The next version of Microsoft's Enhanced Mitigation Experience Toolkit used to make Windows PCs more secure will include options to protect against Java exploits, one of the most common forms of cyberattacks.
Microsoft unveiled Tuesday the technology preview of EMET 5.0 at the RSA Conference in San Francisco, one of the biggest security industry events of the year. The company expects to make the new version of EMET generally available this year.
Disable the plugin that lets browsers run Java apps downloaded from a Web site. Run Java only from trusted sites.
Among the more noteworthy features in EMET 5.0 is the ability to set up a list of websites allowed to load plugins, such as Adobe Flash Player, and Java code, a cross-platform language, onto a browser. Limiting downloads to a set number of sites reduces the risk of having a PC infected with malware.
For example a company could limit all Java and plugin downloads to sites on the company's intranet, while blocking them from all sites on the public Internet.
"The most recurring suggestion we received was to allow the Oracle Java plugin on intranet websites, which commonly run line-of-business applications written in Java, while blocking it on Internet zone websites," Microsoft said in its Security Research and Defense Blog. "In addition to that Java-related customer feedback, we have also seen a number of exploits targeting the Adobe Flash Player plugin."
Microsoft introduces tech preview of the EMET security toolkit; blocks Java downloads from malicious websites.
The Java- and plugin-blocking feature should "effectively stymie most of the historical attack methods related to Java and Flash," Andrew Storms, director of DevOps at security firm CloudPassage, said.
"Those two applications have historically caused a lot of heartburn for security teams," Storms told CruxialCIO in an email.
Running Java, which was acquired by Oracle in the purchase of Sun Microsystems in 2010, is considered one of the biggest security risks in today's browsers. Most security experts recommend that companies and consumers turn off this capability in browsers used on the public Internet.
Other features worth noting in EMET 5.0 is a "straightjacket" for Windows processes, so that those behaving in an unexpected manner are automatically terminated, Wolfgang Kandek, chief technology officer for security vendor Qualys, said. Unusual Windows processes typically signal a malware attack.
"EMET is not a policy-changing tool, but it might just be that additional piece of security software that is worth investing in," Kandek told CruxialCIO in an email.
Microsoft has historically used EMET to preview technology. Features that are effective and widely used by customers are often rolled into the base operating system.