Always Use Protection

Raymond Lodato writes "Where do I begin? Oh yes! If you are a teenager who uses computers, or the parent or guardian of a teenager who does, buy Always Use Protection, by Dan Appleman! Let me take a little time to explain why." Read on for the rest of Lodato's review.

Always Use Protection: A Teen's Guide to Safe Computing
author	Dan Appleman
pages	288
publisher	Apress
rating	10/10
reviewer	Raymond Lodato
ISBN	159059326X
summary	An excellent and realistic reference for teens and their parents/guardians about the potential hazards of computing.

Dan Appleman knows how to talk to teenagers. He's made the presentation very logical, he keeps the chapters a reasonable length so a teenager won't feel overwhelmed, and he had a crew of teenagers review this book before it was published so that he knew they would understand it. Those adults who aren't technically adept will find it an easy read, too.

Always Use Protection is broken up into three main parts: Protecting Your Machine, Protecting Your Privacy, and Protecting Yourself. There is a fourth part with useful appendixes, also.

Protecting Your Machine goes through all of the gremlins that can bother your computer, how to get rid of them and how to prevent them from coming back. Viruses, Trojan horse programs, and worms are covered clearly. Not too much depth involved, but not too little either. Dan covers the ins and outs of the three main preventive measures: anti-virus programs, firewalls, and system configuration and updates. He makes sure that his discussions relate to the types of programs that teenagers are likely to run: P2P software, online games, Instant Message clients, e-mail programs, and web browsers. He's careful to include other avenues of attack besides the Internet, such as infected floppies and CDs cut by well-meaning friends.

Always Use Protection explains how to determine which type of anti-virus programs are available and how to run them (using McAfee's VirusScan as an example), but puts the responsibility for deciding which one to use squarely in the reader's lap. Dan has made sure that he's not pushing any particular product over another. In fact, there were one or two places where I wished he'd just come right out and say I'd recommend blah-blah software, but he always said the reader should check the pros and cons of the possibilities and make their own decision.

Firewalls are discussed in detail, as well as their possibly unintended consequences (an online game refuses to run because a critical port is being blocked by the firewall, for example). He does state that if you're on a network behind a router, you may not need a firewall. This is my only disagreement with Dan. I believe a personal firewall should be on each and every machine, regardless of how it connects. It will protect not only the machine itself, but make it harder for the machine to attack others.

Software updates are probably one of the most under-utilized options in the home. News items in papers and on the web speak frequently about how such-and-such a virus got into machines mainly because security updates available from the manufacturer for months were simply not installed. Dan makes sure that the reader understands how shortsighted that approach really is. The updates are usually free, and just take a little time to download and install. Always Use Protection explains exactly how to do that and why it's a good thing.

The configuration chapter describes many little tweaks available to harden your browser and e-mail reader. Many people are not aware of the number of 'dials' they can play with (and if they were, they'd probably be overwhelmed), but this chapter zeroes in on the most important ones.

If this book was only chapter 9 - What to Do When You've Been Hit - it would still be worth the cover price. In this chapter, Dan gives a careful, step-by-step menu of what you can and should do to recover as much as you possibly can, eradicate the malware that is causing the problem, and get your system back to a usable state. It's the one chapter he says you shouldn't read front-to-back, but follow the links (if you see this, go to this section) like one of those make-your-own-ending books. I have this one bookmarked for future reference.

The next four chapters form Part II - Protecting Your Privacy. In here, Dan explains the various ways your personal information can be gleaned, mostly from a user innocently filling in a form supplied by a con artist. He talks about identity theft and what it means to a teenager. The need for good passwords is clearly discussed, but he acknowledges that most people won't use strong enough ones. Therefore, he promotes a simple plan with three passwords (high, medium, and low-security) that will work in most cases. He ends off this part with a good treatise on cookies of all forms, and how to turn off the worst ones.

Finally, he talks about protecting yourself in chat rooms and from common scams. While there is a lot of press about teenagers being lured by scoundrels in chat rooms, Dan notices that the actual statistics are very low. Regardless of the statistics, he gives extremely good advice about how to use a chat room safely (mostly involving lying about almost any bit of personal information you might be asked for).

The appendixes have good summary information for teens and adults, and have a special appendix just for the parents. It give good advice to make sure your teenager is willing to come to you for question without worrying about losing online privileges.

All in all, Always Use Protection should be read by every parent and, hopefully, by their kids. I'm going to try to get my 15- and 13-year old to read it (Good luck to me! You should have seen the arguments to get them to finish their summer reading!) I liked the approach, the content, and the presentation so well, I had to rate this a 10.

---

You can purchase Always use Protection: A Teen's Guide to Safe Computing from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.

yah right

[Anonymous Coward]

Most teenagers are more interested in a)how they are going to get laid, b)how they are going to get drunk. Those who care about computer security are almost certainly way above this book. It's trying to sell to a market that just isn't there. It looks like it's just another wannabe security book, offering very little in terms of actual understanding. This makes it to Slashdot???

Teenagers?

[jstave]

Is there a reason that this information is being aimed specifically at teenagers? I know an awful lot of adults that could use a good straighforward explaination of this material.

Re:yah right

[ReluctantBadger]

Thing is that this is exactly the right place for this review. Most Slashbots are not interested in getting laid and getting drunk as they already have a date with a box of penguin caffeinated mints and sweet lady hand with her five daughters. Also, never forget that Slashdot is not the uber-geek haven it makes itself out to be. Most readers are only here on the the "Oooooh! Open Source! That sounds cool!" bandwagon, so a book like this is probably much needed as their actual technical prowess probably couldn't get the VCR to cease flashing 12:00.

backups?

[joeldg]

There should be a chapter in every computer book made all about backups.
People don't bother to backup data..
People forget to back up data.
People need to verify backups..
SyOps symlink backup data directories and cause $40,000 losses due to data not being backed up.

That is one of the best ways to "protect yourself"..

"jesus saves" and all that..

Nope

[StevenHenderson]

I'm sorry but regardless of how good the book is and how relevant it is, it will never achieve its intended goal. A kid is never going to read anything like this. You wouldnt expect a kid to read a book about the perils of not eating their vegetables, so why this? Especially as stubborn as kids are nowadays, I think this author might have a case of bad timing. :-/

The Best Protection

[wackysootroom]

The best way to protect your children and your PC is to spend quality time with them, teaching them the basics of PC protection and chat room safety.

IMHO, these things are better taught in person than with a book. The reviewer did not mention actually spending any time with your kids. I hope the book does, because too many people are using books and products like these as a substitute for teaching thier kids in person about computer safety.

Re:Teenagers?

[Hank Reardon]

I thought exactly the same thing.

In fact, I've got three machines in my office right now from adults that I've got to fix. They've all responded with variations of "You mean they update the software and I don't have to pay for it?" when I asked when the last time they ran Windows Update.

I guess I just don't understand how somebody can see all of the identity theft, worm, trojan horse, and phishing scam stories in the news and still think they're perfectly safe.

Talk to your parents...

[nearlygod]

I think that the net would be a lot better place if we all talked to our parents about safe computing.

Do you remember being a teenager?

[Pi_0's don't shower]

The year was 1994 -- I had a 14.4 fax/modem, and was the only person in the house who knew how to use commands in MS-DOS, much less use the net, do some mild hacking, etc.

I learned more about computer security by trial and error on a piece of crap 486SX than I think I could learn from a book. Why don't more of these parents spend $100 on a crappy old machine than $100 on the best in virus protection and let the kids go nuts? They'd probably learn a whole lot more...

The problem with these sorts of books...

[BluhDeBluh]

is that it uses the assumption that teenagers - a group that have grown with modern technology - do not understand the basic concepts of computing, privacy etc. I would argue this isn't actually true.

A better audience for a similar book would be the average parent PC user who doesn't understand why their PC is giving him those stupid Messenger messages, why they should run Windows Update or the average 419 scam to make them better equipt for the world. In my admittedly limited travels, it's been a lot easier to explain technical stuff to the teenage generation, and I'm sure each teenager has a /.-reading PC geek in their class. And, we can assume, any responsible parent who knows about scams, clichéd chatroom use, P2P virii etc would educate their children about this stuff anyway. It's not exactly complicated to explain to people who have grown up with this stuff.

I also assume the book includes a degree of uninformed scaremongering. Firewalls are not required - indeed, you can safely use the internet without a software firewall simply because they can be easily bypassed by anyone caring enough to bypass them - ie trojan writes. Viruschecking software is not essential if you are smart enough to know what you're running and don't run the average VBS file or P2P fraud (PHOTOSHOP 7.0.REAL.EXE). 4 years with yearly virus checks confirms this.

And I'm sure that parents treat children like idiots regarding the average "chatroom" use. No doubt the fools who previously gave their names and telephone numbers to random people on the 'net must have got the message by now, and that assumes that there are large amounts of people gullible to be taken in by it.

Re:yah right

[Anonymous Coward]

Perhaps the target audience really is parents, who aren't themselves very technically savvy, with teenagers. Granted it doesn't seem to be marketed that way but it probably makes more sense. In slashdot fantasy world we want everybody to know every detail of the inner workings of the computer and the internet but in the real world most people just want to know as little as possible to make it work.

10/10 ?

[ab762]

Is this really a perfect technical book? or is the reviewer a close friend of the author? Nothing is dated, nothing is misunderstood?

I've never read a technical book I'd rate 10/10 ... 9/10 is reserved for the greats like Tannenbaum on networking, K&R on C - and books only get that rating in retrospect. (Usually when I buy the second copy, either because I wore one out or to have one at home and one at work.)

Re:The Best Protection

[deepfreeze77]

Actually, the best protection would be to let them completely break their computer and leave it broken. Give them the install CD, show them how to format the drive and tell them to have at it. After they spend 12 hours reformatting and reinstalling all their garbage once or twice, I'm sure they'll figure out how to stop breaking their systems.

Of course, this doesn't work if you only have one computer in your house, but I suppose that's a whole other kettle of fish...

Re:Do you remember being a teenager?

[Phixxr]

Ditto! I learned the most when I wasn't afraid of breaking things.. I broke stuff, my parents understood it was part of learning, and we moved on. That's where the best learning happens, not in books...

-Phixxr

DOS?

[Aldric]

Let's be a little more sensible and teach them BASH commands, far more useful.

Re:Move back to DOS

[IPFreely]

Lets force everyone to know DOS commands before using a computer. That way, they would know enough to maintain their own system.

And while we're at it, lets force everyone to become an automobile mechanic before they are allowed to have a drivers license. That way they would know enought to take care of their own cars.

I agree that it would be nice if everyone were better at using computers so they could all do what we can do, but that is unrealistic. When I was in support, i made it my motto that it was not my job to teach everyone how to use their computer better, it was my job to make the computer do what they needed it to do. These people have more important jobs (from the perspective of the companies' needs) and should not have to spend their time learning and working the computers till they become Leet. They were their to run the company. I was there to make sure the computers ran smoothly enough so they could concentrate on doing their own jobs, not mine.

YMMV

Re:As a teenager (14) who uses computers...

[Just Some Guy]

Absolutely, positively, yes . Linux exploits are comparatively less common than those for Windows, but they certainly exist. Do you leave your computer turned on when you're on vacation with your parents? If so, what happens if, say, SSH gets cracked and your system is 0wn3d before you get home?

A good rule to follow is to treat all Unix systems like servers, regardless of what role they actually serve. If your machine is listening on a network-accessible port, then it's your responsibility to protect that port.

If you're 14 and administering your own Linux system, then you probably have the intellectual curiosity to do well working with computers. However, you don't have even half of the professional paranoia required to make the leap between "competent" and "great". Unfortunately, only time and mistakes will get you there. Just do what you can to make your learning experiences as painless as possible.

Re:Is your son a computer hacker?

[LGagnon]

It's from Adequacy.org [wikipedia.org], a Slashdot troll site. Believe nothing they say there.

Re:yah right

[It'sYerMam]

Bingo. At 15, I have my own Linux box, and know more about security than almost anyone I know in real life. It's possible I know more Linux stuff than my Dad, who's a computer programmer and has years of UNIX experience.
For me, at least, Appleman was a crap writer. He was patronizing in his attempts at not being patronizing - if you can't talk to us normally without it, then your attempts will almost certainly be pathetic.
The best way to educate them is to let them piss the thing up, get someone knowledgeable in and say "This is because you did this" If they're not stupid, you can hope that they get it right next time.
One point is that if they have their own machine, then they will most likely want to keep it nice - if they respect it, they'll protect it.

I don't believe I said that...

Re:The best protection is DON'T USE WINDOWS

[Daniel Dvorkin]

You're right, of course, but the problem is that there are so many people out there for whom "computer" == "Microsoft(R) Windows(tm) running on Intel(R) Pentium(tm)" that this advice will usually fall on deaf ears. (Most of these people have no idea what the words actually mean, of course, but they know damn well that if it doesn't have Microsoft(R) Windows(tm) and and Intel(R) Pentium(tm), it's not a real COMPUTER -- they've seen the Dell ads!) For those folks, a guide like this might be helpful. If nothing else, in the process of trying to secure their Wintel boxes, they may learn something about how computers actually work, and therefore be a little more receptive to technically knowledgeable advice next time.