You’ve perhaps heard of zero-day exploits, the security holes that hackers find in applications and operating systems that remain hidden until discovered by professionals. These exploits are responsible for some of the most devastating cyber attacks and hacks, and pose a genuine threat to your data and privacy.
It might seem like a desperate scenario, but several options are available to us if we wish to protect our PCs and other hardware from zero-day exploits. Here we take a look at what you can do to keep the hackers at bay.
What Is a Zero-Day Exploit?
It’s a strange term; how can an exploit be “zero-day”? Well, it’s all to do with the meaning of “zero-day”; rather than referring to “no days” it actually means the period between the exploit being uncovered by hackers, and the same vulnerability being discovered by the vendor and patched. Ideally, this would only be a matter of days at the most, but in reality, such security holes can be exploited for months without the developers taking action.
Our guide to zero-day vulnerabilities tells you pretty much everything you need to know about the risks.
Suffice to say, if you’re using software that is being targeted due to such an exploit, you have a couple of problems. First, there is no way of knowing if a zero-day exploit is being employed. These vulnerabilities are kept a secret, so anyone using these exploits will be able to do so, in most cases, undetected.
Second, and perhaps most concerning, is that once the exploit has been employed and used against you, you will *still* have no way of knowing until something happens. This might be something obvious like the lack of personal data on your PC, or something far worse – your bank balance emptied, your credit card maxed our… your identity stolen.
You don’t want to fall victim to one of these exploits, but as they’re undetectable, what can you do?
1. Make Sure Your Operating System Is Updated
Yep, it’s that old chestnut again: if your operating system (OS) is up to date, you’re already at an advantage. Whatever OS you’re running, simply engage with the usual method of checking for updates, and if they’re available, download and install them.
Using an older operating system? Well, you’re in trouble. MakeUseOf has been extolling the virtues of upgrading from Windows XP for quite some time now, so we’re astonished to learn that as of January 2016, Windows XP still has a sizeable chunk of the market, over 11% (11.42% to be precise; Windows 10 has 11.85% and Windows 7 a massive 52.47%).
Windows XP is virtually undefendable as an OS. You can install all of the security software you like, but if you’re looking to protect against zero-day exploits, the holes in the operating system are there, waiting to be probed open. With no more patches coming from Microsoft, it’s the equivalent of driving around in a rusty old car and pretending that the bottom isn’t rotting away.
2. Install Strong Anti-Virus Software
Even if you are using a regularly updated operating system, the importance of keeping it secure should never be overlooked. We’ve espoused the virtues of free anti-virus (AV) tools and even looked at tools that can be run from your browser, but for the optimum results you really need to be using a full AV suite, complete with firewall, real time scanning, phishing detection, and a password manager (see below).
Various such suites are available, and once you have made your decision based on budget and features, these regularly-updated tools will provide an extra layer of protection, detecting any oddly behaving applications on your system.
As soon as the exploits are discovered, and no longer have the zero-day status – that is, antivirus manufacturers are able to counter them – then your security suite will be updated, and the gap plugged. One of our favorites is Bitdefender 2016.
3. Keep Your Applications Up-to-Date
You should always update your software. This might be annoying and frustrating, especially if it’s in the shape of a popup from Adobe or Oracle concerning your PDF program or Java virtual environment (which Google has ended support for, and which we would recommend you don’t use) – but as long as those applications are installed on your personal computer, and the messages are genuine, then the updates need to be run.
It isn’t just those tools, either. Microsoft Office has a whole library of previously discovered vulnerabilities that have been exploited. Take the time to make sure Microsoft’s office productivity suite is regularly updated, or else swap for a less targeted alternative to Microsoft Office.
Video games, too, should be updated. MMORPGs (online role playing games) in particular are susceptible to attack, so as long as you keep everything updated – as well as the digital distribution services you subscribe to – you should be able to stay on top of any risks.
You’re probably reading the above from the viewpoint of a desktop computer, but in reality, it also applies to your smartphone and tablet.
4. Use the Latest, Most Secure Browsers
As with updating apps, it is important to keep your browsers updated. You should also strive to use the most secure options (typically Google Chrome and Mozilla Firefox, although Microsoft Edge is making headway in this area).
All too often in the past, vulnerabilities have cropped up in browsers. Chrome and Firefox are not exempt from exploits, but perhaps the browser with the biggest problems was Internet Explorer. If you’re still using IE, now is the time to stop. A great selection of competent and secure browsers is available to you!
Whichever browser you choose, make sure it is updated regularly. This is just as important on mobile devices as on the desktop.
5. Use a Password Manager
For some reason, password managers still haven’t taken off. We’ve seen again and again that people just don’t know how to create a password that cannot be guessed. Perhaps they’re too lazy or busy to change from “qwerty” to something far more secure yet memorable. Alternatively, perhaps they believe that by choosing a simple password, they’re double bluffing the criminals.
If you’re one such person, I’ve got news for you: the criminals are the experts at bluffing, not you.
As a result of this alone you should be using a password manager. But to convince you further, the effects of a successful zero-day exploit can be mitigated if you have employed a password manager.
With such a system in place, you keep your passwords tied up and encrypted, unlocked only with the use of a master password. If an operating system, desktop app or game or browser exploit is being used to take control of your computer, you can at least be confident that your passwords cannot be accessed.
Protect Yourself Wherever Possible
Zero-day exploits can be used against you; perhaps they already have. Perhaps your bank, or credit card company, or an online store you use regularly has been attacked and your details hacked (you can check if this is the case).
However, as long as you take steps to keep everything secure at home, and ensure your desktop computer (and mobile device) are fully updated, you should remain tantalizingly out of reach of hackers.
Have you been caught out by a zero-day exploit? Identity stolen, or data lost? Tell us about it in the comments.