Denning, Peter J. (Ed.). (1990). Computers Under Attack: intruders, worms, and viruses. Reading, Massachusetts: ACM Press. A collection of articles relating to computer crime. This book also serves as a general introduction to the infrastructure and issues which surround this increasingly important form of anti-social behavior. Denning achieved his goal of creating "a forum of distinguished speakers," which allows a beginning reader to listen in on their discussions, and a more advanced reader to confirm his or her knowledge, check facts, or form opinions. In an area which has seen considerable misunderstanding in the popular press, Computers under Attack provides well-balanced treatment and a scope sufficiently wide to include alternative viewpoints on various topics. Most of the book's forty articles have appeared before in the journal, Communications of the ACM, or elsewhere. Although some pieces date back as far as 1982, all but seven have appeared in other sources published since 1988. Five articles were written or compiled especially for the book. This book is well-suited for anyone seeking to better understand the issues relating to computer security. Although it serves somewhat better as a retrospective work than a look into the future, anyone who studies its pages will be both better informed about past incidents and better able to deal with and understand current and future discussions. The collection is arranged in six parts. Part 1, "The Worldwide Network of Computers," includes five articles which introduce the Internet and some issues of open networks. It includes a reprint of Quarterman's article, "Notable Computer Networks," which was later greatly expanded into The Matrix. Part 2, "Intruders," includes two articles concerning the Cliff Stoll story of a West German hacker, an earlier piece on various computer "break ins," and an article devoted to security for the business world. Although the stories in this part are well-documented, the informed reader may remember that the vast majority of computer intrusions are never reported, regardless of whether they are actually noticed. Part 3, "Worms," includes six articles which focus on the Robert Morris Internet worm, four of which appeared in the June, 1989, issue of Communications of the ACM. A last article, from 1982, provides an early look at more legitimate purposes for worms, as first envisioned by Xerox Palo Alto scientists. The single case of the Robert Morris worm, which occurred in November, 1988, was responsible for bringing computer security issues to the front pages of international newspapers. It was also evidently an underlying cause of the book's compilation, and is referenced in many articles. Part 4, "Viruses," includes six articles dealing mostly with microcomputer viruses, their history, and their prevention. In spite of the benign nature of many viruses, and relative ease in preventing infection, viruses are perhaps the most widely distributed example of illicit computer applications today. Perhaps future books or other works of this nature will serve to both increase the public's understanding, and to clarify the extent to which computer viruses are sometimes viewed as a destructive attack, and sometimes as a mere prank. Part 5 provides only a brief treatment (unfortunately) of the counterculture of computer "crackers." These three articles suggest that the efforts of computer systems and administrators to restrict access to resources and data are unjustified. Attempts to circumvent or disable computer security systems are presented as more than legitimate: they are a necessary public service to insure continuing rights to freedom of information and shared access to resources. Part 6 contains fifteen articles, some of them fairly short, concerned with "Social, Legal, and Ethical Implications." This section could, and eventually should, be expanded to fill an entire volume with related materials. This section places the emerging role of computer crime in the context of other forms of anti-social behavior. After all, it is society which decides which actions are crimes, and what constitutes suitable punishment. In the case of computer crime, the jury is still out. As Denning and other authors in the book point out, the set of norms governing acceptable human behavior in the datasphere have yet to fully emerge. It is uncertain how most computer crimes should be viewed, or even if they are crimes. Richard Stallman (author of GNU-emacs and founder of the Free Software Foundation) suggests in a letter reprinted as an article in the book that "computer crimes" are not crimes at all, but simply understandable attempts to gain free access to information which should be free. In addition, several articles are presented which downplay any destructive role of computer attacks in favor of their ability to raise consciousness for both computer security and freedom of information. These mitigating factors are presented by Denning as fringe or minority views. The mainstream, as represented by systems administrators and the "legitimate" user population, remain devoted to protecting their systems against attack. These attempts at protection emphasize increasing the sophistication of anti-intrusion methods and not opening and sharing their systems with all potential users. Throughout Computers Under Attack, there is a definite myopia for works previously published by the ACM or the editor. This is justifiable, considering the goals of the book, but leaves many potentially useful sources untapped. Well known organizations such as EDUCOM and ALA have publications that deal with relevant issues on a regular basis. In addition, a number of ongoing electronic discussions regularly discuss the issues raised here, especially those sponsored by the Electronic Frontier Foundation. (See the reference list for details.) Although prescriptive in how to deal with particular instances of computer insecurity, such as viruses and worms, the book does not make specific recommendations or predictions for the future. The view implied to the reader here is that most types of illicit activities are fairly well understood by the computing community. These are given treatment in some detail in the book. What new twists might be added to the cracker's bag of tricks, or what entirely new types of mischief might yet be invented, are left to the reader's imagination. References Quarterman, John. (1990). The Matrix. xxx: Digital Press. Kapor, Mitchel . (Moderator). (1991-). pub-infra. Cambridge, Massachusetts: The Electronic Frontier Foundation. To subscribe: EMAIL: pub-infra-request@eff.org Message: subscribe pub-infra (your name). Back issues available via anonymous FTP to ftp.eff.org in directory pub/pub-infra. . (Owner). (1989-). PACS-L (Public-Access Computer Systems Forum). Houston: University of Houston. To subscribe: EMAIL: listserv@uhupvm1.bitnet Message: subscribe pacs-l (your name). Notebook files of previous messages are kept by listserv@uhupvm1.bitnet Message: index pacs-l. Thomas, Jim and Mayer, Gordon . (Eds.). (1990-) Computer Underground Digest. Dekalb, Illinois: Northern Illinois University. To subscribe: EMAIL: tk0jut2@niu.bitnet Message: (no particular format). Also available on Usenet as alt.society.cu-digest. Back issues available via anonymous FTP to ftp.eff.org in directory pub/cud/cud. unknown. (1991-). ETHICS-L (Discussion of Ethics in Computing). Atlanta: University of Georgia. To subscribe: EMAIL: listserv@uga.bitnet Message: subscribe ethics-l (your name). Notebook files of previous messages are kept by listserv@uga.bitnet Message: index ethics-l. Reviewed by: Newby, Gregory B. . Assistant Professor, 410 David Kinley Hall, 1007 W. Gregory Drive, Graduate School of Library and Information Science. University of Illinois at Urbana-Champaign, Urbana, IL, 61801, Voice: 217-244-7365, Fax: 217-244-3302.