Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
(Sandboxed) Windows Defender vs Zero Day Malware
Message
<blockquote data-quote="Andy Ful" data-source="post: 775750" data-attributes="member: 32260"><p>I can agree that it was the correct and proper definition, a few years ago. Technically, the zero-day had the meaning of the day when the vulnerability was published or the vendor was informed. This definition was probably incorrectly expanded to the new areas related to the machine learning, messaging security, AV cloud, etc.</p><p>The meaning of terminology changes in time. That is the normal phenomenon in the living language. And it is normal, that many people will still understand the term in its narrow meaning.</p><p></p><p>Nowadays, the term "zero-day malware" can also have a similar meaning like "zero-hour malware". The second term may be related to:</p><ul> <li data-xf-list-type="ul">AV detection based on machine learning (very quick detection).</li> <li data-xf-list-type="ul">The response time of AV cloud, when the fingerprint of the malware is quickly created after the first infection event (AV AI, detonation in the sandbox, etc.).</li> <li data-xf-list-type="ul">Messaging security, when threats are quickly detected by analyzing large numbers of messages in the network.</li> </ul><p>AV-Test Lab, Britannica, popular websites & magazines, etc., can use the term "zero-day malware" as related to the fresh malware samples not yet detected by AV signatures. Wikipedia uses the similar meaning for the term "zero-day virus/malware".</p><p>"<em>A <strong>zero-day virus</strong> (also known as <strong>zero-day malware</strong> or <strong>next-generation malware</strong>) is a previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available</em>...."</p><p>There also exist the term "zero-day ransomware" (not necessarily related to exploit).</p><p></p><p>When reading some articles, it is often unclear what definition is used for the term "zero-day malware". If the context is not related to AV machine learning, messaging security or AV cloud, then usually the malware uses unpatched vulnerability (by the vendor).</p><p></p><p>Edit1</p><p>I think that it would be better to keep the initial "zero-day malware" definition (related only to exploit), but this fight is already lost against the usus.</p><p></p><p>Edit2</p><p>In many cases we can see multistage "zero-day attacks". The attack can start from the infected website which exploits the web-browser and system to download and run the final payload. The exploit can use unpatched vulnerabilities (one or more) and the payload can be the "zero-day malware" (fresh sample, no AV signatures).</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 775750, member: 32260"] I can agree that it was the correct and proper definition, a few years ago. Technically, the zero-day had the meaning of the day when the vulnerability was published or the vendor was informed. This definition was probably incorrectly expanded to the new areas related to the machine learning, messaging security, AV cloud, etc. The meaning of terminology changes in time. That is the normal phenomenon in the living language. And it is normal, that many people will still understand the term in its narrow meaning. Nowadays, the term "zero-day malware" can also have a similar meaning like "zero-hour malware". The second term may be related to: [LIST] [*]AV detection based on machine learning (very quick detection). [*]The response time of AV cloud, when the fingerprint of the malware is quickly created after the first infection event (AV AI, detonation in the sandbox, etc.). [*]Messaging security, when threats are quickly detected by analyzing large numbers of messages in the network. [/LIST] AV-Test Lab, Britannica, popular websites & magazines, etc., can use the term "zero-day malware" as related to the fresh malware samples not yet detected by AV signatures. Wikipedia uses the similar meaning for the term "zero-day virus/malware". "[I]A [B]zero-day virus[/B] (also known as [B]zero-day malware[/B] or [B]next-generation malware[/B]) is a previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available[/I]...." There also exist the term "zero-day ransomware" (not necessarily related to exploit). When reading some articles, it is often unclear what definition is used for the term "zero-day malware". If the context is not related to AV machine learning, messaging security or AV cloud, then usually the malware uses unpatched vulnerability (by the vendor). Edit1 I think that it would be better to keep the initial "zero-day malware" definition (related only to exploit), but this fight is already lost against the usus. Edit2 In many cases we can see multistage "zero-day attacks". The attack can start from the infected website which exploits the web-browser and system to download and run the final payload. The exploit can use unpatched vulnerabilities (one or more) and the payload can be the "zero-day malware" (fresh sample, no AV signatures). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
