Slashdot Mirror
Microsoft Bringing EMET Back As a Built-In Part of Windows 10 (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: The Windows 10 Fall Creators Update will include EMET-like capabilities managed through a new feature called Windows Defender Exploit Guard. Microsoft's EMET, the Enhanced Mitigation Experience Toolkit, was a useful tool for hardening Windows systems. It used a range of techniques -- some built in to Windows, some part of EMET itself -- to make exploitable security flaws harder to reliably exploit. The idea being that, even if coding bugs should occur, turning those bugs into actual security issues should be made as difficult as possible. With Windows 10, however, EMET's development was essentially cancelled. But as more mitigation capabilities have been put into Windows, the need for a system for managing and controlling them has not gone away. Some of the mitigations introduce application compatibility issues -- a few even require applications to be deliberately written with the mitigation in mind -- which means that Windows does not simply turn on every mitigation for every application. It's here that Exploit Guard comes in.
Is there a tool to harden Windows 10 against intrusions by Microsoft into your privacy?
Like just about everything from Microsoft.
At my employer...a VERY large Defense company, they had pushed out EMET.
It promptly broke almost all of our Java application (Kills the virtual machine). The third party desktop support people are authorized to disable or remove it.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
All the worms, ransomware, and malware that gets widespread exposure and ends up loaded on millons of vectors is ALWAYS WINDOWS. Seriously. If you use Windows as a server platform you are an idiot. Rationalize all you want, but in the end we can lay this at the feet of the operator's choice of OS.
Are there hacks, exploits, and malware for other operating systems? Sure! However, consider that these full-p3wnd remote exploits seem to get released as zero day at least once a year for Windows OS's and often the vulnerabilities go back for years. When was the last time you saw a remote-root exploit for SSH? Oh yeah, NEVER. If the NSA could have done it, the already would have and it'd likely be packaged with the same bundle of leaked material we've already seen chocked full of zero-day and other novel Windows exploits.
Yes, other operating systems have flaws, too. However, if you pick the one with the biggest target painted on the side, expect turbulence!
So the question is, since it's called "Defender," do you need to run their lukewarm, signature-based Defender antivirus to use the EMET features? Because that would be a deal-breaker for me.
It would be a better solution technically, but Windows exists largely on support for legacy software. Microsoft would lose a lot of their lock-in. If I have to buy or write new software anyway, why wouldn't I run it on Linux instead?
If you're a zombie and you know it, bite your friend!
if Linux had the market share of all windows versions then we'd be seeing more exploits for Linux. As Willie Sutton allegedly said "it's where the money is"
Are the EMET service providers called EMETICS?
"it's where the money is"
Given this statement, why haven't we seen widespread ransomware deployed to what the Internet is essentially made of (Linux servers)? I mean, that's where the *real* money is. Why go after petty consumers for $300 a pop when you could go after a ton of wealthy corporations that have real money at stake by losing millions of ecommerce dollars an hour, running their businesses on Linux server farms?
It is pitch black. You are likely to be eaten by a grue.
So I guess Linux users are simply smarter than Windows users...??
It is pitch black. You are likely to be eaten by a grue.
Legacy support is the only reason Windows is still in use.
All the worms, ransomware, and malware that gets widespread exposure and ends up loaded on millons of vectors is ALWAYS WINDOWS.
Except for little things, like heartbleed?
When was the last time you saw a remote root exploit for SSH?
2001
2013
Mitigation experience? Seriously?
Isn't an "experience" just something that happens to you and isn't really under your control?
as long as the primary entry point involves things like opening emails and clicking attachments, things that don't usually happen on servers, it's a lot easier to target the average consumer.
Because the companies that make millions per hour in e-commerce spend money on security. Those that don't, don't usually make a heck of a lot money.
In fact, infected Linux machines is a popular way to infect Windows PCs - perhaps you heard of something called WordPress? Seems like vulnerable versions of it, as well as other CMS products are often ways to insert nasty javascript downloaders or other things to infect users.
And yes, infecting users at $100 a pop is far more profitable than infecting Linux servers - so you take down some guy's blog, big whoop - the guy loses out on $3 of ad revenue. But if you get to infect that guy's 1,000 visitors a day, that's a lot of money. Even if most don't pay up, that's easily $10,000 if just 10 visitors do.
Infecting Linux machines isn't profitable in an of itself, unless you manage to command enough of them that you can do some Bitcoin mining, but most machines are on VPSes that may send out alerts when the CPU load exceeds nominal. But using Linux boxes to hijack more valuable Windows ones is much more profitable, and since most of the changes are unseen, it can hide out for a very long time. Maybe even beyond the original infection vector.
Reading comprehension is important, bud. The M$ exploits being used are in the DEFAULT INSTALL. They aren't silly links to shit that requires the admin to put a special config string in his sshd_config. Furthermore, it doesn't matter much what attack vector is used to get into the system. The point is that M$ flaws tend to be widespread and in the default configuration. I have yet to see a general purpose Unix-variant install a version of OpenSSH that's vulnerable to a remote too exploit with no dependencies which is EXACTLY what these MS flaws are allowing. So, read carefully and fish out some better links. Every one of these is NOT applicable to a default installation.
Neither of the OpenSSH exploits you link to is a remote root exploit. When exploited, both only give the attacker the privileges of the authenticated user.
The 2001 exploit only works against accounts with passwords of 2 characters or less, which are trivially brute-forceable anyway. Calling this an "exploit" is like pointing out that a tissue paper door is even weaker if you have a spray bottle with you.
The 2013 exploit is very difficult to take advantage of, and isn't very worrying even so. First, an attacker would need an account's password or SSH key to exploit this in the first place; if your threat model is that you've lost those already, the 2013 exploit doesn't compound your problems. Second, given those credentials, you could already run code as that user, having logged into their account; this exploit only changes the parent process of the code that's run as that user. Third, many OSes default to disabling remote root logins via SSH entirely, and smart admins of the remaining systems disable it themselves with a one-line edit in sshd_config.
Compare Windows, where roughly a decade of user training makes almost every exploit a remote root exploit because of the reflex click on the UAC prompt dialog. When was the last time you said "no" to UAC?
On average, yes, but irrelevant. The more important the data, the more protection and backups that will exist. An accountant infected their network with a crypto malware. I just restored from crash plan and MS Server essentials and they were back up. They paid my labour instead of ransom. If this happened to any of the dozen employee's home machine, they'd all be fucked. It's easier to go with low dollar, high volume targets. Also, because if you piss off a big enough player, you'll wake up dead one day.