When a hacker is able to exploit a previous unknown vulnerability of a computer application it is called a zero day threat. Responding to zero day threats is difficult because by definition the vulnerability is not yet known. Malware writers try to exploit zero-day vulnerabilities through range of attack vectors. Web browsers are the main victims of zero day vulnerability, The reason for attacking web browsers is because of their extensive usage and distribution
Malware attackers can also send vulnerable email attachments, that infects the application while opening the attachment. Hackers do not share the information of the vulnerability that is exploiting the applications, rather waits until the security companies become aware of the vulnerability that is attacking the targeted victims.
Blacklisting is one method which helps preventing malware attacks by checking for programs that are safe to run. However the main drawback behind blacklisting is that the malicious threat has to be known and is updated in the blacklist as and when identified. Therefore, with blacklisting it is impossible to assure a complete secure protection of your PC or your data.
Sandboxing against unknown zero day threats:
Unknown zero day threats are quarantined in an isolated environment stopping the zero day threat from infecting the PC. This is basically a virtual environment. Running suspicious unknown threats in sandbox helps PC and data protection that cannot be done by the blacklist. If a PC is exploited with malicious vulnerability, it will be isolated and sandboxed that prevents the malicious infectious to spread onto the normal operations.
Not all Sandboxes are Created Equal
Sandboxes can be divided into two categories: standalone solutions and those integrated into a security system. A standalone sandbox requires that the user select the programs to run in the sandbox. This type of solution is popular with companies that want to segregate high risk software such as Internet browsers. But it does not address the problem of unknown threats.
Security systems that utilize sandboxes provide an additional layer of protection by incorporating antivirus scanning to spot potential threats then place them in the sandbox. Antivirus scanners deal with unknown threats by leveraging heuristics, a process that analyzes a program’s behavior as well as similarities with known viruses. If a program is considered dangerous, it is segregated and run safely in the virtual sandbox.
Heuristics work well but still fall short of being able to guarantee 100% protection. Like a blacklist, they must first detect a threat in order to deal with it – and there will always be some percentage of threats that cannot be identified by a scanner.