What is a zero-day attack, and can anything defend against it?

what is a zero day attack and can anything defend against it shutterstock 225772180
Image Credit: Shutterstock/GlebStock
The easiest way to describe a zero-day is to break it down into its component parts. We start out with “zero,” which is the number of “days” that a vulnerability in a popular piece of software or hardware has been known and has gone un-patched by the developers of the device or program that’s been exploited. A zero-day is a previously unknown threat, so there’s no patch to combat it.

Zero-days continue to represent one of the biggest thorns in the side of Internet security. Thorns that, while difficult to defend against directly, can still be avoided with a proper set of tools and techniques ready at your side.

Zero-Day 101

While of course time is of the essence in network security just as much as it is in any other industry, with zero-days, sometimes all the hours in the day wouldn’t be enough to stop the most enterprising and determined of hackers. These are people who know the ins-and-outs of networking equipment like it’s their job, because it is. The more vulnerabilities they discover, the more profit rolls in, either from selling the exploits to others directly or using them for their own ends.

And though they may not have the same amount of money or manpower to throw at the problem as the corporations they’re battling against, rough estimates (emphasis on “rough”) still put the current market value of all active zero-days at somewhere around three billion annually, which is certainly nothing to sneeze at.

Unfortunately, the whole reason zero-days are so profitable in the first place is because they’re so adept at getting past the defenses of routers, anti-virus software, and personal firewalls. People wouldn’t be willing to shell out the tens, even hundreds of thousands of dollars they do for each discovery if they didn’t think it would return that investment through stolen credit cards, broken bank accounts, or hijacked wire transfers.

A difficult defense

Luckily, there are still enough people willing to do the right thing in the world who are looking out for your best interests, and ask for little in return. In the world of professional bug-hunting, two organizations stand head and shoulders above the rest; the Zero Day Initiative (an independent vetting group run by the company TippingPoint and funded entirely through donations), and Google’s Project Zero.

Both rely on the network security community as a whole to come together for the greater good, contributing information on any zero days found in the ether and informing hardware manufacturers and software developers of the risk before it has a chance to snowball out of control.

Bad news for the rest of us: snowballing out of control is exactly what these exploits are designed to do, and so far we haven’t locked down a concrete method of predicting where the next big hack is going to hit next.  Even the once untouchable Apple has been subject to zero-day attacks.

The best defense

For now, your best bet to avoid zero-days is to remain in a constant state of vigilance. Follow these simple steps, and though you may never be 100% safe from the threat of zero-days, at the very least you can still reduce the possibility of running into one while trudging around all the less-reputable destinations the web has to offer.

First, always be sure that your AV software is updated to the most current virus definitions. This could be anything from a third-party vendor such as Kaspersky or Symantec, all the way down to Windows Update in Microsoft Windows. This is part of what Internet security gurus call “multiple-layer mitigation,” where the act of stacking up different styles of defensive mechanisms on top of each other creates multiple hoops the zero-day has to jump through before it can cause any real damage.

Continuing on this thread, never forget to keep the firmware of your home router up to date (one of the most common mistakes of the general consumer set), as networking equipment continues to be one of the highest prized targets for malicious actors looking for the next big zero-day attack

Next, you can never be too cautious of downloads, email attachments, or links that look even the least bit dodgy at face value. Unless you’re downloading a file from a widely-known reputable resource, always be sure to verify the source of before giving it the go ahead to transfer from an outside server to your home network

Finally, stay informed. Though the only central resource for tracking zero-days from a single location looks to have gone defunct since April of last year, (the blog at BeyondTrust), keeping a close eye on threat bulletins and developments in the security space has never been easier thanks to services like Twitter and Google News. Set up alerts for any news that breaks on the net with the word “zero-day” in the title, and follow companies who stay up to date on crucial cracks like @RSASecurity, @VirusBulletin, and the offices of @US-CERT

Full circle

So what’s the takeaway here? Are we forever doomed to live at the mercy of these hackers and their seemingly endless capacity for greed?

In the end, zero-days aren’t about engineers or programmers not having enough time to protect you, as much as they’re about hackers having all the time in the world to get past that protection for the profit waiting on the other side. It’s a constant game of cat and mouse, one where no real victor can claim the prize because the trophy is always one step ahead of both sides of the competition.

Since there have been banks, there have been robbers. As long as there’s money on the internet, there will be hackers. One uses a diamond steel-cutter to break through a safe, the other uses zero-days to lift bales of cash from the comfort of their computer chair. For now, the best we can do is actively fund organizations that are working to make better locks and build stronger doors to the vault.

It may not be a perfect system, but it’s the one we’ve got to work with today, for better or worse.

Product Review

The Bose Frames stuff speakers into sunglasses for a brilliant set of shades

With the Frames, Bose is digging up fertile new ground in the somewhat stagnant audio genre. But can these audio sunglasses offer enough versatility to make them worth their $200 price tag?
Emerging Tech

Adobe develops tool to identify Photoshopped images of faces

With deepfake videos making headlines, and campaigns against the Photoshopping of models, people are more aware than ever of the digital manipulation of images. Now Adobe wants to give tools to users to let them spot faked images.

Mac Pro vs. iMac Pro: Apple's incredibly powerful beasts square off

Apple’s Mac Pro and iMac Pro are both incredibly powerful machines, but there are some key differences between them. Which one is best, and which one should you buy? Our guide lays it out.

Father’s Day sale on iPad, Fire HD, Samsung Galaxy tablets saves you up to $80

Amazon's running great sales on its own Fire HD tablets as well as others from a host of manufacturers including Apple and Samsung through Father's Day. And there's still time to purchase them in time for the big day.

Amazon cuts prices on Microsoft Surface Pro 6 and Surface Go

The Microsoft Surface series is an excellent alternative to other tablets if you're a dedicated Windows user, and the superb Surface Pro 6 (our favorite 2-in-1) and its cheaper sibling, the Surface Go, are both on sale right now.

Amazon sale drops deals on Microsoft Surface laptops

Despite an increasingly crowded market, the sleek Microsoft Surface laptops have left their mark. Both the Microsoft Surface Laptop 2 and Surface Book 2 are discounted on Amazon right now, too, with deals that can save you up to $300.

AMD’s Ryzen one-two punch will end with a 64-core Threadripper in 2019

AMD's Threadripper may be set to deliver the killing blow to Intel in Q4 2019, with a rumor suggesting a new Zen 2-based Threadripper line is coming down the pipe with a top chip that has as many as 64 cores.

If you need your laptop to be large, these ones are most in charge

Whether you're in the market for a mobile workstation or a gaming behemoth, there's probably something in the 15-inch form factor that can fit the bill. Here, we've rounded up the best 15-inch laptops available.

Need more pixels? These 4K laptops have the eye-popping visuals you crave

If you're looking for the best 4K laptops, you need to find one that has powerful internal hardware, and doesn't scrimp on weight and battery life. All of these 4K notebooks are great options, but which one is the right one for you?

What’s the difference between Lightroom CC and Lightroom Classic?

Lightroom CC has evolved into a capable photo editor, but is it enough to supplant Lightroom Classic? We took each program for a test drive to compare the two versions and see which is faster, more powerful, and better organized.

HP's Spectre x360 is a better 2-in-1 than Microsoft's Surface Laptop 2 is a clamshell

The Microsoft Surface Laptop 2 is a refresh of Microsoft's clamshell option, an oddity given Microsoft's creation of the modern 2-in-1. The HP Spectre x360 13 is, therefore, an interesting comparison.

Amazon deal drops prices on Asus VivoBook laptops and 2-in-1s

Asus is one of the premier PC brands cranking out Windows ultrabooks today with its sleek VivoBook series, and these Amazon deals let you score one for $700 or less. Read on to find out what we love about these laptops and how you can save.

The best Amazon Prime Day 2019 deals: Leaked date and what you need to know

Amazon Prime Day 2019 is still a month away, but it's never too early to start preparing. We've been taking a look at the best discounts from previous Prime Days to give you our predictions of what to expect this year.

Air, Pro, or just a MacBook? Here's our guide to finding the right Apple laptop

Apple's lineup of MacBooks has started to swell, leaving fans a bit confused about which laptop they should buy. Depending on what you're looking for, we'll point you in the right direction.