Adobe joins Microsoft's early warning system
By Nicole Kobie
Posted on 28 Jul 2010 at 17:00
Adobe patches will be sent out to Microsoft partners ahead of their general release, the software firms will announce at Black Hat in Las Vegas today.
On the second Tuesday of each month Microsoft releases its latest security patches to the world. A group of 65 security partners receive the details of the bulletins beforehand as part of Microsoft's Active Protections Programme (MAPP), in order to be ready to deploy fixes to their hundreds of millions of customers before the rest of the world - including criminals - are made aware of the flaws.
It's a race between attackers and defenders, bad guys and good guys
"It's a race between attackers and defenders, bad guys and good guys," Dave Forstrom, director of Microsoft Trustworthy Computing, told PC Pro. "[MAPP] completely changed the game, switching the competitive advantage from attackers to defenders."
For the first time, Microsoft will include another vendor's bulletins in MAPP, with Adobe set to take part in the early warning programme.
Forstrom noted it's an important move to keep users safe, as 92% of attacks over the past six months have targeted third-party apps such as Adobe's Reader and Flash rather than the operating system.
"We've clearly seen a shift to attacks focusing on Adobe," he said. "It [Adobe] has recognised the dramatic shift in attackers focusing on applications."
Microsoft plans to have Adobe's patches sent out via MAPP by this autumn, but Forstrom said it will definitely go live by the end of this year. He said Microsoft is focusing on getting the system right with Adobe, but could add more vendors in the future.
EMET security tool upgraded
Microsoft is also unveiling the second version of its Enhanced Mitigation Experience Tool (EMET) which "hardens" the security for older software, such as XP and Internet Explorer 6.
"We know so many businesses and enterprises are still using older versions of software," Forstrom said.
EMET lets users apply mitigations - without adding any new code - to applications to prevent attackers from using known attack routes or methods. The new version features a more user-friendly interface, supports 32-bit and 64-bit OSes, and offers new workarounds.
Such mitigations can now be used across an application or even individual processes, and be switched off or on as needed.
EMET 2.0 is a free download and will arrive next month.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
advertisement
Printed from www.pcpro.co.uk