Anti-Malware Products Protect You Against 0-Days Vulnerabilities

Vulnerability is a weakness in security of a software system which if it been used it could cause security risk like compromising a system or cause security attack. It is exist in any software system and could discover any time. Many security researches, spend several resources to discover new vulnerabilities and working with companies to report them privately and resolve them. Once a vulnerability have been discovered by researchers, they will work with the software vendor to resolve it. When problem been resolved, the solution will release as an update and when end user install them, they will be protected against these vulnerabilities.

In a good case, vulnerability should be discovered by trustworthy people and its details should kept confidential until solution to address it been developed and tested and release as an update. But this is not the case all the time. Sometimes, vulnerabilities been discovered by bad guys, hacker or cybercriminals and they use it for criminal purposes and they won’t even notify the software vendors to fix it. Even when software vendor notice this issue, it is not possible to release an update and fix right away and it might take some times to do more research and testing. Another case is a research is being done confidentially but it suddenly disclosure to the cybercriminals and before solution released, vulnerabilities will be used for criminal purposes. There are number of reasons that we couldn’t release updates right away. First vulnerability should be investigated thoroughly so fixing this vulnerability won’t create new vulnerability. Another issue is when fix or update developed, it should be tested to make sure it won’t cause conflict or error with other applications or programs. In addition, some vulnerabilities are complex and need more time to think about a right fix and also preventive measurement which such vulnerability or other vulnerabilities similar to this one won’t reappear in future. The other problem is when solution to vulnerability been found and released as an update end users might not apply it right away. They might delay update because they are in middle of important project or task or they need time to test update first before apply it. So this delay time between discovering vulnerabilities and releasing update to fix it , might give opportunity to cybercriminals (if the update is publicly known) to use it for criminal purposes.

However, there are many ways to protect yourselves against such a vulnerabilities which technically known as 0-Day Vulnerabilities. Your Anti-Malware software is protecting you against Virus, Worm, Trojan, Spyware, Adware and other malicious programs. It protects you against 0-day vulnerabilities too. It might take time to check and investigate an update for vulnerabilities, but releasing an update similar to the Anti-Malware signature for the same vulnerabilities is not take that much time, because Anti-Malware will see vulnerability similar to other malwares and if detect anything which similar to the vulnerability which been discovered, it could detect and quarantine it or block and remove it. Anti-Malware updates are daily and regular and many people and administrators will know they have to update their Anti-Malware products in daily bases so you will get the update faster. So if you have updated Anti-Malware product such as Microsoft Security Essentials or Windows Defender (in Windows 8, Windows 8.1, and Windows 10 Technical Preview) it will protect you against vulnerabilities while you are waiting for update. Note this does not mean you don’t need update your operating system and software. But simply you could rely on Anti-Malware products to protect you against 0-day vulnerabilities while the actual solution is being developed or you are deploying updates.


Comments are closed.

%d bloggers like this: