stephen Bush marked it as to-read
Aug 08, 2015
Tim marked it as to-read
Jul 23, 2015
James Denham
James Denham marked it as to-read
Jul 06, 2015
Andrew marked it as to-read
Jun 06, 2015
Ali Asil
Ali Asil marked it as to-read
Jun 03, 2015
Enigma marked it as to-read
Jun 01, 2015
Traian marked it as to-read
May 28, 2015
Thiago marked it as to-read
May 09, 2015
fr4nt1c marked it as to-read
Apr 24, 2015
Daniel Drummond
Daniel Drummond marked it as to-read
Feb 25, 2015
Telorian marked it as to-read
Feb 10, 2015
Nobody marked it as to-read
Feb 01, 2015
Berry Cochran
Berry Cochran marked it as to-read
Dec 15, 2014
« previous 1 3 4 5 next »
There are no discussion topics on this book yet. Be the first to start one »
Network Security with OpenSSL: Cryptography for Secure Communications Building Secure Software: How to Avoid Security Problems the Right Way Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More Sekyuriti No Shinwa Myths of Security: What the Computer Security Industry Doesn't Want You to Know

Share This Book