Source: Zero
What happens when a vulnerability is discovered?
Essentially, zero day vulnerabilities are often the beginning of an offensive arms race between software developers and hackers. Once a vulnerability becomes known, developers are in a mad rush to patch the security hole in order to protect their users. These types of patches are often “not scheduled”, in other words they are the result of last-minute security discoveries that require immediate release. In contrast, most software companies have regularly-scheduled patches and updates to fix less-critical errors and vulnerabilities that are discovered.
For example; Microsoft's patches are released on a regular basis, and they are affectionately called “Microsoft’s Patch Tuesday”, because on the second Tuesday of every month Microsoft releases security fixes that resolve identified holes. However, when someone detects a critical security issue, that person or company will notify the originating software developers (and sometimes the world at large) so that action can be taken, and hopefully the fix will become available first.
For example; Microsoft's patches are released on a regular basis, and they are affectionately called “Microsoft’s Patch Tuesday”, because on the second Tuesday of every month Microsoft releases security fixes that resolve identified holes. However, when someone detects a critical security issue, that person or company will notify the originating software developers (and sometimes the world at large) so that action can be taken, and hopefully the fix will become available first.
How are these vulnerabilities utilized?
Security holes are primarily taken advantage of by malware writers, who usually have one or both core purposes in mind; to exploit security holes for financial gain, to obtain access to otherwise secured information, or both. Our web browsers tend to be the most favorite target of spyware and virus makers simply because of their widespread distribution and usage, toolbars and plugins are often designed to create security breaches in our browsers.
In addition, email accounts are often compromised by hackers for the purpose of sending infected links that utilize infected toolbars or plugins, or to send infected attachments that exploit the vulnerabilities within the very applications that open them. The malware then has the capability to compromise operating systems and to disable security software, or said malware could be used to steal confidential data such as banking passwords and other personally-identifiable information.
In addition, email accounts are often compromised by hackers for the purpose of sending infected links that utilize infected toolbars or plugins, or to send infected attachments that exploit the vulnerabilities within the very applications that open them. The malware then has the capability to compromise operating systems and to disable security software, or said malware could be used to steal confidential data such as banking passwords and other personally-identifiable information.
What is the vulnerability window?
The zero day attacks occur during what is known as the “vulnerability window”, which is the time between when the security hole was first discovered and when software developers create an update to patch the hole in question. Viruses, trojans and worms tend to follow a regular pattern within a vulnerability window. When a security hole is revealed and hackers find the vulnerability before a patch has been designed and released, hackers write exploits to take advantage of the hole while it is still “unpatched”. In turn, the original software developers are forced to release timely updates to apply their fix and to close the vulnerability window.
There are two other options to consider where a “vulnerability window” is concerned. When an end user hears about a vulnerability in specific software that they use on a regular basis, the user may choose to switch to a different software solution, therefore closing their own vulnerability window. The recent zero day exploits discovered in Internet Explorer are a perfect example, many users will likely choose to switch to alternate web browsers to avoid its widespread security flaws. On the other end of the spectrum, software developers may never discover a zero day vulnerability, therefore the security hole never gets fixed and the vulnerability window is never closed.
There are two other options to consider where a “vulnerability window” is concerned. When an end user hears about a vulnerability in specific software that they use on a regular basis, the user may choose to switch to a different software solution, therefore closing their own vulnerability window. The recent zero day exploits discovered in Internet Explorer are a perfect example, many users will likely choose to switch to alternate web browsers to avoid its widespread security flaws. On the other end of the spectrum, software developers may never discover a zero day vulnerability, therefore the security hole never gets fixed and the vulnerability window is never closed.
How can businesses protect themselves against zero day threats?
Where corporate-level networks are concerned, many procedures are often utilized to ensure early detection of zero day exploits. Memory corruption is among the most exploited security hole in today's world wide web, and protective mechanisms such as “buffer overflows” have been included in most main-stream operating systems to provide limited protection against generic memory corruption vulnerabilities. Larger companies may use virtual LANs (via IPsec) to protect data transmissions, a “stateful” firewall with packet inspection, and strict network access controls to automatically block infected machines from gaining network and internet access.
In contrast, small networks might utilize single packet authorization or “port knocking” methods to protect network services from zero day exploits. Smaller companies and users with home office networks can lock down wireless access points by using WPA2 security encryption for maximum protection against wireless hackers in more populated areas. In addition, security software makers (like Kaspersky Lab) have been designing their software to provide near-corporate-level security on home and small office networks at much more affordable costs.
In contrast, small networks might utilize single packet authorization or “port knocking” methods to protect network services from zero day exploits. Smaller companies and users with home office networks can lock down wireless access points by using WPA2 security encryption for maximum protection against wireless hackers in more populated areas. In addition, security software makers (like Kaspersky Lab) have been designing their software to provide near-corporate-level security on home and small office networks at much more affordable costs.
How can you protect yourself against zero day threats?
All of us prefer to avoid installing updates because they seem to be a nuisance and take time away from our productivity, but updates are what keep your operating system and software patched and protected. It's always worth your time and effort to install these updates, despite their level of annoying persistence, because these updates likely provide critical patches to fix the latest security holes and software errors.
Java, for example, requires updates because security holes are continually discovered in Java-based code, which is why I normally recommend that people uninstall Java unless they have software that specifically needs Java to function. Adobe updates can be just as annoying, but since Adobe Reader and Adobe Flash are “must-haves” for anyone who uses the internet today, these products are constantly under attack by hackers as they are continually examined for available security holes, which in turn means that they require constant updating.
Be wary of links and file attachments in emails, even if they appear to be sent by friends. Cyber criminals will pretend that these links and attachments are of interest to you in order to gain your trust, while opening them can instantly infect your computer and render your security software useless. If someone sends you an unexpected link or an attachment (even if it's a PDF or an image) it's best to call them on the phone (or send them a text directly) to verify that the person actually sent the item to you. More often than not, these faked emails are sent by hackers from compromised servers, so if you reply to the email directly, often it's the hacker that's replying back to you!
As previously noted, browsers are especially vulnerable to infected toolbars and plugins. It’s a good idea to update your browser often so that it has the latest security patches. You can open the browser and click either “Help” or the browser's name to check for browser-specific updates, depending on which browser you’re using. Alternately, Internet Explorer gets automatic updates via Microsoft's update service, so it's a good idea to check Windows Updates regularly to ensure that you're getting all of your updates in a timely fashion.
It's important to use sites with Secure Socket Layer connections (SSL or https://) whenever you are shopping, performing financial transactions, or accessing private information. However, the recent “Heartbleed” OpenSSL security breach has revealed that even sites offering SSL connections may not be completely secure. Limiting your use to safe, well-known shopping and banking sites is your best defense where SSL is concerned.
It's obvious that zero day vulnerabilities can be a serious security risk, so last but not least, it's important for you to search for an appropriate anti-virus solution that can help to protect you against zero day threats. Kaspersky Lab develops the most effective anti-virus and anti-spyware security software solutions that not only protect against known threats, they also defend your computer against unknown threats as well.
Java, for example, requires updates because security holes are continually discovered in Java-based code, which is why I normally recommend that people uninstall Java unless they have software that specifically needs Java to function. Adobe updates can be just as annoying, but since Adobe Reader and Adobe Flash are “must-haves” for anyone who uses the internet today, these products are constantly under attack by hackers as they are continually examined for available security holes, which in turn means that they require constant updating.
Be wary of links and file attachments in emails, even if they appear to be sent by friends. Cyber criminals will pretend that these links and attachments are of interest to you in order to gain your trust, while opening them can instantly infect your computer and render your security software useless. If someone sends you an unexpected link or an attachment (even if it's a PDF or an image) it's best to call them on the phone (or send them a text directly) to verify that the person actually sent the item to you. More often than not, these faked emails are sent by hackers from compromised servers, so if you reply to the email directly, often it's the hacker that's replying back to you!
As previously noted, browsers are especially vulnerable to infected toolbars and plugins. It’s a good idea to update your browser often so that it has the latest security patches. You can open the browser and click either “Help” or the browser's name to check for browser-specific updates, depending on which browser you’re using. Alternately, Internet Explorer gets automatic updates via Microsoft's update service, so it's a good idea to check Windows Updates regularly to ensure that you're getting all of your updates in a timely fashion.
It's important to use sites with Secure Socket Layer connections (SSL or https://) whenever you are shopping, performing financial transactions, or accessing private information. However, the recent “Heartbleed” OpenSSL security breach has revealed that even sites offering SSL connections may not be completely secure. Limiting your use to safe, well-known shopping and banking sites is your best defense where SSL is concerned.
It's obvious that zero day vulnerabilities can be a serious security risk, so last but not least, it's important for you to search for an appropriate anti-virus solution that can help to protect you against zero day threats. Kaspersky Lab develops the most effective anti-virus and anti-spyware security software solutions that not only protect against known threats, they also defend your computer against unknown threats as well.
Why do zero day threats exist in the first place?
It's my overall opinion that these kinds of threats arise because today's software companies are in too much of a rush to release their final products to pay attention to details. Software developers often hire swat teams of programmers who work long, grueling hours on massive projects with ridiculous deadlines, under these conditions you could say that today's programmers are forced to work in “software sweat-shops” because their employers are holding a gun to their heads to meet release dates.
Because the bottom line is more important to software companies these days than the best interest of their end users, key security issues are left untested and overlooked, therefore getting released to the public before they are discovered and repaired. All in all if operating system developers and software companies focused more on the security and quality of their finished products, our safety and security needs would be met, and zero day threats would, for the most part, be a thing of the past. Instances of "cyber-warfare" (a.k.a.sabotage and espionage) would be easier to identify and prosecute as well.
Because the bottom line is more important to software companies these days than the best interest of their end users, key security issues are left untested and overlooked, therefore getting released to the public before they are discovered and repaired. All in all if operating system developers and software companies focused more on the security and quality of their finished products, our safety and security needs would be met, and zero day threats would, for the most part, be a thing of the past. Instances of "cyber-warfare" (a.k.a.sabotage and espionage) would be easier to identify and prosecute as well.
No comments:
Post a Comment