Antivirus systems include a signature file, a so called “blacklist”, that allows them to identify and exterminate known threats. Some also include a so called “whitelist” of files that are known to be valid and ok to run. Conventional antivirus does a good job of dealing with the good and the bad, but what about the unknown?
Zero day threats are by definition unknown threats. A zero day attack uses a new virus, worm or other malware that antivirus vendors have not yet added to their signature database or updated their software to protect against.
Malware is called ‘zero-day’ for the length of time between its discovery and the creation of the AV signature to combat it. Once discovered, most vendors update their update their AV signatures in a matter of hours. However, the malware itself may been at large and reeking havoc for a long time before it was discovered. Enterprises should never rely on signature based detection alone.
Java, Adobe Reader, Adobe Flash and Internet Explorer have been victimized numerous times over the past few years by hackers who have identified defects they could exploit, known as zero day exploits. Last year, Homeland Security even recommended disabling the Java environment on all computers. Besides the most famous cases, any browser or software could be carrying a zero day threat.
This is why Comodo Antivirus for Windows 8 has built protection against zero-day threats into its computer and Internet security systems. The Comodo architecture contains multiple layers of technology to identify ‘unknown’ malware. This includes real-time behavior analysis, instant file look-up and advanced heuristic detection.