When it comes to security updates and patches for operating systems, there is always talk of zero-day exploits. But what is that anyway? And why should such a gap be filled as soon as possible?
What are "zero-day exploits" and why are they so dangerous?
Modern software is complex. Despite all security nets, it is not uncommon for certain functions to be exploited to attack a system. Then there is a security gap, a so-called "exploit". An attacker can systematically use this exploit to, for example, smuggle malware into a system or steal data. Any software or operating system can be affected. In the past, there have been repeated hardware exploits in the form of design errors in processors, such as the Meltdown and Specter vulnerabilities. The more widespread a system with this bug is, the higher the probability that someone will take advantage of it - possibly on the same day that the vulnerability was discovered:Then there is talk of a zero-day exploit, which is particularly explosive for a number of reasons..
Zero-day exploits are really dangerous
Many software developers have made it their business to search specifically for security gaps in systems. The intention does not necessarily have to be malicious: in many cases the aim is to avoid problems in the first place. If a vulnerability is discovered, it is usually reported to the software manufacturer, who then tries to close it as quickly as possible with a patch or update. Unfortunately, the tools to track down such security-relevant system errors are open to everyone. With enough know-how, even less friendly developers can track down such gaps. Instead of reporting them, they take a different approach: they use them to attack computers and, if necessary, to take over or read them. If a vulnerability is discovered by such a "bad" developer,he tries to exploit this security gap on the same day - hence "zero-day".
Zero-Day Exploits: The Problem with Inertia
The problem with zero-day exploits is that the vulnerability becomes known before it can be officially patched. However, this happens with a delay, simply because larger companies are sluggish and the loophole may simply not be known. In addition, the patch first has to be developed and then imported. This makes a zero-day exploit particularly dangerous: it is often only noticed because it is already being used by attackers. And even if attackers and developers learn of a vulnerability at the same time, hackers acting individually can usually react faster than companies. In the worst case, the manufacturer only becomes aware of the exploit when it is already being used by attackers. In the meantime, the attackers can start their raid and steal content or hijack computers.The Internet has of course made this problem extremely acute, especially since such loopholes are traded in the Darknet without the knowledge of the manufacturer..
Bad consequences only in the worst-case scenario
However, that does not mean that you can no longer venture into the Internet to protect against zero-day exploits: Several factors have to come together for such a security gap to be relevant for individual users. First of all, the attacker also has to use the exploit, i.e. write a piece of code that helps him, for example, to install a Trojan. On the other hand, this piece of code must of course also be executed on the computer. Here, too, the Internet is helpful for attackers: For example, a zero-day exploit in the browser can lead to the fact that just visiting a website executes the required code and exploits the vulnerability. This is more difficult in other programs, but not impossible, since the entire computer is usually online. Of course there are also "offline exploits",these days, however, these are hardly relevant.
Other factors: spread and protective measures
Furthermore, a relevant security gap must of course also be widespread. This made exploits like Meltdown and Specter so dangerous because they were in the processor code of Intel CPUs, which are very common. The Windows operating system, Android, iOS, macOS, Linux or applications such as Microsoft Office are also very widespread and are therefore not more susceptible to zero-day exploits, but to their exploitation. Malware developers usually concentrate on targets with a high probability, and Windows computers are naturally grateful targets because of their widespread use. And last but not least, a zero-day exploit naturally also needs an environment in which it can be exploited: If the malicious code does not reach the target computer, for example because of a firewall or a virus scanner,the gap is open, but not so easily exploitable..
Zero-day exploits: Poor software maintenance increases the risk
Conversely, zero-day exploits are dangerous wherever developers are no longer working on the software. There is widespread “old” software, for example, in which security gaps lie dormant on a regular basis, which can be exploited as zero-day exploits. This applies, for example, to old versions of operating systems that are no longer maintained by the manufacturer: it can happen that a security gap remains undetected for years, but can then be used wonderfully as a zero-day when it is discovered. If the manufacturer no longer delivers updates despite their relatively widespread use, it can become problematic. This is the case, for example, with old Windows versions such as Windows XP, but old iOS and Android versions are also affected, as well as old macOS and Linux variants.
Precaution: keep the operating system up to date
This is exactly why it is so important to keep the operating system up to date at all times and to install updates immediately. If that no longer works, the PC, Mac, smartphone or tablet should be replaced with a newer model. Some manufacturers still patch serious gaps even in obsolete systems - but you shouldn't rely on them. It therefore makes sense to provide systems with exploit protection. Some virus scanners have corresponding functions that can expose computer malware without knowing it. Otherwise, the same rules apply to protection against zero-day exploits that are otherwise appropriate for protection against malware. Above all, software from dubious sources should never be installed. A software firewall with stealth mode can also help:The attackers are specifically looking for computers with the right vulnerability - if these are invisible in the network, untargeted attacks are much less likely.