Slashdot Mirror
Microsoft Bringing EMET Back As a Built-In Part of Windows 10 (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: The Windows 10 Fall Creators Update will include EMET-like capabilities managed through a new feature called Windows Defender Exploit Guard. Microsoft's EMET, the Enhanced Mitigation Experience Toolkit, was a useful tool for hardening Windows systems. It used a range of techniques -- some built in to Windows, some part of EMET itself -- to make exploitable security flaws harder to reliably exploit. The idea being that, even if coding bugs should occur, turning those bugs into actual security issues should be made as difficult as possible. With Windows 10, however, EMET's development was essentially cancelled. But as more mitigation capabilities have been put into Windows, the need for a system for managing and controlling them has not gone away. Some of the mitigations introduce application compatibility issues -- a few even require applications to be deliberately written with the mitigation in mind -- which means that Windows does not simply turn on every mitigation for every application. It's here that Exploit Guard comes in.
Great Scot!
Finally, no more playing the game of correctly placed 0s, 1s and ?s in 32 character lines!
Is there a tool to harden Windows 10 against intrusions by Microsoft into your privacy?
They never changed, and will never change...
Like just about everything from Microsoft.
At my employer...a VERY large Defense company, they had pushed out EMET.
It promptly broke almost all of our Java application (Kills the virtual machine). The third party desktop support people are authorized to disable or remove it.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
All the worms, ransomware, and malware that gets widespread exposure and ends up loaded on millons of vectors is ALWAYS WINDOWS. Seriously. If you use Windows as a server platform you are an idiot. Rationalize all you want, but in the end we can lay this at the feet of the operator's choice of OS.
Are there hacks, exploits, and malware for other operating systems? Sure! However, consider that these full-p3wnd remote exploits seem to get released as zero day at least once a year for Windows OS's and often the vulnerabilities go back for years. When was the last time you saw a remote-root exploit for SSH? Oh yeah, NEVER. If the NSA could have done it, the already would have and it'd likely be packaged with the same bundle of leaked material we've already seen chocked full of zero-day and other novel Windows exploits.
Yes, other operating systems have flaws, too. However, if you pick the one with the biggest target painted on the side, expect turbulence!
The Register had a NICE graphic breakdown of what EMET adds to Win7 for security (near 10's properties) https://www.theregister.co.uk/2016/11/24/cert_no_microsoft_even_win_7_emet_is_better_than_solo_win_10/
* ACTUAL GRAPHIC CHART (makes it simple to see/understand) https://regmedia.co.uk/2016/11/24/49739846748604.jpg/
APK
P.S.=> Personally, I use it & think that it adds good features to Windows 7 64-bit... apk
https://www.fireeye.com/blog/threat-research/2016/02/using_emet_to_disabl.html
So, if somebody delete the initial 'E', MSWin10 will turn in a pile of mud?
CYA
So the question is, since it's called "Defender," do you need to run their lukewarm, signature-based Defender antivirus to use the EMET features? Because that would be a deal-breaker for me.
Wouldn't the better solution be to start removing legacy support? Prevent applications from running that aren't compiled for the more recent versions of Windows. Force developers to adhere to the recommended security measures of the system or else.
See subject: I agree w/ you the features in EMET should be inherent to the OS itself vs. being another 'addon'. On backward compatibility, I've never had an issue w/ it to date (but that's just me) stopping programs working etc.(& you can set "exceptions" for it, & iirc, DEP in the OS in Win7 onward, natively) & yes:
* Some of these "protections" get broken into/penetrated or worked-around by "hacker/cracker" types... it's unfortunate but a fact (perhaps a blessing in disguise pointing out what needs rethinking &/or redesign)...
(Still - every bit helps I feel - "layered-security"/"defense-in-depth" is the best thing we've got going imo...)
APK
P.S.=> The very 1st computer security presentation I did circa 1984 in my collegiate academia days (MIS minor) on my 1st degree concluded w/ this statement & it's proven true over time since (though that was mainframe/midrange days for me using VAX VMS & forms of *NIX there):
"What one man can lock, another will shortly unlock"... apk
if Linux had the market share of all windows versions then we'd be seeing more exploits for Linux. As Willie Sutton allegedly said "it's where the money is"
you don't follow the news much do you. OpenSSH. has had a butt load of exploitable flawes over the years and to do a comparison you need to compare it to RDP not to windows
http://www.securitytracker.com...
https://www.tenable.com/pvs-pl...
https://www.symantec.com/secur...
Wahhhhhh!!!! Why won't these idiots just love linux!? It's soooooo great once you get to know it. M$ are evil and everyone but me is stupid!
Like all the other Microsoft Security Drivel for Windows 10, it will *ONLY* be available on Windows 10 Enterprise.
Lesser versions of Windows 10 which are available for the unwashed to purchase will not support any security features and will be strictly a Spyware platform.
"it's where the money is"
Given this statement, why haven't we seen widespread ransomware deployed to what the Internet is essentially made of (Linux servers)? I mean, that's where the *real* money is. Why go after petty consumers for $300 a pop when you could go after a ton of wealthy corporations that have real money at stake by losing millions of ecommerce dollars an hour, running their businesses on Linux server farms?
It is pitch black. You are likely to be eaten by a grue.
because ransomware generally relies heavily upon user stupidity, opening email attachments, clicking on links, driverby attacks for browsers etc. Only a complete incompetent admin would be doing those things from a server regardless of OS.
So I guess Linux users are simply smarter than Windows users...??
It is pitch black. You are likely to be eaten by a grue.
I have 4 computers in the house running Win10: 1 Core2 desktop, 2 i5 laptops, and a tablet. None have yet been upgraded to the March Creators Update. And we're talking about Fall? All but one of those computers, btw, are running W10 Home, so I'd have expected something to be pushed by now. Yes, Updates are on and routine security etc. are coming through. Maybe MS is still figuring out how to fix some of the things that turned up and will just skip 1703 for me?
All the worms, ransomware, and malware that gets widespread exposure and ends up loaded on millons of vectors is ALWAYS WINDOWS.
Except for little things, like heartbleed?
When was the last time you saw a remote root exploit for SSH?
2001
2013
"M$ are evil and everyone but me is stupid!"
No, you are stupid too.
Dick.
Mitigation experience? Seriously?
Isn't an "experience" just something that happens to you and isn't really under your control?
Who would have thought?
They originally decided to discontinue EMET because Windows 10 supposedly included all the anti exploit functionality and more. I guess that was another pile of horseshit.
Thankfully they decided to keep EMET up to date for the older Windows OS.
as long as the primary entry point involves things like opening emails and clicking attachments, things that don't usually happen on servers, it's a lot easier to target the average consumer.
Because the companies that make millions per hour in e-commerce spend money on security. Those that don't, don't usually make a heck of a lot money.
In fact, infected Linux machines is a popular way to infect Windows PCs - perhaps you heard of something called WordPress? Seems like vulnerable versions of it, as well as other CMS products are often ways to insert nasty javascript downloaders or other things to infect users.
And yes, infecting users at $100 a pop is far more profitable than infecting Linux servers - so you take down some guy's blog, big whoop - the guy loses out on $3 of ad revenue. But if you get to infect that guy's 1,000 visitors a day, that's a lot of money. Even if most don't pay up, that's easily $10,000 if just 10 visitors do.
Infecting Linux machines isn't profitable in an of itself, unless you manage to command enough of them that you can do some Bitcoin mining, but most machines are on VPSes that may send out alerts when the CPU load exceeds nominal. But using Linux boxes to hijack more valuable Windows ones is much more profitable, and since most of the changes are unseen, it can hide out for a very long time. Maybe even beyond the original infection vector.
Reading comprehension is important, bud. The M$ exploits being used are in the DEFAULT INSTALL. They aren't silly links to shit that requires the admin to put a special config string in his sshd_config. Furthermore, it doesn't matter much what attack vector is used to get into the system. The point is that M$ flaws tend to be widespread and in the default configuration. I have yet to see a general purpose Unix-variant install a version of OpenSSH that's vulnerable to a remote too exploit with no dependencies which is EXACTLY what these MS flaws are allowing. So, read carefully and fish out some better links. Every one of these is NOT applicable to a default installation.
Neither of the OpenSSH exploits you link to is a remote root exploit. When exploited, both only give the attacker the privileges of the authenticated user.
The 2001 exploit only works against accounts with passwords of 2 characters or less, which are trivially brute-forceable anyway. Calling this an "exploit" is like pointing out that a tissue paper door is even weaker if you have a spray bottle with you.
The 2013 exploit is very difficult to take advantage of, and isn't very worrying even so. First, an attacker would need an account's password or SSH key to exploit this in the first place; if your threat model is that you've lost those already, the 2013 exploit doesn't compound your problems. Second, given those credentials, you could already run code as that user, having logged into their account; this exploit only changes the parent process of the code that's run as that user. Third, many OSes default to disabling remote root logins via SSH entirely, and smart admins of the remaining systems disable it themselves with a one-line edit in sshd_config.
Compare Windows, where roughly a decade of user training makes almost every exploit a remote root exploit because of the reflex click on the UAC prompt dialog. When was the last time you said "no" to UAC?
On average, yes, but irrelevant. The more important the data, the more protection and backups that will exist. An accountant infected their network with a crypto malware. I just restored from crash plan and MS Server essentials and they were back up. They paid my labour instead of ransom. If this happened to any of the dozen employee's home machine, they'd all be fucked. It's easier to go with low dollar, high volume targets. Also, because if you piss off a big enough player, you'll wake up dead one day.