I’m die-hard computer fan. I’m also a Microsoftee. Well, an ex-FTE, but that doesn’t matter much. Once a Microsoftee, forever one. You all know about The Powers Of the Dark Side, right 🙂 ?
During my 6+ year Microsoft career I’ve met many bright minds and many great hackers. That was one of the things, which made it great to work at the company. I knew Mark Russinovich’s name (wikipedia, blog) long before he became Microsoft Technical Fellow, but I never believed I’ll have the chance to get to know him in person and to have some good talks with him. This is one of the big things, which a Microsoft career can give you: opportunities like that.
I never missed Mark’s talk, when I was attending (any) conference he was speaking at. Each time it was great experience and lots of fun. I’ve attended his “The strange case of unexplained” talks more than 4 times in total and each time I found it great experience and lots of fun. I’m using Mark’s tools and techniques more often than I even realize. Maybe weekly, if not even daily.
So it was more than natural to me that I preordered “Zero Day”, the first non-technical book he wrote, as soon as I’ve discovered the book is coming.
Unfortunately, the book came and I never found enough time to read it as it deserved: carefully and with full understanding. English is my 2nd language and as such I’ve developed strange “quick-read” ability, which us good for 90% of the cases, but not for this book. This had to be red thoroughly! So I waited, until this Greek vacation, when I had the chance to enjoy the book to its most.
To me reading “Zero Day” was pure (hacking) pleasure. I found it intriguing, brilliant and easy to read. Each page, each chapter was computer action with pace, which only Mark can create. If you’ve seen his presentations, you’d know it. The fact that Mark “knows the stuff” to its core makes the book events quite believable. And scary. Because despite the book is Fiction, the story it tells is surprisingly real. And something, which could happen. And something I hope will never happen.
Computers are very important for our way of life. For our well being, for our security, for our life. Both at “single person” level (i.e. life support system in a hospital) and globally (i.e. nuclear power plant control system). “Zero Day” makes you start seeing the things in quite different, very sharp angle. And if you’re paranoid, it may make you start digging your own underground shelter in you backyard.
However, what I disliked in the book was the “hacker’s slang” of all e-mail and chat there. It’s hard to believe that bright, intelligent people will use keyboards with all vowels taken out. Or that they’ll be so lazy they would prefer to write “brllnt”, instead of “brilliant” for example. They’d be smart people and they’d know that skipping the two vowels would not save then much time typing, but’ll significantly increase their peer’s reading time. So every time I had to read this “hacker text”, I was feeling irritated, because I found it unreal and stupid.
Apart from this, the book is great. Anyone can learn a lot from it about how badly we’re protected. And make some conclusions. And remember it, when his Windows-expert-neighbor tells him how normal and ubercool is to have its Windows Update turned off.
Another interesting thing here is the fact that the book is painting the picture of cyber Apocalypse, based on computers with Windows OS. I know Mark is not a person, who’d eat any marketing bullshit (he’s just too high at Microsoft for someone to start nailing his book script), but I also wonder if anyone from the Company approached him “on time) with demand to change something regarding that. It’ll be very interesting to know, but of course we’ll never know :).
To conclude: “Zero Day” is highly recommended cyber-crime, cyber-security novel, which any computer geek will enjoy for sure. About non-tech geeks I can’t tell you yet, but one non-tech geek already requested to lend her the book, so we’ll see quite soon 🙂
12 thoughts on “Great Read: “Zero Day”, by Mark Russinovich”
When I read the title for a moment I thought Mark Russinovich was a guest blogger at your blog.
LMAO, I wish! Good one, still can’t stop laughing 🙂 !
I’ve got the book on my Kindle the day it was published and I’ve read it on one of my “non-emergency” trips to Moscow. Funny, I was able to discuss it with a guy in Metro, who was reading it on his iPad. I guess it could have been the Superphreak himself 😉
The book is a good read, but doesn’t rise above usual techno-triller stuff. The way it represents the security and BlackHat communities, malware and SCADA systems is barely plausible. If it was Dan Brown, it would be great achievement. From Mark I’ve expected more. Also, the book is written in 2003-2004 and it shows..
@Sasho: Although I do agree that the books could not surprise (from security details standpoint) you or me, I disagree this is a disadvantage of the book :). Sasho, you’re since five (ten?) years into security and Windows infrastructure. I’m sure that if Mark wanted, he could dig in details to astonish you too, but please do remember that the book is popular-read book, not for Microsoft employees only 🙂 (although I’m sure at least 20-40K of MSFT FTEs will get the book).
So considering the widespread audience, I think the details are just right! Dan Brown would get it much worse and funny, and he’s one of my favorite authors, too!
I’m not saying I want more technical details, I’m saying I want them to paint plausible story. What bugs me is not that kernel debugging is not described correctly and in detail, but that same piece of malware can **beep***, turn off **beep** and make **beep** chop people heads off, for example. Or that zero day vulnerabilities can be bought by dozens a dime on Gorbushka market in Moscow..
If you read comments on Mark’s blog, you’ll see a lot of people share my opinion. Problem is not that Mark cannot write a really good techno-triller for a layperson, but that he published almost decade-old book with decade-old plot and decade-old tech details. And I don’t like Dan Brown ;-P
Hey! Not fair, you’re giving plot details and destroying the pleasure from potential readers! I’m still thinking shall I censor your comment or not… hmmm… maybe I shall!
Anyway: you know that once a system goes crazy, any side effects are possible. I can’t tell you how many times I was quite close to ritual goat sacrifice, because I was suspecting an evil ghost was in the system, making (my) code behave almost like it’s alive and predicting my actions. So you can’t complain about these *beep* details!
And hey, it was a good read for $11.99, anyway. And I’ve got a signed (paper) copy of Windows Internals 🙂
I’ve got also signed copy of Win Internals, but the previous edition :). I’m jealous now, since I won’t attend TR, i.e. won’t be able to get signed copy of this book as well 🙂
Doncho do you actually think that hackers(crackers or whatever) write the way they do because it is easier to write or read?
No, I do not. Please read more carefully. It’s hard to write and hard to read and is quite distinctive, that this could be “cracker slang”.
I think the people who use this slang use it to defy the rules and to show that they are part of a certaing group not because it makes communication efficient. So what is the problem with clever people using this suboptimal way of communication if the characters have the mentality of people who would abuse the written language for fun?