Microsofts updates Windows application protection tool

Summary:The company has added two new features to its Enhanced Mitigation Experience Toolkit, which is designed to protect line-of-business and third-party apps, including on legacy systems

Microsoft has added two new security measures to a tool that is designed to protect Windows applications, including those running on versions of the operating system that have fallen out of support.

Microsoft's Enhanced Mitigation Experience Toolkit (EMET) 2.0 is designed to protect line-of-business and third party applications from attack, according to a post on Technet.

EMET 2.0 has two added functions compared with version 1.0, according to a Microsoft blog post. One is export address table access filtering, which breaks malicious shell code, while the second is mandatory address space layout randomisation (ASLR), which randomises the addresses where modules are loaded in an attempt to stop an attacker from using data at predictable locations.

Version 2.0 of the tool also incorporates four functionalities from version 1.0. Data execution prevention (DEP) stops code being executed from memory that is not explicitly flagged as executable. In EMET 2.0, DEP allows applications that haven't been flagged to be opted in on an individual basis.

Structure exception handler overwrite protection (SEHOP) is designed to protect against stack overflow exploits, while 'heap spray allocation' blocks addresses used in attacks that use heap spray techniques to place malicious shell code in as many different memory locations as possible. Null page allocation, which works in a similar way to heap spray allocation, is designed to prevent potential null dereference issues in usermode, said Microsoft.

Andy Buss, who is the service director for access and infrastructure for analyst house Freeform Dynamics, told ZDNet UK on Friday that EMET was a useful tool for protecting applications on Microsoft operating systems such as Windows XP.

"[EMET] does source code analysis and runs mitigations," said Buss. "The toolkit really helps make sure applications are secure." He added that XP was still very popular, and that many businesses held off from the transition to Microsoft's subsequent operating system, Vista, when it came out in 2007.

"Vista got such a reputation for being sluggish, for requiring a lot of new hardware, and for not being compatible [with earlier versions of Windows]," said Buss. "People have been waiting for Windows 7, and quite a few older PCs are due to be refreshed in the next year."

Buss said that, while Vista had opened businesses' eyes to alternative operating systems, a lot of companies still planned to move to Windows 7, "as it's compatible, and people are used to it." While Macs had gained ground against Microsoft PCs, Linux had not seen much of an increase in use aside from in mobile phones and call centre thin clients, said Buss.

Gartner research director Annette Jump told ZDNet UK on Friday that, just before Windows 7 was launched in October 2009, over 85 percent of enterprises in Western Europe had stayed with XP, and not moved to Vista.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.