What Is a Zero Day Vulnerability? [MakeUseOf Explains]

computer virus   What Is a Zero Day Vulnerability? [MakeUseOf Explains]If you don’t keep your computer protected, it’s very easy to get it infected – as many of you can probably relate to. There are multiple ways to keep your computer clean and your data safe. You can use your common sense to avoid catching a digital cold, and install a good anti-virus application.

Another part of securing your computer and your online presence is to stay informed. Stay informed of important security trends and security holes.

One term that often comes up in relation to viruses and security are zero-day exploits, vulnerabilities and attacks. Not too long ago a seven year old Internet Explorer vulnerability was found. Sounds like a long time? It is. To help you get traction on the subject, we’ll explain to you the concept of software vulnerability, zero-day exploits and the window of opportunity.

Software Vulnerability

The average software application consists of an incredible amount of code. As is to be expected, a lot of code is not bullet proof at its conception. For one, bugs slip in. A lot of these bugs are relatively harmless (relative being the key word) – they create a deadlock and cause the application to freeze, or make the application misbehave under certain irregular conditions.

old hinge   What Is a Zero Day Vulnerability? [MakeUseOf Explains]

A more serious security risk arises from the presence of exploitable bugs, or software vulnerabilities.¬†Software vulnerabilities compromise the security of the computer system. Sneaking in through the cracks provided by flawed or insufficiently protected code, malign individuals are sometimes able to execute their own code under the guise of a computer’s own user, or access restricted data (just to name a few of the possibilities).

Simply put, a software vulnerability is a flaw in the software’s design or implementation that can potentially be exploited.

Zero-Day Exploits

A software vulnerability on its own does no harm (yet). First, the attacker has to find the vulnerability and write an exploit; a piece of software that uses the vulnerability to carry out an attack. This (zero-day) attack can take the form of a virus, worm or trojan infecting your computer system.

crowbar   What Is a Zero Day Vulnerability? [MakeUseOf Explains]

Often, these software vulnerabilities are first discovered (or brought to the attention of) the software developers, and are fixed in future updates to the application. But if the attacker is able to discover the vulnerability before the developer knows of it, the attacker can write a zero-day exploit. This term derives its name from the fact that the first attacks take place before anyone (most importantly, the developer) has knowledge of the vulnerability.

Vulnerability Window

A zero-day exploit gives the attacker an unprecedented advantage. Because the developer had no knowledge of the exploit, they’re not able to develop a fix and users of the application are entirely without protection. Until the attack is noticed and recorded, even conventional virus scanners are of little use. The vulnerability window describes the time between a vulnerability is first exploited and the developer of the application pushes a patch. This follows a distinct timeline.

  1. The (unknown) vulnerability is introduced in a piece of software.
  2. The attacker finds the vulnerability.
  3. The attacker writes and deploys a zero-day exploit.
  4. The vulnerability is discovered by the software company and it starts developing a fix.
  5. The vulnerability is disclosed publicly.
  6. Anti-virus signatures are released for the zero-day exploits.
  7. The developers release a patch.
  8. The developers finish deploying the patch.

old window   What Is a Zero Day Vulnerability? [MakeUseOf Explains]

The zero-day exploit attacks last from point 3 to point 5. According to a recent study, this period lasts ten months on average! However, not that many hosts are usually affected. The biggest strength of zero-day attacks is their relative invisibility, and zero-day attacks are most often used to strike at very specific targets.

A much more dangerous period for the average user lasts from point 5 to point 8, which is the follow-up attack wave. And only on point 6 will those anti-virus applications start taking effect. According to the same study, other attackers swarm to the vulnerability after its public disclosure, and the volume of attacks increases by up to five orders in magnitude!

After reading the article, how does the seven year old Internet Explorer vulnerability sound? Due to a lack of data, we can’t say for sure how big the vulnerability window exactly was, but it likely wasn’t small. Let us know your thoughts in the comments section below the article!

Image credit: Victor Habbick / FreeDigitalPhotos.net

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

12 Comments -

Anas Taji

Great Info..%

Chanaka Hettige

Thanks for the interesting info. So what i`m wondering is that the Internet security software do not give enough protection in this aspect, right?

Simon Slangen

Traditional antivirus software is only able to detect known attack vectors, and does very little to nothing to protect against zero-day exploits.

For the average consumer, the best thing you can do is to keep your applications updated. The ill will towards updates is the main reason patch deployment takes so long.

For the security expert/enthuse, there are some interesting ideas in the aforementioned study to analyse/deal with zero-day exploits.

Lisa Santika Onggrid

How if the newest update actually has more vulnerabilities in addition of the old one? Does anything like this ever happen?

Scutterman

Antivirus software isn’t always useless in the case of zero day exploits. Heuristic analysis is a big part of system protection, and if a new exploit has similar behaviour to a previous exploit then it’s more than possible it will be blocked.

Shakirah Faleh Lai

Short but informative article.

Ole Funch

At last an article to be understood, eben for the “man on the floor”.
Thx

Scutterman

The name “Zero Day Exploit” comes from the fact that attackers give the developers zero days notice before releasing an attack (or information about the exploit).

Less malicious hackers will often use different time periods, such as 13 day exploits or 42 day exploits before releasing information to the media.
This gives the developers a reason to fix the vulnerability quickly, but also ensures that if they don’t then the public are informed and can protect themselves.

Elizabeth Sebastian

Great article. Please add to your front page an article about the new Java exploit that even the U.S. Department of Homeland Security has made a priority of alerting computer users about. Tech blogger Leo Laporte was mentioned on tonight’s NBC News talking about how it is imperative to disable Java (not Java Script but the Java plugin) in your web browser. Hopefully MUO readers are aware of this but it’s still well worth covering and telling them about it.

Anoop Chengannur

Great Explanation Simon .. Cheers :)

brian applegate

How does a hacker find the weak points of a software program?

Simon Slangen

One way to figure out weak points is to try to trigger craches. Program bugs are often also the weak points. Another possibility is to use a debugging program and try to learn something from the machine code.