Zero day
From Free net encyclopedia
- This article is about a software-related term. For the 2003 film, see Zero Day.
Zero day or 0day refers to software, media, or information that is obtained either slightly prior to or on the day of the official release. Items gained further in advance are deemed "Negative day" or sometimes "-day".
Zero day warez
Zero day releases are typically small programs and utilities that have been cracked en masse. They are organized by the day they are released, with often hundreds of releases every day. On most FTP sites they are stored in a folder called 0DAY. For example, something released on January 1st would be in 0DAY\0101. Larger sites often have a large archive of zero day releases, dating back for many years. Zero day programs contrast with larger applications, which are typically in a folder called APPS. APPS would include more notably programs such as Microsoft Windows, Adobe Photoshop, etc. Although it depends on the individual site, many allow any 0DAY release from the current day to be sent, though some restrict it to a certain language.
Zero day vulnerabilities
When applied to information, zero day usually means information that is not publicly available. This is often used to describe security vulnerabilities exploits which are unknown to computer security professionals. These are, figuratively speaking, the system administrator's worst nightmare: Since a corresponding zero-day attack is completely unknown to the general public it is often difficult to defend against. Zero-day attacks are effective against hardened, or relatively secure networks and can remain difficult to detect even after they are launched.
Zero-day protection is the ability to provide protection against zero-day exploits. Many techniques exist to limit the effectiveness of zero-day memory corruption vulnerabilities, or buffer overflows. These protection mechanisms exist in contemporary operating system features in Sun Microsystems Solaris, Linux, and Unix and Unix-like environments. Versions of Microsoft Windows XP Service Pack 2 and later include limited protection against generic memory corruption vulnerabilities.([1]) Desktop and Server protection software also exists to mitigate zero-day buffer overflow vulnerabilities. Typically these technologies involve heuristic termination analysis, stopping them before they cause any harm.
However, a perfect solution of this kind may be out of reach, since it may be algorithmically impossible in the general case to analyze any arbitrary code to determine if it is malicious, as such an analysis reduces to the halting problem over a linear bounded automaton.
Differing ideologies exist around the collection and use of zero-day vulnerability information. Many computer security vendors perform research on zero-day vulnerabilities in order to better understand the nature of vulnerabilities and their exploitation by individuals, or computer worms and viruses. Alternatively, some vendors purchase vulnerabilities to augment their research capacity. An example of such a program is TippingPoint's Zero Day Initiative.
The term 'zero day exploits/vulnerabilities' is sometimes (mis)used to indicate publicly known exploits/vulnerabilities for which no patches yet exist.
The statement immediately above has difficulties because how does one define the point at which an exploit changes from being a zero-day to NOT being a zero-day? The process of the Zero-day being disseminated is by definition unknown so it is not helpful to use "before public" and "after public" as the time point to define zero-day. How do you define public knowledge? Before and after patching is much more useful because the patch has an official date which before the exploit worked and after it didn't. At that point it ceases to be a zero-day. Before the patch some people knew about it and some did not know about it, which is something that we cannot measure. Therefore I would define zero-day as being any exploit that has not been mitigated by a patch from the vendor.