Goodreads helps you keep track of books you want to read.
Start by marking “The Myths of Security: What the Computer Security Industry Doesn't Want You to Know” as Want to Read:
The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
Enlarge cover
Rate this book
Clear rating
Open Preview

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know

3.21  ·  Rating Details ·  68 Ratings  ·  16 Reviews
If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue.

Why is security so bad? With ma
Paperback, 264 pages
Published June 26th 2009 by O'Reilly Media (first published March 15th 2009)
More Details... edit details

Friend Reviews

To see what your friends thought of this book, please sign up.

Reader Q&A

To ask other readers questions about The Myths of Security, please sign up.

Be the first to ask a question about The Myths of Security

Community Reviews

(showing 1-30)
filter  |  sort: default (?)  |  Rating Details
Aug 25, 2009 Dunsany rated it it was ok
Several security bloggers recommended this book, so I picked up. It's a very fast read, not only because of the short chapters but also the anemic content. As a veteran with a decade in infosec and a couple decades in IT, the whole thing struck me as an amuse bouche of obviousness. Basically, I read a short essay, nodded my head "uh huh, uh huh" and then it turned the page and it was the end of the chapter. Basically I learned very little new, except that SiteAdvisor was cool (the author's servi ...more
Vladan Stojanović
Jan 05, 2016 Vladan Stojanović rated it really liked it
Shelves: it
Software industry prides itself in its authors almost exclusively evangelizing whichever technology they may be writing about and this book is a rare gem in that regard. There is no sacred cows for John Viega. It'd be almost a Frankfurter kind of reading experience, only if Viega wasn't all to ready to make over-the-top criticisms of the current state of affairs in security industry and then immediately step back and advertise McAfee and himself as being the avant-garde. Nevertheless, it's well ...more
Mar 30, 2013 mm rated it it was ok
This book is aimed at a more general audience so a lot of the advice seemed very practical to me. Don't open email attachments, don't install software from unknown sites, install updates, etc.

One thing I disagreed with was the advice on passwords. Instead of trying to remember a password from lyrics to a song, just use a phrase and throw in some special characters. Even the xkcd advice on passwords is more sound (using 3 or 4 random words).

If you are really paranoid, use a separate machine speci
Jari Pirhonen
I wanted to be able to recommend this book, but truthfully, it didn't work for me. Viega did a good job discussing some shortcomings of computer security, but wasn't able to really show anything new. Also, too much time was spent discussing Anti-Virus, which in my mind is nowadays more of the IT management problem than information security problem.

Still, I like that someone even try to shake up the information security beliefs a bit. Book is useful for information security novices to show some p
Aug 07, 2011 ju rated it really liked it
John Viega (главен архитект по сигурността в McAfee) разказва за това колко е зле положението в областта на компютърната сигурност. Книгата е написана на достъпен език и е сбор от кратки размисли в областта на компютърната сигурност: „Какво мотивира лошите?“, „Защо антивирусните програми не работят добре?“, „Опасност ли са телефонните вируси?“, „Пишат ли вируси антивирусните компании?“ и др. Също така дава своите идеи за развитието на компютърната сигурност.
Jj Kwashnak
May 05, 2012 Jj Kwashnak rated it really liked it
A good accessible book on computer security by an expert. Aimed at a general population and avoiding too much jargon and technical detail, it is a good piece that lets a non-techie understand the challenges we face in regards to computer security. Not perfect and I don't always agree with him but he puts the information in bit sized and accessible terms that lay persons can work with. Looking at using this book for a class on security.
Jun 04, 2015 Chet rated it liked it
This is not an expose as the title implies but rather the musings of a security professional at McAfee. Each section is about his opinion of an aspect of information security. The book starts out so whiny that I almost put it down, but later he does give some interesting viewpoints of some of the subjects. That does not mean that his viewpoints are correct, only that he approaches some of the them from interesting angles.
Feb 11, 2013 Jellyfish rated it really liked it
It is an excellent book for readers who are not in the IT Security Industry. The book is easy to read and provides a broad perspective to the IT Security Industry. While it doesn't actually debunk the myths with actual proofs, the explanations are simple. Highly recommended for people with interest or are curious about computer security but do not know about technical jargon.
Dec 10, 2012 gramakri rated it liked it
I am not a computer security expert so I am not in a position to either support or oppose the author's views expressed in this book. But I found the articles written with a sense of humor a very good read and understood around 75 % of what he has to say.
Read my summary of this book at
Feb 25, 2013 Sundaramoorthi rated it really liked it
This book is in a simple to read format; max 1-3 pages for each chapter clearly discussing what they are intended for. An insight into Security industry and the challenges Security companies are facing are very well written.
Jan 05, 2010 Mike rated it liked it
There was not a lot of substance to the book. The chapters described the issue but didn't really give any depth on them. It read much more like a blog than a book.

I knew about and agreed with many of the issues before reading this book. There's not a lot of value here.
May 04, 2014 Carol rated it liked it
Easy to read, very basic book on security. Used it for Communications/Technology Convergence course.
Apr 23, 2016 Sonja rated it it was ok
A big fat 'meh'. Wanted to read it for a while & it had some good points but super fluffy overall and not my favorite writing style.
Chuck rated it it was amazing
Feb 27, 2012
KellsBells rated it liked it
Feb 05, 2017
Jack rated it it was ok
Jun 03, 2013
Sunjay rated it it was amazing
Apr 01, 2012
Andrew Updegrove
Andrew Updegrove rated it liked it
Apr 29, 2014
Rhys rated it liked it
May 04, 2017
John rated it really liked it
Oct 09, 2014
Iliya rated it liked it
Mar 24, 2017
joel lynaugh
joel lynaugh rated it it was ok
Apr 16, 2010
Cory Withers
Cory Withers rated it really liked it
Oct 20, 2014
Chun Kit Lee
Sep 18, 2010 Chun Kit Lee rated it liked it
Shelves: nlb
Probably won't read it again.
Dwayne rated it liked it
Jun 13, 2013
Ted rated it liked it
Mar 29, 2013
Joel rated it really liked it
Dec 03, 2012
Jayaram Kowta
Jayaram Kowta rated it it was ok
May 13, 2014
Ignacio rated it liked it
Dec 16, 2016
Eleazar rated it liked it
May 12, 2014
« previous 1 3 next »
There are no discussion topics on this book yet. Be the first to start one »

Goodreads is hiring!

If you like books and love to build cool products, we may be looking for you.
Learn more »

Share This Book