Thursday, September 09, 2010

Zero-Day exploits

I have pretty tight security on my home system. I have my anti-virus, my anti-spyware, and router with built in firewall. I keep my operating system and anti-virus up-to-date. I feel pretty safe on a day-to-day basis. I sometimes forget that this is not true. We are all vulnerable to "zero-day exploits". These are basically newly discovered ways for you to get a virus (or get hacked, etc) even if your virus scanner and operating system are 100% up-to-date. This is the part of computer security that people don't always understand. Anti-virus programs, anti-spyware programs, the operating system, and things like that all get updated AFTER problems happen, so someone needs to be the first group of people to get this virus. Unfortunately, fixes are often reactive (oh, no, we didn't think of that!) rather than proactive (hmm, how would I exploit this system if I were a hacker?).

Yesterday, Adobe (the company that makes Acrobat and Flash, among other tools) released a statement saying there was a vulnerability in even the latest version of Adobe Reader. This is a free tool most people have installed that reads read-only versions of documents. Sounds pretty innocuous, right? Well, there is an exploit that allows this to beat security. If I were to download a file, my firewall, anti-virus, anti-spyware, and operating system would all be beaten by this exploit.

What helps is avoiding high-risk activities online. File sharing networks and torrents obviously present advantages in the form of free stuff, but even if you have all the protection I mentioned before, you are subject to zero-day exploits. This one is an exploit with Adobe Reader, but it could happen in iTunes, or in Windows Media Player, or Internet Explorer, or Firefox, or any other software package. It can also happen when people download software through these networks and actually run a program on their machine. Just remember that despite the updated anti-virus, you are vulnerable. This doesn't even take in to account the folks who have anti-virus software that they don't subscribe to and don't receive updates to.

(For those of you who understand digital signatures, this is a very clever exploit that seems to take advantage of stolen certificates. Who knows, maybe the hackers used a zero-day exploit to steal the certificates!)

No comments: