"Zero-day" attacks and using limited privilege

re: "Zero-day" attacks and using limited privilege

bilbo — Fri, 25 Jun 2004 20:08:00 GMT

why are they called "zero-day" attacks?

just curious

re: "Zero-day" attacks and using limited privilege

Aaron Margosis — Fri, 25 Jun 2004 20:33:00 GMT

It refers to the number of days from public disclosure of the vulnerability to exploitation of the vulnerability. "Zero-day" could be a malware author who manages to construct and launch a worm the same day that the patch came out, or that the discoverer launched an attack without publicly disclosing the vuln.

Worm authors are getting faster, so it is becoming increasingly important to install patches quickly. My contention is that we're going to be seeing more cases of the second variety.

re: "Zero-day" attacks and using limited privilege

Jeremy Foster — Fri, 25 Jun 2004 22:34:00 GMT

Your blog gave me an idea. If software development copanies like Microsoft gave more attention to individuals who privately revealed holes, then perhaps those attention-hungry hackers would choose the amiable way of capturing the public eye. They know they will get attention if they exploit the hole, but if they knew they would get attention if they revealed it responsibly, they may be more apt to.

re: "Zero-day" attacks and using limited privilege

Aaron Margosis — Fri, 25 Jun 2004 22:55:00 GMT

I agree completely, Jeremy. In fact, this has already been Microsoft's policy for several years:
http://www.microsoft.com/technet/security/bulletin/policy.mspx

re: Why you shouldn't run as admin...

Aaron Margosis' WebLog — Mon, 26 Jul 2004 04:18:00 GMT

Excellent LUA/non-admin resource

Franci Penov — Sat, 28 Aug 2004 01:11:00 GMT

Table of contents, Aaron Margosis' non-admin blog

Aaron Margosis' WebLog — Tue, 19 Apr 2005 03:22:37 GMT

Complete list of Aaron Margosis' non-admin / least privilege posts, for easy lookup.

Spread the LUA joy

tonyso — Fri, 10 Jun 2005 19:12:39 GMT

Get your friends and family, all those folks that come to you for computer help once their machines have...

A Beginning with LUA

Listen...You Smell Something? — Thu, 11 Aug 2005 08:22:00 GMT

About a year ago I was reading something (blog, article, billboard, I
don't know what) that was talking...

re: "Zero-day" attacks and using limited privilege

redxii — Thu, 18 Aug 2005 01:40:31 GMT

"But if the vulnerability is exploited through your web browser, email, IM, internet-connected game, etc., then the malicious code can do anything you can do."

I have seen the light, a limited account stopped, not mitigated damage of, the HTML Help exploit!

re: "Zero-day" attacks and using limited privilege

E-dave — Tue, 17 Jan 2006 07:58:26 GMT

Do programs like Prevx do anything incompatible with virus protection software or firewalls?

re: "Zero-day" attacks and using limited privilege

Mike — Mon, 03 Apr 2006 14:48:12 GMT

It is possible on a ocmputer to make another administrator account. In doing this if one gets hacked into or w/e then you can get on your back up one that should have all your main games and programs on it and clean the other account or even delete with your passworded permission of course.

re: "Zero-day" attacks and using limited privilege

Jake Tobash — Sat, 23 Dec 2006 22:43:07 GMT

OK, this all sound very good. I like the idea of having users use LUA or FUS in order to run their web apps ONLY in LUA mode. Then, they can switch back to admin for all the regular apps (OFFLINE only allowed at my co.) without any sort of restrictions on the SW. Many web apps have no sort of full Windows compatiblity (BAD programming), so I just tell them "If it accesses the net at all, it must be run in LUA mode). So far, everything has worked out.

Table of Contents (Aaron Margosis' Non-Admin WebLog)

Aaron Margosis' "Non-Admin" WebLog — Fri, 14 Sep 2007 21:06:03 GMT

Table of Contents - blog posts on Aaron Margosis' Non-Admin WebLog