Originally Posted by Lifeshield
It's all very well and good ridiculing people, but there's probably a fair amount who don't know what they are, I'm certainly one of them.
So what are they? A more well informed internet is a safer internet.
Oh and on a final note, been using MSE since, well, a good couple of years now. Never had a problem yet.
I'll do my best to explain what they mean by 0-day, though the term can be kind of ambiguous. To start with, there are (in my mind) two main classes of malware - malware that is just an executable program, and a program that contains a technical exploit. The first category is what most viruses are - they aren't anything interesting technically, they just rely on a user making a mistake and downloading something they shouldn't have. It is NOT THE OPERATING SYSTEM'S JOB to take care of infections like this. People make fun of Windows all the time, but most of the malware for it is actually not due to any flaws in Windows at all. In fact, Microsoft is an industry leader in code auditing and security practices.
The second category is more interesting. These rely on exploiting flaws in other programs (this could be Windows, a browser, or any other program). If anyone's interested and is willing to dig through C/Asm, these flaws are things like stack overflows
, heap vulnerabilities
, format string vulnerabilities,
etc. A 0-day is one of these technical vulnerabilities that is not yet publicly known. So, usually, somebody discovers a vulnerability in a piece of software and either a) discloses it to the company or the public, or b) makes a piece of malware to exploit the vulnerability. If the person does the second category, it is considered a 0-day vulnerability when it first comes out.
Now, as it relates to this test. The 0-days they refer to are almost certainly not actual 0-day vulnerabilities, as these sell for upwards of 6-figures each if they are important, but are probably instead exploits that are publicly known but haven't yet been patched. These are actually rarer than might be expected and require much more effort to test than just downloading a sample of existing malware, so having as small sample size is to be expected.Edited by Waffleboy - 11/30/12 at 6:06pm