Zero day

From Wikipedia, the free encyclopedia

Zero day or 0-day refers to software, videos, music, or information unlawfully released or obtained on the day of public release. Items obtained pre-release are sometimes labeled Negative day or -day.

Contents 1 Software 2 Exploits and vulnerabilities 2.1 Protection 3 Ethics 4 References 5 See also 6 External links

[edit] Software

0-day software, games, videos and music refers to the content that has been either illegally obtained or illegally copied on the day of the official release.

[edit] Exploits and vulnerabilities

0-day exploits are released before, or on the same day the vulnerability — and, sometimes, the vendor patch — are released to the public. The term derives from the number of days between the public advisory and the release of the exploit. [1]

This definition leaves something to be desired as the name itself is an indication of the vendor patch being available, i.e. the vulnerability affected unpatched systems for zero days.

[edit] Protection

0-day protection is the ability to provide protection against 0-day exploits. Since 0-day attacks are generally unknown to the public, it is often difficult to defend against them. 0-day attacks are often effective against "secure" networks and can remain undetected even after they are launched.

Many techniques exist to limit the effectiveness of 0-day memory corruption vulnerabilities, such as buffer overflows. These protection mechanisms exist in contemporary operating systems such as Microsoft Windows Vista [2], Sun Microsystems Solaris, Linux, Unix, and Unix-like environments; Microsoft Windows XP Service Pack 2 includes limited protection against generic memory corruption vulnerabilities [3] and previous versions include even less. All operating systems are working to improve their security over time. Desktop and server protection software also exists to mitigate 0-day buffer overflow vulnerabilities. Typically these technologies involve heuristic termination analysis -- stopping them before they cause any harm.

It has mistakenly been suggested that a solution of this kind may be out of reach because it is algorithmically impossible in the general case to analyze any arbitrary code to determine if it is malicious, as such an analysis reduces to the halting problem over a linear bounded automaton, which is unsolvable. It is, however, unnecessary to address the general case (that is, to sort all programs into the categories of malicious or non-malicious) under most circumstances in order to eliminate a wide range of malicious behaviors. It suffices to recognize the safety of a limited set of programs (e.g., those that can access or modify only a given subset of machine resources) while rejecting both some safe and all unsafe programs. This does require the integrity of those safe programs to be maintained which may prove difficult in the face of a kernel level exploit.

The Zeroday Emergency Response Team, or ZERT[4] is a group of software engineers who work to release non-vendor patches for 0-day exploits.

[edit] Ethics

Certain government laws can prohibit the public release of 0-day exploits, requiring users to use underground networks -- search engines, IRC channels, and distribution lists -- to obtain 0-day exploits. These networks are usually known by word-of-mouth or invitation only.

Differing ideologies exist around the collection and use of 0-day vulnerability information. Many computer security vendors perform research on 0-day vulnerabilities in order to better understand the nature of vulnerabilities and their exploitation by individuals, computer worms and viruses. Alternatively, some vendors purchase vulnerabilities to augment their research capacity. An example of such a program is TippingPoint's Zero Day Initiative.

[edit] References

[edit] See also

• Access Control
• Network Access Protection
• Network Access Control
• Network Admission Control
• Zero-Day Attack

[edit] External links

• Zero Day Tracker
• TranceFix.nl - 0day Trance community.