A zero-day (also known as a 0-day) is a computer-software vulnerability previously unknown to those who should be interested in its mitigation, like the vendor of the target software. Until the vulnerability is mitigated, threat actor can exploit it to adversely affect programs, data, additional computers or a network. An exploit taking advantage of a zero-day is called a zero-day exploit, or zero-day attack.
The term
"zero-day" originally referred to the number of days since a new
piece of software was released to the public, so "zero-day software"
was obtained by hacking into a developer's computer before release. Eventually
the term was applied to the vulnerabilities that allowed this hacking, and to
the number of days that the vendor has had to fix them. Once the vendors
learn of the vulnerability, they will usually create patches or advise workarounds to mitigate it.
Vulnerabilities are flaws in a computer system that weaken
the overall security of the device/system. Vulnerabilities can be weaknesses in
either the hardware itself or the software that runs on the hardware.
Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege
boundaries (i.e. perform unauthorized actions) within a computer system. To
exploit a vulnerability, an attacker must have at least one applicable tool or
technique that can connect to a system weakness. In this frame, vulnerabilities
are also known as the attack surface.
The more recently that the
vendor has become aware of the vulnerability, the more likely it is that no fix
or mitigation has been developed. Once a fix is developed, the chance of the
exploit succeeding decreases as more users apply the fix over time. For
zero-day exploits, unless the vulnerability is inadvertently fixed, such as by
an unrelated update that happens to fix the vulnerability, the probability that
a user has applied a vendor-supplied patch that fixes the problem is zero, so
the exploit would remain available. Zero-day attacks are a severe threat.
Potential attack vectors for a zero-day vulnerability are identical
to known vulnerabilities and those that have available patches. For example,
when a user visits a rogue website, malicious code on the site can exploit unpatched
vulnerabilities in a Web browser. Web browsers are a particular target for criminals
because of their widespread distribution and usage. Exploits that take
advantage of common file types are numerous and frequent, as evidenced by
their increasing appearances in databases such as US-CERT. Criminals can engineer malware to take advantage of these file-type
exploits to compromise attacked systems or steal confidential data.
Ransomware rapidly increases its activity
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may
lock the system without damaging any files, more advanced malware uses a
technique called cryptoviral extortion. It encrypts the victim's files, making them
inaccessible, and demands a ransom payment to decrypt them. In a
properly implemented cryptoviral extortion attack, recovering the files without
the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and
prosecuting the perpetrators difficult.
Ransomware attacks are
typically carried out using a Trojan disguised as a legitimate file that the user
is tricked into downloading or opening when it arrives as an email attachment. Trojans are generally spread by some form of social engineering; for example, where a user is duped into
executing an email attachment disguised to appear innocuous
(e.g., a routine form to be filled in), or by clicking on some fake
advertisement on social media or anywhere else. Although their payload can be
anything, many modern forms act as a backdoor, contacting a controller who can then have
unauthorized access to the affected computer. However, one high-profile
example, the WannaCry worm, traveled automatically between computers without
user interaction.
The use of ransomware scams has grown internationally. There were 181.5 million ransomware attacks in the first six months of 2018. This record marks a 229% increase over this same time frame in 2017. In 2020, the IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million. The losses could be more than that, according to the FBI. According to a report by SonicWall, there were around 623 million ransomware attacks in 2021.
Criticism of Linux
The criticism
of Linux focuses on issues concerning use of operating systems which
use the Linux kernel.
While the Linux-based Android operating
system dominates the smartphone market in many countries, and Linux is
used on the New York Stock Exchange and most supercomputers, it is used in a few
desktop and laptop computers. Much of the criticism of Linux is related to
the lack of desktop and laptop adoption, although as of 2015 there has been
growing unease with the project's perspective on security and its adoption of systemd has
been controversial
Linux was originally
developed for personal computers based on the Intel x86 architecture but has since been ported to more platforms than any other operating system. Because
of the dominance of the Linux-based Android on smartphones, Linux, including Android, has the largest installed base of all general-purpose operating systems, as of May 2022. Although Linux is, as of May 2022, used by only around 2.3 percent of desktop computers, the Chromebook, which runs the Linux kernel-based Chrome OS, dominates the US K–12 education market and represents nearly 20
percent of sub-$300 notebook sales in the US. Linux is the
leading operating system on servers (over 96.4% of the top 1 million web
servers' operating systems are Linux), leads other big iron systems such as mainframe computers, and Linux is the only OS used on TOP500 supercomputers (since November 2017, having gradually
eliminated all competitors)
In an interview with German newspaper Zeit Online in November
2011, Linus Torvalds stated that Linux has become "too complex" and
he was concerned that developers would not be able to find their way through
the software anymore. He complained that even subsystems have become very
complex and he told the publication that he is "afraid of the day"
when there will be an error that "cannot be evaluated anymore."
Andrew Morton,
one of Linux kernel lead developers, explains that many bugs identified in
Linux are never fixed:
Q: Is
it your opinion that the quality of the kernel is in decline? Most developers
seem to be pretty sanguine about the overall quality problem. Assuming there's
a difference of opinion here, where do you think it comes from? How can we
resolve it?
A: I used to think [code quality] was in decline, and I think that I might think that it still is. I see so many regressions which we never fix.
Vulnerabilities in software
rot and regression, due to software aging
Software rot, also known as bit rot, code rot, software
erosion, software decay, or software entropy is either a slow
deterioration of software quality over time or its diminishing responsiveness
that will eventually lead to software becoming faulty, unusable, or in need of upgrade.
This is not a physical phenomenon: the software does not actually decay, but
rather suffers from a lack of being responsive and updated with respect to the
changing environment in which it resides.
The Jargon File, a compendium of hacker
lore, defines "bit rot" as a jocular explanation for the degradation
of a software program over time even if
"nothing has changed"; the idea behind this is almost as if the bits
that make up the program were subject to radioactive decay.
Several factors are responsible for software rot, including
changes to the environment in which the software operates, degradation of
compatibility between parts of the software itself, and the appearance of bugs in unused or rarely used code.
A software regression is a type of software bug where a feature that has
worked before stops working. This may happen after changes are applied to the
software's source code, including the addition of new features and bug fixes. They may
also be introduced by changes to the environment in which the software is
running, such as system upgrades, system patching or a change to daylight saving
time. A software
performance regression is a situation where the software still
functions correctly, but performs more slowly or uses more memory or resources
than before. Various types of software regressions have been identified in
practice, including the following:
·
Local –
a change introduces a new bug in the changed module or component.
·
Remote –
a change in one part of the software breaks functionality in another module or
component.
·
Unmasked –
a change unmasks an already existing bug that had no effect before the change.
Regressions are often caused by encompassed bug fixes included in software patches. One approach to avoiding this kind of problem is regression testing. A properly designed test plan aims at preventing this possibility before releasing any software. Automated testing and well-written test cases can reduce the likelihood of regression.
