ItsGeekToMe.co

The official home of It's Geek to Me on the web!

Issue #791: September 18-24, 2022

Q: I am hoping you can give me some information on the Zero-Day virus.  I try to follow technology news and trends of malware threats, and they often mention the Zero Day threat.  Any information you can provide will be appreciated. 

– John R.
Crestview, Florida

A: I feel like I’m being set-up here, but just in case I’m not, and for the sake of my readers who may not be familiar with Zero-Day threats, I will do my best to explain.

Zero-Day is not the name of a particular virus or malware threat.  Rather, the term refers to any previously unknown threat, or potential threat. It literally means that the cybersecurity community (which includes you, as an end-user) have zero days to prepare the systems under their responsibility to cope with some new threat. 

The concept of Zero-Day doesn’t even need to apply to something that currently exists.   The mere discovery of a serious flaw in a commonly used software is enough for it to be considered Zero-Day, even though no actual instances of it have been discovered “in the wild” which is the common geek parlance for computers installed and running in homes and businesses everywhere.  The so-called “wild” includes systems both connected and not connected to the Internet, and the huge array of devices that many people often don’t even consider: The Internet of Things, or IOT to those in-the-know.  This is are of those devices that aren’t computers in the classic sense, but are connected to the Internet nonetheless.  The list is practically endless, but includes things like security cameras, Smart TVs, Home Assistants (Alexa and Google Nest), thermostats, and I’ve seen an increasing trend of home appliances – refrigerators, washers, even toasters, with built-in Internet capabilities.  All of these devices are subject to exploitation.

Whew! Getting back on track, the term Zero-Day is often connected to other words that can help you understand the level and type of risks involved.  If something referred to as a “Zero-Day Vulnerability” it is usually associated with a flaw that has been detected by computer scientists or white-hat hackers, but which is not yet known to have been actively deployed in the wild.  On the other hand, a “Zero-Day Threat” refers to a specific vulnerability that is known to exist.  Then there’s the dreaded “Zero-Day Attack” which refers to a vulnerability that is being actively exploited.  Depending on the severity of the threat, these are among the worst-case, and are the ones that usually send vendors scrambling to deploy a software patch as quickly as possible.

This seems like a good opportunity to point out that this is exactly the type of scenario that will leave you vulnerable if you choose to keep running an older operating system past the end-of-life date. As I’ve always said, it won’t just stop running, but you will no longer receive patches and security updates as they are released.  In the context of today’s column, that means if a Zero-Day threat emerges, and the software vendor issues a patch, your system will probably remain vulnerable.  Now, having said that, there have been extremely rare instances where certain large vendors, such as Microsoft, have chosen to include patches for supposedly obsolete versions of their products.  In this humble Geek’s opinion, relying on that concept for your system’s security is poor planning in the extreme.  

So, last words on Zero-Day: By their very nature, these are not something for which you can plan or prepare.  The best you can hope to do is stay tuned to sources that are among the first to hear about these threats as they emerge, and when security patches come out, install them at the very first opportunity.  When it comes to Zero-Day, time is not on your side!

 Geek Note: Questions!  I need your questions!  I’m about to enter the busiest time of year for me, and it makes it much easier for me to crank out this column each week if I have a rich field of questions from which to select.  That hasn’t been the case recently, and I’m relying on all of you to help fix that.  So, if you’re reading this, and you’re not absolutely 100% satisfied with your computer’s performance, or if you have issues with your Smart Phone, Smart TV, home assistant, or, if like reader John R., you have a question about terminology, I want to hear from you!


Leave a Reply

September 2022
S M T W T F S
 123
45678910
11121314151617
18192021222324
252627282930  

Search the site

Archives