article

This article is about a technology-related term. For the 2003 film, see Zero Day.

Zero day or 0day refers to software, videos, music, or information unlawfully released or obtained on the day of public release. Items obtained pre-release are sometimes labeled Negative day or -day. Zero-day software, videos, and music usually have been either illegally obtained or illegally copied.

Exploits and Vulnerabilities

Zero-day exploits are released on the same day the vulnerability — and, sometimes, the vendor patch — are released to the public. The term derives from the number of days between the public advisory and the release of the exploit. The term 'zero-day exploits' is sometimes (mis)used to indicate publicly known exploits for which no patches yet exist.

Pirated Software

Zero-day programs are typically small utilities that provide registration keys, key generators, or patched files to its users. They are organized by the day they are released, often with hundreds of releases each day.

Ethics

Certain government laws can prohibit the public release of zero-day exploits, requiring users to use underground networks -- search engines, IRC channels, and distribution lists -- to obtain zero-day exploits. These networks are usually known by word-of-mouth or invitation only.

Differing ideologies exist around the collection and use of zero-day vulnerability information. Many computer security vendors perform research on zero-day vulnerabilities in order to better understand the nature of vulnerabilities and their exploitation by individuals, computer worms, and viruses. Alternatively, some vendors purchase vulnerabilities to augment their research capacity. An example of such a program is TippingPoint's Zero Day Initiative.

Protection

Zero-day protection is the ability to provide protection against zero-day exploits. Since zero-day attacks are generally unknown to the public, it is often difficult to defend against them. Zero-day attacks are often effective against secure networks and can remain undetected even after they are launched.

Many techniques exist to limit the effectiveness of zero-day memory corruption vulnerabilities, or buffer overflows. These protection mechanisms exist in contemporary operating systems such as Sun Microsystems Solaris, Linux, Unix, and Unix-like environments. Versions of Microsoft Windows XP Service Pack 2 and later include limited protection against generic memory corruption vulnerabilities *. Desktop and Server protection software also exists to mitigate zero-day buffer overflow vulnerabilities. Typically these technologies involve heuristic termination analysis -- stopping them before they cause any harm.

It has mistakenly been suggested that a perfect solution of this kind may be out of reach because it is algorithmically impossible in the general case to analyze any arbitrary code to determine if it is malicious, as such an analysis reduces to the halting problem over a linear bounded automaton, which is unsolvable. It is, however, unnecessary to address the general case (that is, to sort all programs into the categories of malicious or non-malicious) in order to eliminate a wide range of malicious behaviors. It suffices to recognize the safety of a limited set of programs (e.g., those that can access or modify only a given subset of machine resources) while rejecting both some safe and all unsafe programs.

References

Computer security | Warez

 

This article is licensed under the GNU Free Documentation License. It uses material from the "Zero day".

Home Pageartsbusinesscomputersgameshealthhospitalshomekids & teensnewsphysiciansrecreationreferenceregionalscienceshoppingsocietysportsworld