RE: Definition of Zero Day Protectiona

[Oliver Friedrichs <oliver_friedrichs () symantec com>]

>  As some vendors have expressed their definition of "Zero Day" exploits
> ranging from malware, viruses that anti-virus software is not up to date
> to weak policy practices or unapplied patches.  MyDoom and Netsky
> viruses are just one example of Zero Day Virus attacks, but in those
> type of causes there is a trend before it hit an enterprise environment.

If you take the meaning of "zero-day" literally, then any new malicious 
code could be considered "zero-day".  But because every new malicious code 
is "zero-day" by its very nature, it is usually inferred, and not even 
taken into consideration.  The discussion of "zero-day" threats (a term 
mind you that is not new by any means, regardless of the latest hype from 
security vendors) traditionally been limited to vulnerabilities, but has 
now pretty much become a free-for-all, much like IPS.

I've seen vendors call CodeRed and Slammer zero-day threats.  If you 
disect that logic, then you come up with the following:

- the vulnerabilities in each case were known for weeks (or 1/2 year in 
the case of Slammer), so they weren't zero-day
- the worm itself was new, but so is every past and future worm

So in essence the term has really become meaningless when used in that 
context,

- Oliver

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------