Microsofts updates Windows application protection tool

The company has added two new features to its Enhanced Mitigation Experience Toolkit, which is designed to protect line-of-business and third-party apps, including on legacy systems
Written by Tom Espiner, Contributor

Microsoft has added two new security measures to a tool that is designed to protect Windows applications, including those running on versions of the operating system that have fallen out of support.

Microsoft's Enhanced Mitigation Experience Toolkit (EMET) 2.0 is designed to protect line-of-business and third party applications from attack, according to a post on Technet.

EMET 2.0 has two added functions compared with version 1.0, according to a Microsoft blog post. One is export address table access filtering, which breaks malicious shell code, while the second is mandatory address space layout randomisation (ASLR), which randomises the addresses where modules are loaded in an attempt to stop an attacker from using data at predictable locations.

Version 2.0 of the tool also incorporates four functionalities from version 1.0. Data execution prevention (DEP) stops code being executed from memory that is not explicitly flagged as executable. In EMET 2.0, DEP allows applications that haven't been flagged to be opted in on an individual basis.

Structure exception handler overwrite protection (SEHOP) is designed to protect against stack overflow exploits, while 'heap spray allocation' blocks addresses used in attacks that use heap spray techniques to place malicious shell code in as many different memory locations as possible. Null page allocation, which works in a similar way to heap spray allocation, is designed to prevent potential null dereference issues in usermode, said Microsoft.

Andy Buss, who is the service director for access and infrastructure for analyst house Freeform Dynamics, told ZDNet UK on Friday that EMET was a useful tool for protecting applications on Microsoft operating systems such as Windows XP.

"[EMET] does source code analysis and runs mitigations," said Buss. "The toolkit really helps make sure applications are secure." He added that XP was still very popular, and that many businesses held off from the transition to Microsoft's subsequent operating system, Vista, when it came out in 2007.

"Vista got such a reputation for being sluggish, for requiring a lot of new hardware, and for not being compatible [with earlier versions of Windows]," said Buss. "People have been waiting for Windows 7, and quite a few older PCs are due to be refreshed in the next year."

Buss said that, while Vista had opened businesses' eyes to alternative operating systems, a lot of companies still planned to move to Windows 7, "as it's compatible, and people are used to it." While Macs had gained ground against Microsoft PCs, Linux had not seen much of an increase in use aside from in mobile phones and call centre thin clients, said Buss.

Gartner research director Annette Jump told ZDNet UK on Friday that, just before Windows 7 was launched in October 2009, over 85 percent of enterprises in Western Europe had stayed with XP, and not moved to Vista.

Editorial standards