Avoiding Zero Day Exploits
Recently, software giants Microsoft and Oracle were hit by zero-day exploits that could affect users of Internet Explorer and Java software. The term 'zero-day exploit' sounds sinister and dramatic, but what does it mean? Find out now, and what you need to do to stay safe...
What is a Zero-Day Exploit?
Very simply, a zero-day exploit is a security vulnerability discovered in a piece of software on the same day the software developer becomes aware of the vulnerability. In other words, the developer literally has zero days in which to come up with a fix for a potentially serious problem. Typically, when a security researcher discovers a software flaw, they'll notify the software company so that a fix can be released before malicious hackers are able to exploit it. But in the case where Evil Hackers discover the flaw and begin to actively exploit it, you have a zero-day scenario. Let's look at these two recent examples to see why zero-day exploits make headlines.
In Oracle's case, serious security flaws were discovered in the Java software that's installed on tens of millions of computers around the world. It was discovered that simply visiting a compromised website could trigger a virus infection that was capable of seizing control of a user's computer. Oracle released a patch, but it took three days. Almost immediately, two more flaws were found in the patched version. Panic, confusion and hysteria in both the tech press and user community ensued. You can read more about this incident in my article
Is Java Safe and Do I Need It?.
The Java incident happened in January 2013, but just this week a zero-day exploit was discovered that affects all versions of Internet Explorer. Hackers were already exploiting the flaw, which makes it possible for a virus to hijack a user's computer by virtue of visiting a compromised website. Microsoft responded quickly with a temporary patch that can be applied with a Fixit tool, but it only helps those running 32-bit versions of Internet Explorer. However, most newer computers are 64-bit. If you're affected, consider using the Google Chrome or Firefox browser as an alternative, at least until Microsoft provides a fix.
Should I Panic?
A zero-day exploit seldom results in widespread mass infections of computers with malware. Security researchers - sometimes called "white hats" - detect many vulnerabilities before hackers do, and responsible companies patch vulnerabilities quickly. But some zero-day exploits go unpatched much longer, and that can be a problem as more and more malware is released to exploit the vulnerabilities.
Don't panic when you read that a "new zero-day exploit has been detected" in any program you use. Just learn how the exploit works and avoid it. That may mean not using a particular program, not clicking on email attachments; avoiding unknown Web sites and those known to be compromised by the exploit. Be especially wary of email phishing scams, as this is the most common way for cybercrooks to entice people to visit compromised websites.
Check for patches at software developers' Web sites as soon as you learn about zero-day exploits. Not every developer pro-actively distributes patches, so you may have to find, download, and install a patch yourself. Subscribe to automatic installation of at least "critical security updates" for your operating system and application software, if they're available. Use anti-malware software to constantly monitor your computer and its incoming Internet traffic for suspicious activity or software code.
Another good idea is to scan your software for vulnerabilities using the Secunia Personal Software Inspector (PSI). This free program will tell you which programs need updating and provide links to sites where you can download patches.
A zero-day exploit is simply a newly discovered threat, a possible avenue of attack. It is not an actual attack. As the ancient Romans said, "Our fears always outnumber our dangers."
Do you have something to say about zero-day exploits? Post your comment or question below...
This article was posted by Bob Rankin on 20 Sep 2013
|For Fun: Buy Bob a Snickers.|
How to Fix Facebook Annoyances
The Top Twenty
Five Free Malware Removal Tools
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Avoiding Zero Day Exploits (Posted: 20 Sep 2013)
Copyright © 2005 - Bob Rankin - All Rights Reserved