Microsoft updates a security wrapper for dodgy code

[DaBees-Knees]

http://www.theinquirer.net/inquirer/news/1731240/microsoft-updates-security-wrapper-dodgy-code

SECURITY CONSCIOUS USERS will be given a helping hand by using a toolkit from that fortress of highly secure software, Microsoft.

The Vole has updated its Enhanced Mitigation Experience Toolkit (EMET), a piece of software that aims to plug potential security holes in third party software. This second version of the Microsoft toolkit provides two mitigation techniques that should help harried Windows systems administrators try to contain things when applications go awry.

Export address table access filtering and mandatory address space layout randomization are fairly standard security techniques and combine with others in the previous EMET release that included technologies such as dynamic data execution prevention. EMET is supposed to be particularly useful for those legacy programs that cannot be recompiled to make use of Microsoft's latest security hacks, er, techniques.

Microsoft's decision to provide a security wrapper for applications is a pretty damning indictment of the attention Windows applications developers pay to security. It's clear that software such as EMET is not the best way to implement security, however Microsoft should be given some credit for at least trying to tackle shoddy coding practices that expose the vulnerabilities in its hairball operating systems.

Some might argue that Microsoft's iffy design choices in Windows do little to mitigate security problems. That may indeed be so, but the fact remains, given Microsoft's less than stellar track record on the matter, it's hardly a glowing endorsement to say that an application has been secured using Microsoft's technology.

Nevertheless, EMET does offer those applications that are no longer officially being maintained the ability to gain the benefits of some of Microsoft's more recent attempts at security measures.

You could write a book about Microsoft and it's security problems over the years and a few people have. Now it seems third party software has hit the spotlight.    

[Max™]

Well we know what Microsoft likes, every third party program to have a Microsoft approved certificate,
if it hasn't got one, will this EMET actually stop our programs working, saying they are dangerous?
just because it hasn't been approved by Microsoft, doesn't mean its not a safe application.

[White Stripes]

i think this is more for the corporate environment...


home users get the joys of user annoyance control....

[Bluey_412]

just because it hasn't been approved by Microsoft, doesn't mean its not a safe application.

Well, you COULD have one o' them fruity thing computers and have to buy all your (Overpriced) software from them...