Adobe joins Microsoft's early warning system
By Nicole Kobie
Posted on 28 Jul 2010 at 17:00
Adobe patches will be sent out to Microsoft partners ahead of their general release, the software firms will announce at Black Hat in Las Vegas today.
On the second Tuesday of each month Microsoft releases its latest security patches to the world. A group of 65 security partners receive the details of the bulletins beforehand as part of Microsoft's Active Protections Programme (MAPP), in order to be ready to deploy fixes to their hundreds of millions of customers before the rest of the world - including criminals - are made aware of the flaws.
It's a race between attackers and defenders, bad guys and good guys
"It's a race between attackers and defenders, bad guys and good guys," Dave Forstrom, director of Microsoft Trustworthy Computing, told PC Pro. "[MAPP] completely changed the game, switching the competitive advantage from attackers to defenders."
For the first time, Microsoft will include another vendor's bulletins in MAPP, with Adobe set to take part in the early warning programme.
Forstrom noted it's an important move to keep users safe, as 92% of attacks over the past six months have targeted third-party apps such as Adobe's Reader and Flash rather than the operating system.
"We've clearly seen a shift to attacks focusing on Adobe," he said. "It [Adobe] has recognised the dramatic shift in attackers focusing on applications."
Microsoft plans to have Adobe's patches sent out via MAPP by this autumn, but Forstrom said it will definitely go live by the end of this year. He said Microsoft is focusing on getting the system right with Adobe, but could add more vendors in the future.
EMET security tool upgraded
Microsoft is also unveiling the second version of its Enhanced Mitigation Experience Tool (EMET) which "hardens" the security for older software, such as XP and Internet Explorer 6.
"We know so many businesses and enterprises are still using older versions of software," Forstrom said.
EMET lets users apply mitigations - without adding any new code - to applications to prevent attackers from using known attack routes or methods. The new version features a more user-friendly interface, supports 32-bit and 64-bit OSes, and offers new workarounds.
Such mitigations can now be used across an application or even individual processes, and be switched off or on as needed.
EMET 2.0 is a free download and will arrive next month.
advertisement
- 18 ways to boost your e-commerce conversion rate
- Google App Inventor: is drag and drop a flop?
- Google Picasa: the best way to back up your photos
- Five reasons why Apple's earbuds aren't that bad
- Dubai's dubious internet "censorship"
- How I got Android 2.2 by de-branding my phone
- Samsung Galaxy Tab review: first look
- Are PC stickers really on their way out?
- ViewSonic ViewPad tablets review: first look
- Toshiba Folio 100 tablet review: first look
- Why smaller botnets are big business
- Why Excel won't show more than 15 digits
- UMA: Routing your BlackBerry calls over Wi-Fi
- Web of Trust makes Chrome even safer
- Why you shouldn't worry about IPv6 just yet
- How to scan into Word 2010
- Dropbox: a simple way to sync files in the cloud
- Microsoft Web Platform: the easy way to install WordPress
- Limited by your router? Try replacing the firmware
- Searching for sense in the NAS market
advertisement
ADVERTISEMENT
Printed from www.pcpro.co.uk