IDS mailing list archives
RE: Definition of Zero Day Protectiona
From: Oliver Friedrichs <oliver_friedrichs () symantec com>
Date: Tue, 10 Aug 2004 09:23:17 -0700
As some vendors have expressed their definition of "Zero Day" exploits ranging from malware, viruses that anti-virus software is not up to date to weak policy practices or unapplied patches. MyDoom and Netsky viruses are just one example of Zero Day Virus attacks, but in those type of causes there is a trend before it hit an enterprise environment.
If you take the meaning of "zero-day" literally, then any new malicious code could be considered "zero-day". But because every new malicious code is "zero-day" by its very nature, it is usually inferred, and not even taken into consideration. The discussion of "zero-day" threats (a term mind you that is not new by any means, regardless of the latest hype from security vendors) traditionally been limited to vulnerabilities, but has now pretty much become a free-for-all, much like IPS. I've seen vendors call CodeRed and Slammer zero-day threats. If you disect that logic, then you come up with the following: - the vulnerabilities in each case were known for weeks (or 1/2 year in the case of Slammer), so they weren't zero-day - the worm itself was new, but so is every past and future worm So in essence the term has really become meaningless when used in that context, - Oliver -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: Definition of Zero Day Protectiona Teicher, Mark (Mark) (Aug 10)
- RE: Definition of Zero Day Protectiona Oliver Friedrichs (Aug 11)