Zero-Day Attacks
Article by Rick Leinecker, April 11, 2007

Keeping your computer updated helps keep it safe. That includes operating system updates (done automatically or done when you select Windows Update from the Tools menu of Internet Explorer) and virus definitions. When everything is updated, any known vulnerability or virus can't hurt your system since it is protected. But what happens if the updates aren't aware of a vulnerability? Or what happens if there's a brand new virus that isn't part of your virus definition file? That's a dilemma we need to talk about.

Thousands of hackers across the world are trying to create a virus or attack that has never been seen before. If they can get a virus or attack underway that isn't covered by the latest updates, then they have a chance of compromising your system. These are called Zero-day attacks. Wikipedia says this about Zero-day attacks:

A zero-day (or zero-hour) attack is a computer threat that exposes undisclosed or unpatched computer application vulnerabilities. Zero-day attacks can be considered extremely dangerous because they take advantage of computer security holes for which no solution is currently available.

These Zero-day attacks are the Holy Grail for the bad guys, who all dream of creating a Zero-day attack and bringing thousands, if not millions of computers to their knees. The term Zero-day attack is somewhat misleading because these attacks will continue unchallenged until a fix is released. While some of the fixes are released within hours of the new attack, some aren't released for months. It just depends on how long it takes to develop a new virus definition or patch the faulty application.

Now that I have you quaking in your boots (or at least somewhat concerned), let me give you some defensive strategies. First and foremost, always keep everything updated. Even a Zero-day attack may fail if you are completely updated because some attacks and viruses will be thwarted by updated code that the hacker didn't count on.

Another important item is to keep your firewall turned on. Firewalls are part of security suites such as Symantec, McAfee, and Zone Alarm. There is also a firewall that's part of the Windows XP operating system if you've installed service pack two (which you probably have if automatic updates are turned on or you conscientiously do manual updates). Firewalls can prevent many worms and other predatory software types from attacking your computer.

Some security software works differently than the normal brands that I've already mentioned. Most security programs look for signatures that viruses and rogue software contain. If any known signatures are found, the alarm goes off. But there is some advanced software that is just now gaining traction which uses heuristics to identify code that has never been seen before as malicious. These programs can pick out threats even before they are recognized as threats. They have an idea of what malicious software looks like, and use a highly intelligent approach for their analyses. Soon, this method will supplement the signature-based approach and provide a new level of prevention.

Those are the basics of Zero Day Exploits, keep safe.