In today’s Ask the Admin, I’ll look at why Microsoft has discontinued EMET and how Windows 10 mitigates many of the threats that EMET was designed to counter.
Microsoft last released an update to its free Enhanced Mitigation Experience Toolkit (EMET) for Windows in January, but has since decided to retire the product. EMET was born out of Microsoft’s Trustworthy Computing initiative, a project designed to increase trust in the company’s software at a time when privacy and security issues in Windows were threatening to taint Microsoft’s reputation. With gaps of 3 to 4 years between major OS releases, EMET was needed to defend organizations against zero-day vulnerabilities.
To learn more about EMET, see What’s New in Microsoft EMET 5.2 on the Petri IT Knowledgebase.
EMET was successful in protecting users between Windows releases, but there were also drawbacks. As a bolt-on solution, the protection techniques were not as robust as those built-in to the OS, which led to hackers finding ways to bypass EMET relatively quickly. The protections provided by EMET could lead to performance and reliability issues in applications, due to the low-level access required that was used in ways the OS wasn’t originally designed for. And finally, EMET didn’t keep pace with developments in Windows, and although Microsoft supports EMET 5.5 in Windows 10, the protections weren’t always as good as those now integrated into the OS.
It shouldn’t come as any surprise that Microsoft has stopped developing EMET. Because of how Microsoft now ships Windows as a service, it’s possible to build the latest defense mechanisms into the OS and have them shipped to customers in a timely manner. Additionally, many of EMET’s security features were designed to protect customers using Internet Explorer (IE), and while enterprises will continue using IE for legacy applications, Windows 10 has a new default browser, Edge, that was designed with security in mind from the get-go. Windows 10 also includes security features, such as Device and Credential Guard, that make the OS more secure than previous versions of Windows when used in an enterprise environment.
For more information about Windows 10 Credential Guard, see Windows 10 Enterprise Feature: Credential Guard on the Petri IT Knowledgebase.
Mitigation technologies previously built in to EMET — such as DEP, ASLR, and Control Flow Guard (CFG) — are built in to Windows 10, and there are also new features to help stop hackers bypassing User Account Control (UAC) and exploiting browser vulnerabilities.
Microsoft will support EMET 5.5 until July 31, 2018, but believes the best way to deliver a secure OS in the modern era is to update Windows on a regular basis to make sure mitigation technologies are not an afterthought but integrated into the OS.