Zero-day (computing)

From Conservapedia
(Redirected from 0-day)
Jump to: navigation, search

In computing, a Zero-Day vulnerability (or "exploit") is a security hole in software which can permit unauthorized access, of which the software publisher has no knowledge. Such vulnerabilities are given this name because the software developers (and the security community in general) have known about the issue for "zero days." Once discovered, the publisher will usually rush to patch the vulnerability before it can be exploited any more that it already has been.[1] Once a patch has been released, the vulnerability is no longer called a "zero-day" but may still be viable for some attacks for a time. Some copies of the vulnerable software can remain unpatched for quite some time, leaving those vulnerable. In some cases, the patches themselves put out-of-date systems at risk, since new attackers can learn of the vulnerabilities by analyzing the patches themselves. Zero-day vulnerabilities can exist in operating systems and programs alike.[2][3]

Protection

It is difficult to protect from a zero-day exploit by its very nature. However, there are a few important steps to help reduce risk. Developers should, of course, work to test and analyze their own software on a regular basis to find such vulnerabilities. Users have much less control, but can still do two things to help keep them safe. First, they are encouraged to apply all patches and updates as soon as possible. Once released, updates protect their users, but put those who have not updated at greater risk. Secondly, they are encouraged to use anti-virus software with heuristic detection which can help block attacks. Although the vulnerability will still exist, the anti-virus software can sometimes block malicious code delivered through it based solely on its behavior, thus stopping that particular attack.

A router with security features and a firewall are first line defenses against computers being infected with malware via the internet. In addition, secure browsers are part of a first line defense system for computers which can mitigate against potential malware attacks.

It is best to have a multilayered defense against zero-day malware attacks and against malware attacks in general.

References

  1. http://www.pctools.com/security-news/zero-day-vulnerability
  2. http://thehackernews.com/2017/04/microsoft-word-zero-day.html
  3. https://www.fireeye.com/current-threats/what-is-a-zero-day-exploit.html
Retrieved from "https://conservapedia.com/index.php?title=Zero-day_(computing)&oldid=1372433"