To calculate the overall star rating and percentage breakdown by star, we don’t use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyses reviews to verify trustworthiness.
Just pages and pages of light comments about the investigation of different antivirus companies in the technical content of the virus with some link to what was going on in Iran, some pages with a very rough description of the structure of Stuxnet and a final bunch of pages about the risks of someone launching an updated version of Stuxnet ...
The book was entertaining and well researched. One thing I didn't care for was the oft repeated claim that "Stuxnet opened Pandora's Box". No. It really didn't. This borderlines on American Exceptionalism. Nobody needed nor wanted our approval to start engaging in cyberwarfare. The Russians, Chinese, and others were already doing it without us. Never assume that everyone else needs or even cares for your approval to move on to the next evolution without you.
This is like blaming the bomb dropped on Hiroshima for why Hitler also wanted an atomic bomb... no... he just wanted a huge boomstick. The fact that the Americans wanted one too didn't make it special, and you are even getting details out of chronological order to make such a claim. A far more accurate analogy for StuxNet than the bomb dropped on Hiroshima would be to say it was the first time someone slapped a 10-digit grid coordinate capable precision GPS guidance system on a bomb instead of carpet bombing the city. Nobody is special. We can all haz computerz now.
The footnotes are brutal but also indispensable to the narrative so you cannot skip them. And if you read them all the book becomes a complete slog. I gave up 1/4 of the way through. The book also feels like it was written too close in time to the events, so lacks clear perspective and complete information.
So far, I'm the only reviewer who has given fewer than stars. I'll give the author credit for telling an important story, but I suspect for most people who aren't into computer security, this book would be a difficult read. On the positive side, I think the author does a good job of humanizing the story. You do get to know the personalities, and that was the best part to me. The technical details were just too esoteric. I'll concede that maybe that's the only way to write such a book. If I could I'd give another half star I would, but it's not a three-star book to me.
Fascinating topic, and I really wanted to like this book, but was disappointed. The author could have written a cyber-spy thriller for a general audience, or a detailed examination of Stuxnet for a more technical audience, but this book won't satisfy either group. The general audience must slog through page after page of mind-numbing details about hashing algorithms and Windows internals, during which the main thrust of the narrative gets lost. But more technical readers are also left wanting, as some of the most interesting tech details are glossed over or explained poorly. For example, a Window exploit involving .LNK files is mentioned at least a dozen times, but only explained in a very vague way. The result is a slow and repetitive information dump that doesn't make for very compelling reading.
Footnotes are used awkwardly, and interfere with the reading experience. Each chapter is followed by very many lengthy footnotes, with some individual footnotes spanning a page or more, and the total number of footnotes consuming nearly as many pages as the chapter itself. Most of these shouldn't be footnotes - they're additional body text that was edited out. These should either be restored to the main narrative in the chapter, or moved to an appendix, or deleted entirely.
I also found the title of the book misleading. "Countdown to Zero Day" implies that zero day is a date like D-Day or Labor Day, when it actually means a previously-unknown software vulnerability. The author clearly knows this, but someone at her publisher who chose this title obviously didn't.
There's a lot of great material buried here, but it would need a fairly radical re-editing to make it into a better book.
The attempt to tie the political and developmental history of Stuxnet into a coherent narrative had me bored for most of this book. The narrative was too scattered and often gave way more details than necessary to build character portraits that usually had no pay-off. There were a few bits I found very interesting to read but overall the book felt way more stretched out than necessary.