Microsoft finally implements by default one of its longest-standing best practices on a typical user Windows OS version.
The author questions why Office macros are not disabled by default as well. The answer is that with both cmd.exe and powershell.exe disabled, most malicious macros will not function. However, his argument is valid and macros should not be enabled for office suite files from external sources.
Despite these hardening measures, the OS and applications installed on it will have vulnerabilities and will still be susceptible to exploits and other attacks - even with the future full EMET integration into the OS. The best prevention is to use alternative software that is not targeted for exploits - where possible, keep all software updated, and in particular apply all released security patches.
10 S will not provide perfect security, but it is a small step in the right direction.
The author questions why Office macros are not disabled by default as well. The answer is that with both cmd.exe and powershell.exe disabled, most malicious macros will not function. However, his argument is valid and macros should not be enabled for office suite files from external sources.
Despite these hardening measures, the OS and applications installed on it will have vulnerabilities and will still be susceptible to exploits and other attacks - even with the future full EMET integration into the OS. The best prevention is to use alternative software that is not targeted for exploits - where possible, keep all software updated, and in particular apply all released security patches.
10 S will not provide perfect security, but it is a small step in the right direction.
Last edited by a moderator:
