This Time Self-Hosted
dark mode light mode Search

Book Review: Trojan Horse

Last month I reviewed Zero Day this month I’m reviewing the sequel, still from Mark Russinovich … and you’ll soon notice I’m quite disappointed. The first book had a number of negative sides, but it was acceptable if you think it a “the first book of an author” — this book, I find it worse than the first one, which makes it even worse considering it’s not the first one! Once again spoilers might follow, especially for the book before this! Actually, there aren’t many spoilers, especially if you read the first one and you’re expecting nothing exceedingly new from this.

So first the good news: no textspeak this time! Yai! Too bad it hasn’t written this way from the start, but okay. Also this time the author admits that there are other platforms beside Windows, repeatedly name-checking (a vulnerability in) Android. That’s about it for good news. The bad characterization of characters and stereotypes is more or less the same, although he seems to have added the straw dissident to please the critiques. That’s not how it works. Especially because said dissident and his brother (again) meet in a tent (again) in the desert. Are you kidding me?

Goes especially into head-scratch territory when he repeats again that Muslims have to be terrorists, and that’s unlikely for an Iranian to be one if he’s not practising or when he notes that “Armenians were Christians, hardly likely to be terrorists”. Somebody got to make Russinovich read about the IRAs just so he stops giving this kind of stereotypes continuity. At least this time the damsel in distress is a bit less useless, but still she is in distress (more so than Rapunzel in Tangled, to give you an idea).

But that’s not the worst problem this time; now the problem is that for somebody that is in our line of business, or who has at least half a clue about technology, the WTF count is quite high. I have for the first time used Kindle’s note-taking options thoroughly through the book to be able to point out some of these because they are extremely bothersome even for a not-so-picky reader like me.

First problem: repetitions. In TV-series and made-for-TV movies, it’s extremely common for plot points to be repeated over and over ad nauseam; this is by design: before Netflix, Hulu, Amazon Prime and so on, most people tuned-in in the middle of an episode and they might not have had any clue about what was going on before. In a book, this doesn’t make the same amount of sense — it makes a sense if backstories and backgrounds are repeated from previous books, but once per book is enough. Going on for the first quarter of the book about how the protagonist foiled a terrorist plot in the book before doesn’t help, nor does repeating the fact that the “air gap” has been breached thanks to “an Android vulnerability”.

On a smaller scale, the first 50 pages of the book repeat “Al Qaeda” at least a dozen times. And on a stylistic note instead, he keep using “all but *something*” forms in the book, even in words of people who shouldn’t be speaking English to begin with — you can accept the “autotranslation”, but that kind of form is hard to use for a non-native speaker to begin with, and at least for latin-based languages it’s extremely hard to translate.

Speaking about foreign languages I guess Italian is not high in Russinovich’s knowledge; he puts one of the characters within a (as far as I can tell) fictional organization which would be the “Iranian Democratic Front” based in Italy, but he gives it a Spanish name (“Frente Democrático Iraniano”). Interestingly enough it was almost correct, as the Italian name in that case should have been “Fronte Democratico Iraniano”. Oh well, I guess geography’s or foreign languages are his best subjects.

Then there are some cringeworthy but still possibly references all over the place, like a couple of places where auto-capitalisation probably burnt the author and nobody caught it before, such as “the Intel sat” (as in satellite). That’s okay, it can happen. There’s also a note about being able to “search the Internet” on board of an intercontinental flight (I know some airlines have that in business class, but is that an “in your face, I’m actually flying business class”, or simply a missed point?), or the fact that the Swiss-Italian border controls scans all incoming passports for images “making a copy of the page” (it’s possibly but I find that extremely unlikely…).

But the big WTFs come up in many places as well:

  • in Russinovich’s fantasy land, mIRC is “an encrypted chatting program” (verbatim, I swear, I’m not making this shit up!), used by the DOD, although “modified [the code] to require both public and private key codes between parties” — now if you’ve not spent time on Windows in the past … 20 years or so, mIRC is a very common at a time IRC client… the author of which, while British, happens to be of Palestinian and Syrian origins; while I’m not putting all people of middle-eastern origin in the same category as the book’s author, I find it extremely difficult for the US DoD to get the sources of, modify and use a client written by a non-american author, especially for secure communication!
  • oh, by the way, nice way to feel secure “Digital signatures could not be altered. Period.” (verbatim quote); yes because attacks to digital signatures are unheard of, right? I can understand that you can strongly trust a strong digital signature, but a stupid blanket statement like that is more trouble than it’s worth!
  • somehow, while Windows and Android are named clearly and accurately, in the parallel universe of the book, Microsoft merged Office and Works in “Microsoft OfficeWorks”; you could have called this a “bland name”, if it wasn’t insisting on the name OfficeWorks so many frigging times over the first half of the book. Was it a problem with actually giving in at the chance that the vulnerability might have been in Microsoft Office itself? If yes, why does he still say it out loud for Android, instead of having the vulnerability in the Robotic cellphone OS?
  • also for whatever reason instead of “software”, “malware”, “source code” … his (expert) characters are expecting “cyber code” to appear. What?
  • two cellphones models are called by name on the book, both of them from HTC: the Hero and the Galaxy — you probably never heard of the latter because it’s a very old (2005ish) Windows Mobile 5.0-based phone; for whatever reason this not really noteworthy device (it doesn’t even have a page on Wikipedia!) is the preferred of the (again, expert!) protagonist. The other one, which tended to be fairly unlocked, in their European GSM format, when not tied to a specific operator, in this universe need to be “jail-broken” to be able to “acquire any apps [..] from anywhere”.. what? On Android it’s just a matter of changing one parameter, you know…
  • at least it seems like the in that world, libav’s TDD (Troll-Driven Development) seems to have taken foot into the world, as (once again the protagonist) “trolls the websites” when looking for a new car to buy…

There are a few more minor WTFs in my list but now that I listed the major ones, the others seem like chump change, so I won’t bother.

So at the end of the review, I’d say that this second book is less interesting, more boring, and way less suitable for a technical audience. The ongoing “fight” is a very insipid spy-vs-spy idea, there are “cuts” to CIA offices where nothing happens of substance, and all in all it’s not that thrilling. Save your money, it’s way not worth it.

Edit: but if it wasn’t clear, I am going to buy an eventual third book, hopeful that third time’s a charm. Russinovich knows how to write, he just need to find a better balance between technicalities and technofantasy.

Comments 1
  1. Based on your severe disappointment with his first two, it’s pretty ridiculous that you’d consider getting his third. Is it just so that you can flame that one, too?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.