I started using EMET 2.0 when it was released in the past week since I understand arbitrary code execution attacks ( You mean I got p0wned from watching a video on the web? -Joe Average Yes. ). Therefore what EMET brought to the table was not lost on me. In fact, I had been waiting for its release for several weeks after seeing the video Microsoft released some weeks ago.
What surprises me however is why, despite exploits for Adobe's products continually surfacing, they have not made a concerted effort to recompile their product with various mitigating technologies such as ASLR.
As someone who used to write software I'm fully aware of all the regression testing, QA and the potential cost of such an endeavor, e.g., putting the development team(s) to work on re-architecting vs. adding great new features . I'm sure the new Microsoft compiler will toss errors whereas the old one didn't and/or the app (PDF, Flash) will break in various ways (that's why you use a bug tracking tool).
Yes, all this would be time consuming but guess what? Adobe should make it their top priority so as to protect their brand .
-M
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
