Recently I wrote the following article for UM-Flint ITS published here: http://blogs.umflint.edu/its/2013/03/19/tech-tip-tuesday-what-is-a-zero-day-exploit/
——————————————————————————
In recent weeks many of you have probably heard the terms “Zero-Day Exploit” or “Drive-By Downloads” but what do they mean?
Let’s talk about drive-by downloads first. A drive-by download can be one of two things; an authorized download that had unintended or misunderstood consequences, or a download that happens without the users knowledge. The first type of drive-by downloads can happen by clicking on a pop-up window or running an application that you thought was a reputable application but was actually a fraud. The second type can happen just by going to an untrusted website.
To avoid the consequences of drive-by downloads you can use the following precautions:
- Browse the web with an account that is not the administrator on the machine. This will prohibit the installation of software on the computer without the administrator’s password.
- Look for the https:// in the address bar to make sure that you are using a secure site for transmitting personal information such as credit card numbers and bank information.
For more information on drive-by downloads please visit these Technet articles.
- http://blogs.technet.com/b/security/archive/2011/12/08/what-you-should-know-about-drive-by-download-attacks-part-1.aspx
- http://blogs.technet.com/b/security/archive/2011/12/12/what-you-should-know-about-drive-by-download-attacks-part-2.aspx
Zero-day exploits are attacks on specific pieces of software. These attacks take advantage of vulnerabilities in software that the developers most likely were not even aware of. Java is not the only software that is vulnerable to these attacks although it does have a large number of vulnerabilities that make it a target for these type of attacks.
Zero-day attacks cannot be prevented by software patching because if the developers are not aware of the holes then they don’t know that they need patched. This is why these types of attacks can be scary. How To Geek recommends the following things to protect yourself from being the victim of zero-day attacks:
- If you know a software is vulnerable, don’t use it.
- An example of this is Java. You should disable Java on your browsers that you use for general web surfing. If you need Java for a trusted application use that application only in a browser that has Java enabled.
- Uninstall unnecessary plug-ins from your browser.
- Use your antivirus software.
- Keep your software up-to-date.
Navigate here for the entire article on Zero-Day exploits from How To Geek. http://www.howtogeek.com/140262/htg-explains-what-is-a-zero-day-exploit-and-how-to-protect-yourself/
If you have additional questions please feel free to contact the ITS Helpdesk at 810-766-6804 or itshelpdesk@umflint.edu.