 | Zero day: Encyclopedia - Zero day
Zero day
Zero day or 0day refers to software, media, or information that is obtained either slightly prior to or on the day of the official release. Items gained further in advance are deemed "Negative day" or sometimes "-day".
Zero day - Zero day warez
When applied to copyrighted works such as computer software, motion pictures, and musical recordings, zero day has connotations of illegality. Zero day software is warez, that is, infringing items. The term derives from the day when the software is illegally available. Counting from zero, software that is illegally available on the day of its release is available on the zeroth day, hence the term. Similarly, one can refer to one day, two day, etc., software. One can also refer to negative day software for software that is illegally available before its official release, but such software may also be referred to as zero day. These packages are more likely to be containers for illegal software, and may contain cracked, bogus, or randomized software. These packages can be viewed on some torrent sites.
Zero day - Zero day vulnerabilities
When applied to information, zero day usually means information that is not publicly available. This is often used to describe security vulnerabilities exploits which are unknown to computer security professionals. These are, figuratively speaking, the system administrator's worst nightmare: Since a corresponding zero-day attack is completely unknown to the general public it is often impossible to defend against. Zero-day attacks are effective against hardened, or relatively secure networks and can remain difficult to detect even after they are launched.
Zero-day protection is the ability to provide protection against zero-day exploits. Many techniques exist to limit the effectiveness of zero-day memory corruption vulnerabilities, or buffer overflows. These protection mechanisms exist in contemporary operating system features in Sun Microsystems Solaris, Linux, and Unix and Unix-like environments. Versions of Microsoft Windows XP Service Pack 2 and later include limited protection against generic memory corruption vulnerabilities.([1]) Desktop and Server protection software also exists to mitigate zero-day buffer overflow vulnerabilities. Typically these technologies involve heuristic termination analysis, stopping them before they cause any harm.
However, a perfect solution of this kind may be impossible, since it may be computationally infeasible in the general case to analyze any arbitrary code to determine if it is malicious, as such an analysis reduces to the halting problem over a linear bounded automaton.
Differing ideologies exist around the collection and use of zero-day vulnerability information. Many computer security vendors perform research on zero-day vulnerabilities in order to better understand the nature of vulnerabilities and their exploitation by individuals, or computer worms and viruses. Alternatively, some vendors purchase vulnerabilities to augment their research capacity. An example of such a program is TippingPoint's Zero Day Initiative.
The term 'zero day exploits/vulnerabilities' is sometimes (mis)used to indicate publicly known exploits/vulnerabilities for which no patches yet exist.
Categories: Warez | Computer security
Other related archivesComputer security, Warez, computer security, exploits, halting problem, heuristic, infringing, linear bounded automaton, patches, system administrator, torrent, warez, zeroth
 Adapted from the Wikipedia article "Zero day", under the G.N U Free Docmentation License. Please also see http://en.wikipedia.org/wiki |
