Microsoft Bringing EMET Back As a Built-In Part of Windows 10

An anonymous reader quotes a report from Ars Technica: The Windows 10 Fall Creators Update will include EMET-like capabilities managed through a new feature called Windows Defender Exploit Guard. Microsoft's EMET, the Enhanced Mitigation Experience Toolkit, was a useful tool for hardening Windows systems. It used a range of techniques -- some built in to Windows, some part of EMET itself -- to make exploitable security flaws harder to reliably exploit. The idea being that, even if coding bugs should occur, turning those bugs into actual security issues should be made as difficult as possible. With Windows 10, however, EMET's development was essentially cancelled. But as more mitigation capabilities have been put into Windows, the need for a system for managing and controlling them has not gone away. Some of the mitigations introduce application compatibility issues -- a few even require applications to be deliberately written with the mitigation in mind -- which means that Windows does not simply turn on every mitigation for every application. It's here that Exploit Guard comes in.

Java Killer!

[sycodon]

At my employer...a VERY large Defense company, they had pushed out EMET.

It promptly broke almost all of our Java application (Kills the virtual machine). The third party desktop support people are authorized to disable or remove it.

Re:

[Jeremi]

[EMET] promptly broke almost all of our Java application (Kills the virtual machine).

Sounds like it knows just what to do. If it gets rid of Flash as well, we're golden. ;)

Re:

[sycodon]

You fucking tell that to the people trying to get quarterly financials out.

Fuck you.

Re:

[salnikov]

At my company (some large science lab) it screws up Chrome badly.

Re:

[sexconker]

You have to disable EAF+ for chrome.exe within the "Apps" section of EMET.

'Hardening'

[Anonymous Coward]

Is there a tool to harden Windows 10 against intrusions by Microsoft into your privacy?

Re:

[rstanley]

Yes, it's called Linux! Wipe out Mickey$oft completely, including MS Office, and install a solid Distro such as Debian, and LibreOffice!

EMETic indeed

[OneHundredAndTen]

Like just about everything from Microsoft.

Re:

[Nunya666]

I can't think of a single Microsoft product with a good name. Not one.

The problem is that what constitutes a "good name" to most users is completely different than what constitutes a "good name" to tech-savvy users like the /. crowd. Normal users are much more willing to put up with crapware than tech-savvy users are.

IMO, the best M$ product is the combination of Excel and VBA. Although both are buggy and can be a PITA to work with, nothing else can replace them (yet). Sure, LibreOffice and WPS try, but anything that can only replace Office functionality 80% of the time is

Last Remote Root hole in OpenSSH ? Oh yeah, NEVER.

[Seven Spirals]

All the worms, ransomware, and malware that gets widespread exposure and ends up loaded on millons of vectors is ALWAYS WINDOWS. Seriously. If you use Windows as a server platform you are an idiot. Rationalize all you want, but in the end we can lay this at the feet of the operator's choice of OS.

Are there hacks, exploits, and malware for other operating systems? Sure! However, consider that these full-p3wnd remote exploits seem to get released as zero day at least once a year for Windows OS's and often

Re:

[desdinova 216]

if Linux had the market share of all windows versions then we'd be seeing more exploits for Linux. As Willie Sutton allegedly said "it's where the money is"

Re:

[TheDarkener]

"it's where the money is"

Given this statement, why haven't we seen widespread ransomware deployed to what the Internet is essentially made of (Linux servers)? I mean, that's where the *real* money is. Why go after petty consumers for $300 a pop when you could go after a ton of wealthy corporations that have real money at stake by losing millions of ecommerce dollars an hour, running their businesses on Linux server farms?

Re:

[TheDarkener]

So I guess Linux users are simply smarter than Windows users...??

Re: Last Remote Root hole in OpenSSH ? Oh yeah, NE

[Brockmire]

On average, yes, but irrelevant. The more important the data, the more protection and backups that will exist. An accountant infected their network with a crypto malware. I just restored from crash plan and MS Server essentials and they were back up. They paid my labour instead of ransom. If this happened to any of the dozen employee's home machine, they'd all be fucked. It's easier to go with low dollar, high volume targets. Also, because if you piss off a big enough player, you'll wake up dead one da

Re:

[yodleboy]

as long as the primary entry point involves things like opening emails and clicking attachments, things that don't usually happen on servers, it's a lot easier to target the average consumer.

Re:

[tlhIngan]

Given this statement, why haven't we seen widespread ransomware deployed to what the Internet is essentially made of (Linux servers)? I mean, that's where the *real* money is. Why go after petty consumers for $300 a pop when you could go after a ton of wealthy corporations that have real money at stake by losing millions of ecommerce dollars an hour, running their businesses on Linux server farms?

Because the companies that make millions per hour in e-commerce spend money on security. Those that don't, don't

Re:

[Seven Spirals]

Reading comprehension is important, bud. The M$ exploits being used are in the DEFAULT INSTALL. They aren't silly links to shit that requires the admin to put a special config string in his sshd_config. Furthermore, it doesn't matter much what attack vector is used to get into the system. The point is that M$ flaws tend to be widespread and in the default configuration. I have yet to see a general purpose Unix-variant install a version of OpenSSH that's vulnerable to a remote too exploit with no dependencie

Re:

[nuckfuts]

All the worms, ransomware, and malware that gets widespread exposure and ends up loaded on millons of vectors is ALWAYS WINDOWS.

Except for little things, like heartbleed [wikipedia.org]?

When was the last time you saw a remote root exploit for SSH?

2001 [itworld.com]

2013 [sophos.com]

Re:

[tangent]

Neither of the OpenSSH exploits you link to is a remote root exploit. When exploited, both only give the attacker the privileges of the authenticated user.

The 2001 exploit only works against accounts with passwords of 2 characters or less, which are trivially brute-forceable anyway. Calling this an "exploit" is like pointing out that a tissue paper door is even weaker if you have a spray bottle with you.

The 2013 exploit is very difficult to take advantage of, and isn't very worrying even so. First, an attac

Re:

[RabidReindeer]

Are the EMET service providers called EMETICS?

Pressing question

[Torodung]

So the question is, since it's called "Defender," do you need to run their lukewarm, signature-based Defender antivirus to use the EMET features? Because that would be a deal-breaker for me.

Re:

[thegarbz]

I'm sure you can install burning hot Mcafee too if you wish. Burning hot being what your CPU will be wherever you install it.

Re:

[innocent_white_lamb]

It would be a better solution technically, but Windows exists largely on support for legacy software. Microsoft would lose a lot of their lock-in. If I have to buy or write new software anyway, why wouldn't I run it on Linux instead?

Re:

[schleimkeim]

Legacy support is the only reason Windows is still in use.

That name...

[Waccoon]

Mitigation experience? Seriously?

Isn't an "experience" just something that happens to you and isn't really under your control?