DrBeenGolfing said:
Don't need such stuff. Best zero day blocker is the dude with the mouse in his hand.
not so simple.
- "supposedly safe" infected websites : last event, few days ago, is a chinese servers of many MMORPG infected by a info-stealing malware that spread into the updater of the game, all clients infected when updating.
- "Supposedly safe" infected software: last event is Combofix.
- "supposedly Safe" infected email, picture, wallpaper,etc...
0-days/hours/minutes are by definitions unknown, even by vendors, so no signatures. You can't tell that any executable you run is clean (nobody is Neo). So a behavioral software (BB/HIPS), anti-executable (UAC, ExeRadarPro) or sandbox/virtualization system are the only obstacles to block them.
Now the cases above are rare for cautious users but the risk still exist.