This
level-5 vital article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||
|
This article has previously been nominated to be moved.
Discussions:
|
The
Wikimedia Foundation's
Terms of Use require that editors disclose their "employer, client, and affiliation" with respect to any paid contribution; see
WP:PAID. For advice about reviewing paid contributions, see
WP:COIRESPONSE.
|
Shouldn't it be called Zero-day malware. In my opinion virus is too specific. — Preceding unsigned comment added by Alejo123 ( talk • contribs) 01:29, 4 April 2011 (UTC)
Hey guys, can you guys add your views about merging the three WP zero-day articles attack, virus (and/or also malware) and warez into one at: Talk:Zero_day. Thank you :)
footnote 11 leads to "page not found" for InfoWorld article on SONAR by Symantec — Preceding unsigned comment added by 12.157.110.195 ( talk) 18:11, 7 June 2016 (UTC)
Warez doesn't really belong here IMO Deku-shrub ( talk) 19:42, 17 May 2015 (UTC)
I agree and will wait a week or so for differing opinions DGerman ( talk) 01:14, 10 July 2015 (UTC)
The usage of the term zero-day began with the warez scene, so why would the mention of warez not belong here?
Agree, zero day started in the 'cracking' scene (warez). If mentioned it should be in a history of the meaning section. -- Jericho347 ( talk) 01:40, 20 August 2022 (UTC)
The lead sentence currently says that a zero-day vulnerability is one that is "undisclosed". Later in the article it's pretty clear that the vulnerability may be disclosed and still be considered a zero-day -- it just isn't fixed yet.
I suggest this should either be removed or modified to say "possibly undisclosed" or "disclosed or undisclosed", but I thought I'd discuss before going bold on it.-- NapoliRoma ( talk) 17:56, 9 November 2015 (UTC)
the term "zero-day" is used because it sounds "cool", and it doesn't have much other meaning. Just like stoners think you sound like a guidance counselor if you say marijuana, leet haxorz think you sound like a PHB if you don't say zero-day, but otherwise it's just a newly discovered bug (or previously discovered and kept under wraps) that is exploitable. What's the difference between a virus and a zero day virus? nothing except "is there a patch available for it?" So, this article should restrict itself to that, and keep the rest of the discussion about viruses vs worms etc. in the "real" articles. We don't have separate articles for "dime bag", "roofie", etc. where all the other info about the drugs is recapitulated, and nor we should recapitulate exploit info that belongs elsewhere in the zero-day article. The distinctions that are interesting are, zero day vuln vs zero day exploit, and whether bugs are are fixed in new releases, or if vulns or sploits have been predicted (based on the beta, specs or previous versions) and do exist on day zero of a new launch. 74.73.179.172 ( talk) 18:27, 19 January 2016 (UTC)
When searching for Zero-Day exploit info the term Double Zero-Day comes up frequently and would be nice to be defined here as it seems related somehow. I could not find a definition and it may well just be something that the script kiddies uses trying to look cool. But it would stille be nice to have it layed out here. User:L00KnS33
I have not seen this term used anywhere. If you or anyone can come up with some citations it would be easier to evaluate it. I suspect you are right, just a random term to sound cool. -- Jericho347 ( talk) 01:40, 20 August 2022 (UTC)
This section is incoherent and unreferenced. It talks about 2 origins and then doesn't say what they are. Also unreferenced sections are usually removed. 69.86.6.150 ( talk) 21:06, 6 May 2016 (UTC)
Hello fellow Wikipedians,
I have just modified one external link on Zero-day (computing). Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
An editor has determined that the edit contains an error somewhere. Please follow the instructions below and mark the |checked=
to true
Cheers.— InternetArchiveBot ( Report bug) 17:37, 16 July 2016 (UTC)
Hello fellow Wikipedians,
I have just modified 4 external links on Zero-day (computing). Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
{{
dead link}}
tag to
http://www.avinti.com/download/case_studies/whitepaper_email_residual_risk.pdfWhen you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— InternetArchiveBot ( Report bug) 11:17, 21 July 2016 (UTC)
Hey,
By reading this article a sentence related to Symantec antivirus seemed more like advertising than objective knowledge to me. I deleted it, feel free to restore it if you feed like it was not but in this case justify yourself here please.
( talk)
Zero-Day 41.47.143.81 ( talk) 01:44, 10 August 2022 (UTC)
The result of the move request was: no consensus. ( closed by non-admin page mover) Extraordinary Writ ( talk) 17:20, 10 September 2022 (UTC)
Zero-day (computing) → Zero-day – This article is the primary topic, between all the options on the Zero day disambiguation page. That page should be moved to Zero day (disambiguation) and Zero day should become a redirect to Zero-day. PhotographyEdits ( talk) 12:27, 26 August 2022 (UTC) — Relisting. – robertsky ( talk) 16:24, 2 September 2022 (UTC)
The result of the move request was: moved. Per consensus – robertsky ( talk) 10:23, 10 April 2024 (UTC)
Zero-day (computing) → Zero-day vulnerability – If there is no consensus to make this the primary topic, at least we should use a natural disambiguation that is more precise about what the topic of the article is—undisclosed or unpatched vulnerabilities that may be used in exploits. Buidhe paid ( talk) 19:57, 1 April 2024 (UTC)
Why?
"Unrelated to topic" seems to be a weak excuse. 0-Days can be funneld into your system via add-banners, it should be mentioned as a possible attack vector.
Also;
Physical access is the worst case, as any known and unfixed, unknown or made up instance of a 0-day (wich is unknown, thus 0-days-to-fix) may end up in an active vulnerabillity of the end customer.
Reguarding my typing:
Non-Native-English. Brew this one as however you like. 2003:C7:1F2D:9898:FCBE:F250:9EFE:6C4D ( talk) 17:07, 4 May 2023 (UTC)
The current definition in the page: "A zero-day (also known as a 0-day) is a vulnerability in a computer system that was previously unknown to its developers or anyone capable of mitigating it." does miss some of the key points that (at least I) think are relevant for the term. First, it does not address if the vulnerability is publicly known or not. This would suggest that any vulnerability, at any time of software development, would be a zero-day. Furthermore it does not state that the vulnerability is exploitable, leaving it open if the vulnerability is actually deployed ever. So according to the definition, any development-time SW bugs with security aspects are zero days. Thinking in these terms, it would actually be hard to find a software vulnerability that was not a zero day: any vulnerability, at some point in time, is not known by any developer. What comes to exploitability, I would not state it is a requirement for a 0-day. Note that exploitability is a trait that may change in time, e.g. with new implementations themselves being secure may expose the vuln. Then, the notion that it is not known by any developer; how can you ever know if this is the case? There could very well be people that know there is a problem but did not have the time or means to fix it. Quickly googling the internet, I find a better definition in " https://www.trendmicro.com/vinfo/us/security/definition/zero-day-vulnerability": "A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched." I think that definition escapes many of the problems we have in this wiki definition today. Sure it can be polished, e.g. by stating "...for which there is no patch available yet" instead of possible misunderstanding that a non-patched system would have 0-days, just because an appropriate patch is not applied yet. To me, this discussion of the real and proper definition of a 0-day is important. The term is used often when talking about the security of software systems, and with various meanings. For example, if your strategy to mitigate 0-day (risks) would be to have the latest patches in the system, you would have totally missed the point. In the field of security we should use concise text to disseminate the real(istic) problems and risks, and to have matching mitigations for the risks assessed. 84.249.75.64 ( talk) 11:19, 27 October 2023 (UTC)
a vulnerability in a system or device that has been disclosed but is not yet patchedis really a useful definition from the end-user perspective. A zero-day vulnerability doesn't stop being a zero-day vulnerability when the vendor learns of it, nor when they release a patch.
zero-days, by definition, are bugs that the Bad Guys found first, so that there were zero days on which you could have patched proactively.What matters is not if the vendor knows about the vulnerability or has patched it. The important thing is when they knew about and patched it. Zero-day vulnerabilities are ones which the vendor was made aware of, and (hopefully!) for which they eventually release a patch, only after users' systems had already been exposed to possible attack. FeRDNYC ( talk) 16:02, 6 April 2024 (UTC)
The user below has a request that an edit be made to
Zero-day vulnerability. That user has an
actual or apparent
conflict of interest. The requested edits backlog is high. Please be very patient. There are currently 151 requests waiting for review. Please read the instructions for the parameters used by this template for accepting and declining them, and review the request below and make the edit if it is well sourced, neutral, and follows other Wikipedia guidelines and policies. |
Please replace the content of this page with User:Buidhe paid/zeroday.
To fix the issue in the tag—unsourced text—as well as outdated sources, I've rewritten according to reliable sources. I also expanded the article with more information about the zero-day market, how the danger of exploits changes over the window of vulnerability. I replaced the US government section with a history section to be less US-centric, and added two public domain charts to illustrate the article. Buidhe paid ( talk) 07:12, 5 April 2024 (UTC)
With respect to the cited sources (primarily the Rand Corp. authors), I'm not sure a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available
is really a useful definition from the end-user perspective — nor does the timeline graphic in the proposed version of the article really bear that definition out. A zero-day vulnerability doesn't stop being a zero-day vulnerability when the vendor learns of it, nor when they release a patch.
This article by Paul Ducklin really cuts to the heart of it: zero-days, by definition, are bugs that the Bad Guys found first, so that there were zero days on which you could have patched proactively.
That definition jibes with the timeline chart. What matters is not if the vendor knows about the vulnerability or has patched it. The important thing is when they knew about and patched it. Zero-day vulnerabilities are ones which the vendor was made aware of, and for which they released a patch, only after users' systems had already been exposed to possible attack.
{{
Graphical timeline}}
, so that its information is accessible to more readers.This
level-5 vital article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||
|
This article has previously been nominated to be moved.
Discussions:
|
The
Wikimedia Foundation's
Terms of Use require that editors disclose their "employer, client, and affiliation" with respect to any paid contribution; see
WP:PAID. For advice about reviewing paid contributions, see
WP:COIRESPONSE.
|
Shouldn't it be called Zero-day malware. In my opinion virus is too specific. — Preceding unsigned comment added by Alejo123 ( talk • contribs) 01:29, 4 April 2011 (UTC)
Hey guys, can you guys add your views about merging the three WP zero-day articles attack, virus (and/or also malware) and warez into one at: Talk:Zero_day. Thank you :)
footnote 11 leads to "page not found" for InfoWorld article on SONAR by Symantec — Preceding unsigned comment added by 12.157.110.195 ( talk) 18:11, 7 June 2016 (UTC)
Warez doesn't really belong here IMO Deku-shrub ( talk) 19:42, 17 May 2015 (UTC)
I agree and will wait a week or so for differing opinions DGerman ( talk) 01:14, 10 July 2015 (UTC)
The usage of the term zero-day began with the warez scene, so why would the mention of warez not belong here?
Agree, zero day started in the 'cracking' scene (warez). If mentioned it should be in a history of the meaning section. -- Jericho347 ( talk) 01:40, 20 August 2022 (UTC)
The lead sentence currently says that a zero-day vulnerability is one that is "undisclosed". Later in the article it's pretty clear that the vulnerability may be disclosed and still be considered a zero-day -- it just isn't fixed yet.
I suggest this should either be removed or modified to say "possibly undisclosed" or "disclosed or undisclosed", but I thought I'd discuss before going bold on it.-- NapoliRoma ( talk) 17:56, 9 November 2015 (UTC)
the term "zero-day" is used because it sounds "cool", and it doesn't have much other meaning. Just like stoners think you sound like a guidance counselor if you say marijuana, leet haxorz think you sound like a PHB if you don't say zero-day, but otherwise it's just a newly discovered bug (or previously discovered and kept under wraps) that is exploitable. What's the difference between a virus and a zero day virus? nothing except "is there a patch available for it?" So, this article should restrict itself to that, and keep the rest of the discussion about viruses vs worms etc. in the "real" articles. We don't have separate articles for "dime bag", "roofie", etc. where all the other info about the drugs is recapitulated, and nor we should recapitulate exploit info that belongs elsewhere in the zero-day article. The distinctions that are interesting are, zero day vuln vs zero day exploit, and whether bugs are are fixed in new releases, or if vulns or sploits have been predicted (based on the beta, specs or previous versions) and do exist on day zero of a new launch. 74.73.179.172 ( talk) 18:27, 19 January 2016 (UTC)
When searching for Zero-Day exploit info the term Double Zero-Day comes up frequently and would be nice to be defined here as it seems related somehow. I could not find a definition and it may well just be something that the script kiddies uses trying to look cool. But it would stille be nice to have it layed out here. User:L00KnS33
I have not seen this term used anywhere. If you or anyone can come up with some citations it would be easier to evaluate it. I suspect you are right, just a random term to sound cool. -- Jericho347 ( talk) 01:40, 20 August 2022 (UTC)
This section is incoherent and unreferenced. It talks about 2 origins and then doesn't say what they are. Also unreferenced sections are usually removed. 69.86.6.150 ( talk) 21:06, 6 May 2016 (UTC)
Hello fellow Wikipedians,
I have just modified one external link on Zero-day (computing). Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
An editor has determined that the edit contains an error somewhere. Please follow the instructions below and mark the |checked=
to true
Cheers.— InternetArchiveBot ( Report bug) 17:37, 16 July 2016 (UTC)
Hello fellow Wikipedians,
I have just modified 4 external links on Zero-day (computing). Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
{{
dead link}}
tag to
http://www.avinti.com/download/case_studies/whitepaper_email_residual_risk.pdfWhen you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— InternetArchiveBot ( Report bug) 11:17, 21 July 2016 (UTC)
Hey,
By reading this article a sentence related to Symantec antivirus seemed more like advertising than objective knowledge to me. I deleted it, feel free to restore it if you feed like it was not but in this case justify yourself here please.
( talk)
Zero-Day 41.47.143.81 ( talk) 01:44, 10 August 2022 (UTC)
The result of the move request was: no consensus. ( closed by non-admin page mover) Extraordinary Writ ( talk) 17:20, 10 September 2022 (UTC)
Zero-day (computing) → Zero-day – This article is the primary topic, between all the options on the Zero day disambiguation page. That page should be moved to Zero day (disambiguation) and Zero day should become a redirect to Zero-day. PhotographyEdits ( talk) 12:27, 26 August 2022 (UTC) — Relisting. – robertsky ( talk) 16:24, 2 September 2022 (UTC)
The result of the move request was: moved. Per consensus – robertsky ( talk) 10:23, 10 April 2024 (UTC)
Zero-day (computing) → Zero-day vulnerability – If there is no consensus to make this the primary topic, at least we should use a natural disambiguation that is more precise about what the topic of the article is—undisclosed or unpatched vulnerabilities that may be used in exploits. Buidhe paid ( talk) 19:57, 1 April 2024 (UTC)
Why?
"Unrelated to topic" seems to be a weak excuse. 0-Days can be funneld into your system via add-banners, it should be mentioned as a possible attack vector.
Also;
Physical access is the worst case, as any known and unfixed, unknown or made up instance of a 0-day (wich is unknown, thus 0-days-to-fix) may end up in an active vulnerabillity of the end customer.
Reguarding my typing:
Non-Native-English. Brew this one as however you like. 2003:C7:1F2D:9898:FCBE:F250:9EFE:6C4D ( talk) 17:07, 4 May 2023 (UTC)
The current definition in the page: "A zero-day (also known as a 0-day) is a vulnerability in a computer system that was previously unknown to its developers or anyone capable of mitigating it." does miss some of the key points that (at least I) think are relevant for the term. First, it does not address if the vulnerability is publicly known or not. This would suggest that any vulnerability, at any time of software development, would be a zero-day. Furthermore it does not state that the vulnerability is exploitable, leaving it open if the vulnerability is actually deployed ever. So according to the definition, any development-time SW bugs with security aspects are zero days. Thinking in these terms, it would actually be hard to find a software vulnerability that was not a zero day: any vulnerability, at some point in time, is not known by any developer. What comes to exploitability, I would not state it is a requirement for a 0-day. Note that exploitability is a trait that may change in time, e.g. with new implementations themselves being secure may expose the vuln. Then, the notion that it is not known by any developer; how can you ever know if this is the case? There could very well be people that know there is a problem but did not have the time or means to fix it. Quickly googling the internet, I find a better definition in " https://www.trendmicro.com/vinfo/us/security/definition/zero-day-vulnerability": "A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched." I think that definition escapes many of the problems we have in this wiki definition today. Sure it can be polished, e.g. by stating "...for which there is no patch available yet" instead of possible misunderstanding that a non-patched system would have 0-days, just because an appropriate patch is not applied yet. To me, this discussion of the real and proper definition of a 0-day is important. The term is used often when talking about the security of software systems, and with various meanings. For example, if your strategy to mitigate 0-day (risks) would be to have the latest patches in the system, you would have totally missed the point. In the field of security we should use concise text to disseminate the real(istic) problems and risks, and to have matching mitigations for the risks assessed. 84.249.75.64 ( talk) 11:19, 27 October 2023 (UTC)
a vulnerability in a system or device that has been disclosed but is not yet patchedis really a useful definition from the end-user perspective. A zero-day vulnerability doesn't stop being a zero-day vulnerability when the vendor learns of it, nor when they release a patch.
zero-days, by definition, are bugs that the Bad Guys found first, so that there were zero days on which you could have patched proactively.What matters is not if the vendor knows about the vulnerability or has patched it. The important thing is when they knew about and patched it. Zero-day vulnerabilities are ones which the vendor was made aware of, and (hopefully!) for which they eventually release a patch, only after users' systems had already been exposed to possible attack. FeRDNYC ( talk) 16:02, 6 April 2024 (UTC)
The user below has a request that an edit be made to
Zero-day vulnerability. That user has an
actual or apparent
conflict of interest. The requested edits backlog is high. Please be very patient. There are currently 151 requests waiting for review. Please read the instructions for the parameters used by this template for accepting and declining them, and review the request below and make the edit if it is well sourced, neutral, and follows other Wikipedia guidelines and policies. |
Please replace the content of this page with User:Buidhe paid/zeroday.
To fix the issue in the tag—unsourced text—as well as outdated sources, I've rewritten according to reliable sources. I also expanded the article with more information about the zero-day market, how the danger of exploits changes over the window of vulnerability. I replaced the US government section with a history section to be less US-centric, and added two public domain charts to illustrate the article. Buidhe paid ( talk) 07:12, 5 April 2024 (UTC)
With respect to the cited sources (primarily the Rand Corp. authors), I'm not sure a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available
is really a useful definition from the end-user perspective — nor does the timeline graphic in the proposed version of the article really bear that definition out. A zero-day vulnerability doesn't stop being a zero-day vulnerability when the vendor learns of it, nor when they release a patch.
This article by Paul Ducklin really cuts to the heart of it: zero-days, by definition, are bugs that the Bad Guys found first, so that there were zero days on which you could have patched proactively.
That definition jibes with the timeline chart. What matters is not if the vendor knows about the vulnerability or has patched it. The important thing is when they knew about and patched it. Zero-day vulnerabilities are ones which the vendor was made aware of, and for which they released a patch, only after users' systems had already been exposed to possible attack.
{{
Graphical timeline}}
, so that its information is accessible to more readers.