The zero-day type of exploit is discovered, not as part of the security research process, but when an active exploit is using a vulnerability the software developer was previously unaware of. Many different groups at that point rush to reverse-engineer the exploit to document the vulnerability. Antivirus vendors compete to be first to announce a method to detect and fix the exploit, and the software vendor must devise and release a patch immediately to combat the exploit.
This was in the paragraph RIGHT AFTER the paragraph you quoted.
Easy way to "debunk" someone:
1) Say they said something they didn't say
2) Discredit the assumption
3) Then say (*tada*)
The article never said "Paid subscription" -- the subscription scheme is only necessary so the patch management system has a way to determine that an optimum number of systems now have the patch in place before distributing the keys and in fact shouldn't be a "paid" system. Some people might NOT want to subscribe, however, because they don't want the vendor to know they are using the software(for whatever reason).
The "stunning hole in the logic" doesn't exist -- the subscriber/non-subscriber patch is same, source can even be included in it. But as many systems as possible are patched immediately upon release of the keys and the OPEN patch is released at the same time as the keys.
There is no patent application on the method -- the publication of the method is a way to introduce it as prior art to prevent someone else from successfully patenting it and allowing any group wanting to distribute secure patches to use it. The subscriber patches only remain secure until the keys are released which actually should be in hours or days (not weeks) depending on the user population size, size of the patch itself, and the vendors network infrastruture available for patch distribution. MEDIAN TIME for a system to be patched would vastly DECREASE.
At last a thread of where people actually get the article. I also think you are the only person who realized "median time to patch" with the solution suggested would actually improve. The reason to improve the average is that some exploits (Slammer for example) cause problems even for those who already did the right thing or are not even using the affected system. Also any workable solution must address the mass of computer users, not just the gearheads who subscribe to patch notifications on their Blackberries.
If an active exploit was discovered, the system could immediately release the keys and those who downloaded the patch already would be instantly immumized.
Most people here didn't read the article. I worte it.
There is at least one statement in the article where my tongue was firmly planted in my cheek. Changes by the editor made it into a nonsense statement.
As printed: When the exploit is done without a virus, Trojan or worm, it's using an undocumented feature.
Original: When the exploit is done without a virus, Trojan or worm, it's called "using an undocumented feature."
Again: Read the original version -- IT WAS A JOKE....
There is at least one statment in the article where my tongue was firmly planted in my cheek. Changes by the editor made it into a nonsense statement.
As printed: When the exploit is done without a virus, Trojan or worm, it's using an undocumented feature.
Original: When the exploit is done without a virus, Trojan or worm, it's called "using an undocumented feature." (Which was a joke the ComputerWorld editor didn't get.... So putz yourself)
1) Please read the article before deciding what "Slow down" means.
2) The article states that patches for active exploits must be released immediately by the vendor. A number of readers missed that.
3) Microsoft with their scheduled "patch day" has implemented a pure "slow down" model -- and I think it is ineffective. People who don't update on the designated day are subject to the same vulnerabiites and having everyone hit the update site at the same time -- effectively creating a denial of service attack of Microsoft's own making. This, in turn, prevents users from updating on a timely basis. The article presents one possible solution to that problem.
Slashdot Mirror
From the article:
The zero-day type of exploit is discovered, not as part of the security research process, but when an active exploit is using a vulnerability the software developer was previously unaware of. Many different groups at that point rush to reverse-engineer the exploit to document the vulnerability. Antivirus vendors compete to be first to announce a method to detect and fix the exploit, and the software vendor must devise and release a patch immediately to combat the exploit.
This was in the paragraph RIGHT AFTER the paragraph you quoted.
Easy way to "debunk" someone:
1) Say they said something they didn't say
2) Discredit the assumption
3) Then say (*tada*)
Ah, yes, more conspiracy theories.
The article never said "Paid subscription" -- the subscription scheme is only necessary so the patch management system has a way to determine that an optimum number of systems now have the patch in place before distributing the keys and in fact shouldn't be a "paid" system. Some people might NOT want to subscribe, however, because they don't want the vendor to know they are using the software(for whatever reason).
The "stunning hole in the logic" doesn't exist -- the subscriber/non-subscriber patch is same, source can even be included in it. But as many systems as possible are patched immediately upon release of the keys and the OPEN patch is released at the same time as the keys.
There is no patent application on the method -- the publication of the method is a way to introduce it as prior art to prevent someone else from successfully patenting it and allowing any group wanting to distribute secure patches to use it. The subscriber patches only remain secure until the keys are released which actually should be in hours or days (not weeks) depending on the user population size, size of the patch itself, and the vendors network infrastruture available for patch distribution. MEDIAN TIME for a system to be patched would vastly DECREASE.
At last a thread of where people actually get the article. I also think you are the only person who realized "median time to patch" with the solution suggested would actually improve. The reason to improve the average is that some exploits (Slammer for example) cause problems even for those who already did the right thing or are not even using the affected system. Also any workable solution must address the mass of computer users, not just the gearheads who subscribe to patch notifications on their Blackberries.
If an active exploit was discovered, the system could immediately release the keys and those who downloaded the patch already would be instantly immumized.
Most people here didn't read the article. I worte it. There is at least one statement in the article where my tongue was firmly planted in my cheek. Changes by the editor made it into a nonsense statement. As printed: When the exploit is done without a virus, Trojan or worm, it's using an undocumented feature. Original: When the exploit is done without a virus, Trojan or worm, it's called "using an undocumented feature."
Again: Read the original version -- IT WAS A JOKE....
Most people here didn't read the article.
There is at least one statment in the article where my tongue was firmly planted in my cheek. Changes by the editor made it into a nonsense statement.
As printed: When the exploit is done without a virus, Trojan or worm, it's using an undocumented feature.
Original: When the exploit is done without a virus, Trojan or worm, it's called "using an undocumented feature." (Which was a joke the ComputerWorld editor didn't get.... So putz yourself)
1) Please read the article before deciding what "Slow down" means.
2) The article states that patches for active exploits must be released immediately by the vendor. A number of readers missed that.
3) Microsoft with their scheduled "patch day" has implemented a pure "slow down" model -- and I think it is ineffective. People who don't update on the designated day are subject to the same vulnerabiites and having everyone hit the update site at the same time -- effectively creating a denial of service attack of Microsoft's own making. This, in turn, prevents users from updating on a timely basis. The article presents one possible solution to that problem.