Talk:Zero-day vulnerability/Archive 1

Shouldn't it be called Zero-day malware. In my opinion virus is too specific. — Preceding unsigned comment added by Alejo123 (talk • contribs) 01:29, 4 April 2011 (UTC)

I thought that it was "zero day." A part of the computer. — Preceding unsigned comment added by 24.187.145.47 (talk) 12:12, 12 July 2011 (UTC)

"0day" originally referred to exploits targeting vulnerabilities that are unknown to a vendor. When the exploit is used, the author originates the start of this unique attack activity, at "Day Zero" (everything starts at "0", not "1", in the world of computing). So, a true "0day worm" like Slammer spread via an 0day attacking CVE-2002-0649 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0649), which was unknown to Microsoft at the time. In more recent terms, Stuxnet was an 0day worm. It is very unusual to find true 0day malware - worms, client side remotes, whatever. The current "zero day virus" description on wikipedia follows the lame marketing department lingo at startups looking to take market share from AV vendors, who don't understand the original term, but want a catchy/flashy term to describe new variants of malware, which are commonplace. This lingo is also commonly used as an attempt to suggest that AV scanners detect fewer malware than they really do. Wikiksec (talk) 00:41, 16 February 2012 (UTC)

On the one hand, I agree that Zero-day malware is a better name for this article than Zero-day virus. On the other hand, I agree with Wikiksec's comments - the article may well not be encyclopedic. Time for an Wikipedia:AFD? --Elvey (talk) 03:15, 28 April 2012 (UTC)

Hey guys, can you guys add your views about merging the three WP zero-day articles attack, virus (and/or also malware) and warez into one at: Talk:Zero_day. Thank you :)

Done,

footnote 11 leads to "page not found" for InfoWorld article on SONAR by Symantec — Preceding unsigned comment added by 12.157.110.195 (talk) 18:11, 7 June 2016 (UTC)

Warez doesn't really belong here IMO Deku-shrub (talk) 19:42, 17 May 2015 (UTC)

I agree and will wait a week or so for differing opinions DGerman (talk) 01:14, 10 July 2015 (UTC)

The usage of the term zero-day began with the warez scene, so why would the mention of warez not belong here?

Agree, zero day started in the 'cracking' scene (warez). If mentioned it should be in a history of the meaning section. --Jericho347 (talk) 01:40, 20 August 2022 (UTC)

The lead sentence currently says that a zero-day vulnerability is one that is "undisclosed". Later in the article it's pretty clear that the vulnerability may be disclosed and still be considered a zero-day -- it just isn't fixed yet.

I suggest this should either be removed or modified to say "possibly undisclosed" or "disclosed or undisclosed", but I thought I'd discuss before going bold on it.--NapoliRoma (talk) 17:56, 9 November 2015 (UTC)

This page is a bit of a Frankenstein currently. In which section has the second reference you're referring to? I can't find it. Deku-shrub (talk) 20:03, 9 November 2015 (UTC)

More than anything I was referring to later in the lead paragraph, where it mentions that zero-day vulnerabilities may be exploited on the day that notice is released (which would mean that at that point, they are disclosed).

But on reflection, I think the "undisclosed vulnerability" description is accurate. I would now be more inclined to leave it as-is.--NapoliRoma (talk) 03:27, 10 November 2015 (UTC)

the term "zero-day" is used because it sounds "cool", and it doesn't have much other meaning. Just like stoners think you sound like a guidance counselor if you say marijuana, leet haxorz think you sound like a PHB if you don't say zero-day, but otherwise it's just a newly discovered bug (or previously discovered and kept under wraps) that is exploitable. What's the difference between a virus and a zero day virus? nothing except "is there a patch available for it?" So, this article should restrict itself to that, and keep the rest of the discussion about viruses vs worms etc. in the "real" articles. We don't have separate articles for "dime bag", "roofie", etc. where all the other info about the drugs is recapitulated, and nor we should recapitulate exploit info that belongs elsewhere in the zero-day article. The distinctions that are interesting are, zero day vuln vs zero day exploit, and whether bugs are are fixed in new releases, or if vulns or sploits have been predicted (based on the beta, specs or previous versions) and do exist on day zero of a new launch. 74.73.179.172 (talk) 18:27, 19 January 2016 (UTC)

My understanding of the term zero day has always been that it is an exploit that is being exploited by hackers "in the wild" for which there is not yet any published fix or mitigation. Hence you have zero days to get the patch out or whatever. If there has been no zero day attack then it's not a zero day vulnerability! BrianDGregory (talk) 22:57, 4 August 2020 (UTC)

When searching for Zero-Day exploit info the term Double Zero-Day comes up frequently and would be nice to be defined here as it seems related somehow. I could not find a definition and it may well just be something that the script kiddies uses trying to look cool. But it would stille be nice to have it layed out here. User:L00KnS33

I have not seen this term used anywhere. If you or anyone can come up with some citations it would be easier to evaluate it. I suspect you are right, just a random term to sound cool. --Jericho347 (talk) 01:40, 20 August 2022 (UTC)

The only real references I can find related to "double zero-day" all seem to be stories about two zero-day vulnerabilities cropping up at once. So I suspect that's all it is, a way of talking about (double) (zero-day {vulnerabilities|exploits|announcements}), not (double zero-day) ({vulnerabilities|exploits|announcements}). FeRDNYC (talk) 01:51, 4 April 2024 (UTC)

This section is incoherent and unreferenced. It talks about 2 origins and then doesn't say what they are. Also unreferenced sections are usually removed. 69.86.6.150 (talk) 21:06, 6 May 2016 (UTC)

Hello fellow Wikipedians,

I have just modified one external link on Zero-day (computing). Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20091027041339/http://geocities.com/skrzydla/ to http://en.wikipedia.org/wiki/Wikipedia:Footnotes

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

 N An editor has determined that the edit contains an error somewhere. Please follow the instructions below and mark the |checked= to true

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 17:37, 16 July 2016 (UTC)

This is some glitch in the bot, I guess. Debresser (talk) 18:48, 16 July 2016 (UTC)

Hello fellow Wikipedians,

I have just modified 4 external links on Zero-day (computing). Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive http://web.archive.org/web/20081222035950/http://www.computerworld.com:80/action/article.do?command=viewArticleBasic&articleId=9005117 to http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005117
• Added {{dead link}} tag to http://www.avinti.com/download/case_studies/whitepaper_email_residual_risk.pdf
• Added archive http://web.archive.org/web/20090402192651/http://www.infoworld.com:80/article/07/01/17/HNsymantecsonar_1.html to http://www.infoworld.com/article/07/01/17/HNsymantecsonar_1.html
• Added archive http://web.archive.org/web/20120803213309/http://securitywatch.eweek.com/virus_and_spyware/antivirus_is_dead_dead_dead.html to http://securitywatch.eweek.com/virus_and_spyware/antivirus_is_dead_dead_dead.html
• Added archive http://web.archive.org/web/20090324082620/http://www.infoworld.com:80/article/07/02/15/HNzerodayinword_1.html to http://www.infoworld.com/article/07/02/15/HNzerodayinword_1.html

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 11:17, 21 July 2016 (UTC)

Hey,

By reading this article a sentence related to Symantec antivirus seemed more like advertising than objective knowledge to me. I deleted it, feel free to restore it if you feed like it was not but in this case justify yourself here please.

(talk)

Zero-Day 41.47.143.81 (talk) 01:44, 10 August 2022 (UTC)