什么是零日攻击?什么是Zero-day Exploit?下面是定义:
A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known.
当然了,不只是当天,一个脆弱性从被发现到发布,再到解决会有一个可长可短的过程,从发布到解决这段时间之内,被利用的可能性最大。
Ordinarily, after someone detects that a software program contains a potential exposure to exploitation by a hacker, that person or company can notify the software company and sometimes the world at large so that action can be taken to repair the exposure or defend against its exploitation. Given time, the software company can repair and distribute a fix to users. Even if potential hackers also learn of the vulnerability, it may take them some time to exploit it; meanwhile, the fix can hopefully become available first.
这是一场软件厂商,安全产品厂商和黑客之间的比赛。
With experience, however, hackers are becoming faster at exploiting a vulnerability and sometimes a hacker may be the first to discover the vulnerability. In these situations, the vulnerability and the exploit may become apparent on the same day. Since the vulnerability isn't known in advance, there is no way to guard against the exploit before it happens. Companies exposed to such exploits can, however, institute procedures for early detection of an exploit.
基于行为的防范技术可以在一定程度上防范零日攻击,但是并非完全有效,脆弱性被发现以前,通常是没有办法提前应对的。
