Microsoft had earlier announced that it would end support for its Enhanced Mitigation Toolkit (EMET) on Jan. 27, 2017. However, now it has announced that it is extending support until July 31, 2018.
Microsoft had released EMET in 2009 to address emerging threats and zero-day software vulnerabilities. During that period newer operating systems (OS) versions were not released frequently, and hence an independent security tool was necessary for protecting Windows OSs from zero-day exploits and increasing advanced malware attacks. This was not full-fledged protection like an antivirus for Windows, but a stop-gap arrangement as such.
Microsoft used EMET to disrupt many exploit kits against Windows 7, 8, and 8.1. Further, it was also used to test many new features, which were then inbuilt into future OS releases. However, cyber criminals have developed bypasses against most disruption mechanisms, and the code is pretty much freely available on the Internet.
EMET has many limitations as it is a stand-alone solution that did not gel well with operating systems. Depending on the type of blocking technique, EMET hooked onto low-level areas of the OS, that rather affected the performance of the OS and applications. Additionally, whenever there was any upgrade to the OS or the application, it further got affected as it resulted in incompatibility between the OS, application and EMET.
Jeffrey Sutherland, a Principal Lead Program Manager in the OS Security team within Microsoft’s Operating System Group, states: “But EMET has serious limits as well – precisely because it is not an integrated part of the operating system. First, many of EMET’s features were not developed as robust security solutions. As such, while they blocked techniques that exploits used in the past, they were not designed to offer real durable protection against exploits over time. Not surprisingly, one can find well-publicized, often trivial bypasses, readily available online to circumvent EMET.”
The latest version – EMET 5.5 – supports many Windows 10 versions and earlier OSs. While Windows 10 has many inbuilt security features, EMET does not seem to cope up to provide protection against latest advanced malware exploits.
While EMET did serve a major purpose, it failed in many cases as it was not well merged with the OS. Windows users who found EMET to be useful felt that it would be better if EMET’s protection mechanisms were inbuilt into the OS.
This has led to Microsoft now offering the Windows OS as SaaS (Software as a Service) model. Windows 10 which was launched in July 2015, has till now seen two major updates. Security has been given high priority, with the Edge browser (instead of the Internet Explorer) having more advanced security measures. Microsoft is also offering Device Guard, Credential Guard and other such new security features. The mitigation features employed in earlier EMET versions – such as Control Flow Guard (CFG), data execution prevention (DEP), and address space layout randomization (ASLR) have been inbuilt into the Windows 10 OS.
Many Windows users are skeptical about migrating from earlier Windows versions – 7, 8 and 8.1 to 10, as version 10 has been getting mixed reviews. Many administrators are not comfortable with the idea of migrating to Windows 10, even though Microsoft had offered the Windows 10 as a free upgrade.
For them, Microsoft has decided to extend support for EMET till July 31, 2018. Beyond that users must migrate to Windows 10 for security reasons. Microsoft wants to push everyone on to Windows 10.
Many users have never felt completely secure with Microsoft’s in-built security features. While security measures have improved in subsequent releases, response has been quite slow in many cases even when vulnerabilities have been pointed out to them. It would be rather prudent for administrators, cyber security experts and users to ensure effective protection against evolving advanced malware and zero-day exploits by staying protected with a robust antivirus for Windows.