Microsoft extends support for EMET, but its days are numbered
The days of EMET, Microsoft’s Enhanced Mitigation Experience Toolkit for Windows, are numbered. Although, the company has listened to the customers’ pleas, and is extending its end of life date to July 31, 2018 (it was previously scheduled for January 27, 2017).
The announcement was made by Jeffrey Sutherland, Microsoft’s principal lead program manager in the OS Security team. He explained that, as helpful as EMET has been over the years – both for users and for Microsoft, which used it as a test-bed for new security features – it has its limits.
Most of them stem from the fact that it is not an integrated part of the operating system, but a bolt-on solution. This affects its effectiveness, but also the performance and reliability of the operating system.
Finally, Sutherland noted, most of the protections offered by EMET have now been built into Windows 10 which, unlike previous versions of the OS, is regularly updated with new and improved protections.
“Since its initial launch in July 2015, there have already been two major updates released and that pace is expected to continue. More importantly, each major update of Windows 10 has brought with it substantial new innovations in security,” he pointed out.
“For example, the Microsoft Edge browser was built from the start with security as a top feature. Revolutionary new Windows 10 features like Device Guard, Credential Guard, and Windows Defender Application Guard (coming soon) use hardware virtualization to protect against vulnerability exploits and malware. Windows Defender Advanced Threat Protection (ATP) provides post-breach detection and response for Windows 10 enterprise users. And, of course, Windows 10 includes all of the mitigation features that EMET administrators have come to rely on such as DEP, ASLR, and Control Flow Guard (CFG) along with many new mitigations to prevent bypasses in UAC and exploits targeting the browser.”
Reactions from the security community have been mostly accepting of the change, even welcoming it, with a few praising some of EMET’s past and present abilities.
Others pointed out that some of the Windows 10 security features mentioned by Sutherland are only there for enterprise users, and EMET’s protections are there for everyone.
But obviously, Microsoft is pushing Windows 10 with all its might, and with this, it is giving one more reason for everyone to upgrade.
Recently revealed statistics show that the effectiveness of this push is lesser than expected: Windows 7, released in the same year as EMET (2009), is still the choice for 65 percent of Windows users.