Sunday, May 07, 2006

Zero Day Protection

It seems like every other week a new zero-day exploit is found. Oftentimes, it is an exploit in Internet Explorer. What makes a zero-day exploit so dangerous is that there is no fix available. Antivirus and anti-spyware scanners rely heavily on virus signatures or definitions to detect malware and remove it. The time it takes for security firms to identify a new bug and develop a fix takes anywhere from hours to days. For example, earlier this year, the WMF exploit found in Internet Explorer took weeks before a patch was released by Microsoft. During the interim, two private security firms released their own patch for the exploit. Their initiative arose from the fear that a patch was desperately needed and the exploit was dangerous enough to not wait for Microsoft’s official patch. This is but one example of why security firms want to develop what they call “zero-day exploit” protection. These applications do not rely solely on updated signatures but rather they scan for features characteristic of malware. These applications are the next generation in security.

Over this past year, several “zero-day” protection applications have been developed. Some of these applications includes: Arovax Shield, Novatix’s Cyberhawk and Exploit Prevention Labs’ Socket Shield. Both Cypberhawk and Socket Shield are still in beta. All three applications are free to download to use. But, Socket Shield is free to use during the one month beta testing. Afterwards, Exploit Prevention Labs will charge an annual fee of 29.95/year. Each company brags that once you install their product, there isn’t any need for antivirus and/or anti-spyware applications. Steve Bass writes in his column, Steve Bass Tips and Tweaks, with Cyberhawk installed you can do away with other security applications. I wouldn’t recommend getting rid of you antivirus and anti-spyware applications just yet. These programs are still a work in progress. Some intrepid people have tried these software programs and many of them encountered problems installing them and/or using them. Read the comments on the Betanews’ website to get a sense of the bugs in these applications.

My recommendation is to wait off from installing these programs. Wait until they work out the bugs. As for now, I recommend using Bill Studio’s Winpatrol, an anti-intrusion application. It is a polished application that has proven itself. Winpatrol is free to download and use. Users can upgrade for a fee to add PLUS features.

No comments: