Zero day
From Wikipedia, the free encyclopedia
 |
This article or section may require cleanup to meet Wikipedia's quality standards. Please help improve this article or replace this tag with a more specific message. This article has been tagged since April 2006. (help, talk) |
- This article is about the technology-related term. For the 2003 film, see Zero Day.
Zero day or 0day refers to software, videos, music, or information unlawfully released or obtained on the day of public release. Items obtained pre-release are sometimes labeled Negative day or -day. Zero-day software, videos, and music usually have been either illegally obtained or illegally copied.
Contents |
[edit] Exploits and vulnerabilities
Zero-day exploits are released before, or on the same day the vulnerability — and, sometimes, the vendor patch — are released to the public. The term derives from the number of days between the public advisory and the release of the exploit. [1]
This definition leaves something to be desired as the name itself is an indication of the vendor patch being available, i.e. the vulnerability affected unpatched systems for zero days.
[edit] Protection
Zero-day protection is the ability to provide protection against zero-day exploits. Since zero-day attacks are generally unknown to the public, it is often difficult to defend against them. Zero-day attacks are often effective against "secure" networks and can remain undetected even after they are launched.
Many techniques exist to limit the effectiveness of zero-day memory corruption vulnerabilities, such as buffer overflows. These protection mechanisms exist in contemporary operating systems such as Sun Microsystems Solaris, Linux, Unix, and Unix-like environments. Versions of Microsoft Windows XP Service Pack 2 and later include limited protection against generic memory corruption vulnerabilities [2]. All operating systems are working to improve their security over time. Desktop and server protection software also exists to mitigate zero-day buffer overflow vulnerabilities. Typically these technologies involve heuristic termination analysis -- stopping them before they cause any harm.
It has mistakenly been suggested that a solution of this kind may be out of reach because it is algorithmically impossible in the general case to analyze any arbitrary code to determine if it is malicious, as such an analysis reduces to the halting problem over a linear bounded automaton, which is unsolvable. It is, however, unnecessary to address the general case (that is, to sort all programs into the categories of malicious or non-malicious) under most circumstances in order to eliminate a wide range of malicious behaviors. It suffices to recognize the safety of a limited set of programs (e.g., those that can access or modify only a given subset of machine resources) while rejecting both some safe and all unsafe programs. This does require the integrity of those safe programs to be maintained which may prove difficult in the face of a kernel level exploit.
The Zeroday Emergency Response Team, or ZERT[3] is a group of software engineers who work to release non-vendor patches for zero-day exploits.
[edit] Ethics
Certain government laws can prohibit the public release of zero-day exploits, requiring users to use underground networks -- search engines, IRC channels, and distribution lists -- to obtain zero-day exploits. These networks are usually known by word-of-mouth or invitation only.
Differing ideologies exist around the collection and use of zero-day vulnerability information. Many computer security vendors perform research on zero-day vulnerabilities in order to better understand the nature of vulnerabilities and their exploitation by individuals, computer worms, and viruses. Alternatively, some vendors purchase vulnerabilities to augment their research capacity. An example of such a program is TippingPoint's Zero Day Initiative.
