Zero-day virus

Zero-day virus

A Zero day virus is a previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available.[1]

Traditionally, antivirus software relies upon signatures to identify malware. This can be very effective, but cannot defend against malware unless samples have already been obtained, signatures generated and updates distributed to users. Because of this, signature-based approaches are not effective against zero-day viruses.

Most modern antivirus software still use signatures, but also carry out other types of analysis.[2]

Contents

Code analysis

In code analysis, the machine code of the file is analysed to see if there is anything that looks suspicious. Typically, malware has characteristic behaviour and code analysis attempts to detect if this is present in the code.

Although useful, code analysis has significant limitations. It is not always easy to determine what a section of code is intended to do; particularly if it is very complex and has been deliberately written with the intention of defeating analysis. Another limitation of code analysis is the time and resources available. In the competitive world of antivirus software, there is always a balance between the effectiveness of analysis and the time delay involved. This virus cannot be errased with any kind of program, software or spyware.

Emulation

One approach to overcome the limitations of code analysis is for the antivirus software to run suspect sections of code in a safe "memory box" and observe the behaviour. This can be orders of magnitude faster than analysing the same code.

Generic signatures

Generic signatures are signatures that are specific to certain behaviour rather than a specific item of malware. Most new malware is not totally unique, but is a variation on earlier malware, or contains code from one or more earlier examples of malware. Thus the results of previous analysis can be used against new malware.

Competitiveness in the antivirus software industry

It is generally accepted in the antivirus industry that the signature-based protection of most vendors is identically effective. If a signature is available for an item of malware, then every product (unless dysfunctional) should detect it.

However, there is a wide range of effectiveness in terms of zero day virus protection. The German computer magazine c't found that detection rates for zero day viruses varied from 20% to 68%.[3] It is primarily in the area of zero day virus performance that manufacturers now compete.

See also

References

  1. ^ Kick Start News
  2. ^ ESET
  3. ^ Channel Register

Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Zero day — can refer to:* Zero Day (film), a 2003 film *Zero day attack, exploitation of unpatched software vulnerabilities *Zero day virus, any new and previously unknown virus *zero day, on long distance hikes, a day in which a hiker stays in the same… …   Wikipedia

  • Zero day attack — A zero day (or zero hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses. Zero day… …   Wikipedia

  • Zero-day attack — This article is about technical vulnerabilities. For other uses, see Zero day (disambiguation). A zero day (or zero hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are… …   Wikipedia

  • Zero-Day-Attacke — Ein Exploit (englisch to exploit ausnutzen) ist eine Software oder eine Sequenz von Befehlen, die spezifische Schwächen beziehungsweise Fehlfunktionen eines anderen Computerprogramms zur Erlangung von Privilegien oder in Absicht einer DoS Attacke …   Deutsch Wikipedia

  • Zero-Day-Exploit — Ein Exploit (englisch to exploit ausnutzen) ist eine Software oder eine Sequenz von Befehlen, die spezifische Schwächen beziehungsweise Fehlfunktionen eines anderen Computerprogramms zur Erlangung von Privilegien oder in Absicht einer DoS Attacke …   Deutsch Wikipedia

  • Zero-Day-Lücke — Ein Exploit (englisch to exploit ausnutzen) ist eine Software oder eine Sequenz von Befehlen, die spezifische Schwächen beziehungsweise Fehlfunktionen eines anderen Computerprogramms zur Erlangung von Privilegien oder in Absicht einer DoS Attacke …   Deutsch Wikipedia

  • Zero-Day Exploit — Ein Exploit (englisch to exploit ausnutzen) ist eine Software oder eine Sequenz von Befehlen, die spezifische Schwächen beziehungsweise Fehlfunktionen eines anderen Computerprogramms zur Erlangung von Privilegien oder in Absicht einer DoS Attacke …   Deutsch Wikipedia

  • Zero day — Le terme 0 day ou Zero day (en français « 0 jour ») peut être interprété de différentes manières : Dans le domaine de la sécurité informatique, on parle de 0 day lorsqu un exploit est rendu disponible.Selon le nombre de machines… …   Wikipédia en Français

  • Zero (Mega Man) — General CVG character name=Zero caption=Zero as he appears in the Mega Man X and Mega Man Zero series. firstgame= Mega Man X series= Mega Man X series and Mega Man Zero series creator=Keiji Inafune voiceactor=Wayne Doster (1997 2002) Jack… …   Wikipedia

  • Virus hoax — A computer virus hoax is a message warning the recipient of a non existent computer virus threat. The message is usually a chain e mail that tells the recipient to forward it to everyone they know. Contents 1 Identification 2 Action 3 List of… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”