Such as we published yesterday η Microsoft θα σταματήσει την εργαλειοθήκη ασφαλείας EMET γιατί πιστεύει ότι είναι περιττή. Η εταιρεία πιστεύει ότι το τελευταίο της λειτουργικό Windows 10 διαθέτει όλα τα χαρακτηριστικά του EMET, αλλά όπως φαίνεται αυτό δεν είναι αλήθεια, σύμφωνα με την υπηρεσία ανάλυσης ευπαθειών CERT του Πανεπιστημίου Carnegie Mellon.
For seven years EMET, or the Enhanced Mitigation Experience Toolkit, has been the primary security tool for Windows systems that could not repair a new flaw but still wanted to protect their network.
EMET provides a series of exploit mitigations that can protect vulnerable systems differently even when an error does not exist in a Microsoft product.
However, as we mentioned above Microsoft has announced its plans to abandon EMET, as "Windows 10 includes all the mitigation features that EMET uses, such as DEP, ASLR, and Control Flow Guard (CFG) along with many other measures to bypass prevention offered by UAC by exploits that target the program browsing ".
Jeffrey Sutherland, chief executive of Microsoft's operating system security team, said EMET could not keep up with modern threats and that it was now easy to find "trivial bypasses" online.
By claiming that customers using EMET have a built-in Windows 10, Microsoft has decided to stop EMET support after 31 2018 July and encourage its customers who want the best security to switch to Windows 10.
But CERT vulnerability analyst Will Dormann has asked Microsoft to reverse its decision to withdraw EMET, arguing that Windows 10 does not provide the same protection such as EMET. Dorman also reported that Windows 7 that has EMET is better protected than Windows 10 that doesn't.
Please note that the CERT service is a non-profit research center funded by the Software Engineering Institute research-and-development center operated by Carnegie Mellon University.
According to the service:
"The EMET library can modify the behavior of the application that is the target of an attack, providing additional protection," Dormann explains.
“The implementation of special protection capabilities provided by EMET has real value. Because we can't rely on all software vendors to create code that stops the exploits that are available EMET puts that control in our hands.”
When EMET support stops, everyone who uses it should be aware of products that will not receive updates from vendors. Dormann notes that Office 2007, which reaches its end of support until the end of 2016, will soon be in this category.
But think all of the above, serve Microsoft to market new products. Maybe somewhat extorted, but we probably have to learn to live with it.
