What is a Zero-Day Exploit?

   

A zero-day exploit is a computer security vulnerability that is being actively practiced before knowledge of the exploit becomes public information. Usually, two groups of experts research and discover new security exploits: those who are interested in fixing the vulnerable software, and those who are interested in exploiting it. Although the companies working to secure the software often have greater funding and closer ties with the software developers, sometimes malicious programmers independently discover software vulnerabilities. These malicious programmers, often erroneously referred to as hackers, release code which exploits the vulnerability before the software developers are made aware of the problem. This 'vulnerability window', the time before software vendors are made aware of the problem and devise a solution, can last from several days to several weeks. The term zero-day refers to the amount of time that systems administrators have to patch susceptible systems after a vulnerability becomes known.

By their nature, zero-day exploits are extremely difficult for the home computer user to guard against as the attack vector is usually a trusted entity. Thus, common sense and safe computing habits are essential in preventing zero-day exploits from affecting one's system. Up-to-date antivirus definitions and other anti-malware software will not help protect from unidentified malicious code, but a secure, properly configured firewall may prevent that code from performing it's duties. Avoiding software with known bad security records is an essential step in preventing zero-day exploits, and installing critical security updates is essential in guarding against known, non-public vulnerabilities. However, even computer systems and networks deemed to be secure from intrusion are vulnerable to zero-day exploits, and must be continually monitored and audited to detect possible compromise.

While any complex computer program likely contains programming errors and oversights that may be exploited, some software have notoriously bad security records and have been suspect to several zero-day exploits. As Microsoft's Windows operating system, office suite, and Internet programs enjoy popularity among home computer users, they are often the target of zero-day exploits. In January 2007 Microsoft Word had four unpatched zero-day exploits identified, with two of them public for at least one month. Two of them affected the most current version of the software, and one of them didn't even require a user to open Word at all to trigger the bug. Although open-source software is arguably more vulnerable to exploitation that it's proprietary counterpart due to ready access to the source code, open source projects such as Open Office and Firefox are currently considered safe alternatives to vulnerable proprietary software. Of notable mention was a suspected Firefox zero-day exploit published by two American hackers in September 2006. After careful review of their data and methods, Mozilla had determined that although the Firefox component in question was poorly written, it was not exploitable by any method devised by the hackers. In a blog post later that year, one of the hackers mentioned that they had spread rumor of the exploit to scare people away from Firefox in hopes that they would use Internet Explorer, a web browser that the team does in fact have zero-day exploit code written for.



StumbleUpon Toolbar

del.icio.us

Submit to Technorati

Rate this answer: (What is a Zero-Day Exploit?)
Anything else you'd like to add:
 
Would you like a personal response:
 


Programming Security Technology Terminology Questions

Search:

  • Custom Search

Newsletter

Bookmarking:

EntreCard

Something New!

7 more days...