Go Back   AnandTech Forums > Software > Security

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 07-26-2012, 11:12 AM   #1
mechBgon
Super Moderator
Elite Member
 
mechBgon's Avatar
 
Join Date: Oct 1999
Posts: 30,699
Default Microsoft EMET 3.5 Tech Preview is up

Info and a download link for the preview release of EMET 3.5 is available here: http://blogs.technet.com/b/srd/archi...hat-prize.aspx

EMET has two functions. One is to provide an easy way to toggle OS settings (DEP, ASLR, SEHOP) that your OS supports. I suggest these settings:



The other is to add exploit resistance to any apps you choose to protect with the "Configure Apps" feature.

The 3.5 Tech Preview version has some new protective options available. If you install EMET 3.5 TP, and click "Configure Apps", the new protections are in the ROP tab. They're not enabled by default because some of them could clash with your software. My recommendation is to

1. In Configure Apps, add all the software you want EMET enhancement for. Browsers, media players, Office-type software, IM/VoIP, email clients, PDF readers, and if you're one of those unfortunate souls with Java installed, definitely Java!

2. Go to the ROP tab and enable all the ROP tweaks for the software you added.

3. Test your software and see if it has any hangups with the ROP tweaks. If so, make exceptions as needed. EMET 3.5 TP will put up a pop-up alert saying what tweak is being violated, so you know what ROP goodie needs to be turned off for that particular software.


Borrowing from the current Microsoft MSRC Progress Report (PDF), this graph shows how EMET 2.1 affected exploit success on WinXP against 184 exploits they threw at it:



I think the Win7 shown in the graph is just plain Win7 without EMET. Anyway, for a freebie app, it's worth having. I've daringly EMET'ed most of the executables on my Win7 systems, including the stuff in the Windows directories, with few problems (MMC.exe wont' tolerate EAF mitigation, and as always, some software needs exceptions made to DEP protection). Use caution before going down that road, but you can certainly score some easy wins by protecting your Internet-aware software as mentioned above.

If you have Win7 but run WinXP Mode on it for legacy-app support, you can install EMET on your WinXP Mode virtual machine for a boost in security.

Last edited by mechBgon; 07-26-2012 at 11:25 AM.
mechBgon is offline   Reply With Quote
Old 07-26-2012, 04:32 PM   #2
Jjoshua2
Senior Member
 
Join Date: Mar 2006
Posts: 627
Default

So does this provide a security benefit with browsers like chrome? I saw a google engineer said that EMET v3 didn't provide any security boost since it already used everything, but presumably the new ROP stuff would be helpful? I'm running it with chrome and it seems to be compatible, unlike v3 when it first came out.
Jjoshua2 is offline   Reply With Quote
Old 07-27-2012, 01:26 AM   #3
mechBgon
Super Moderator
Elite Member
 
mechBgon's Avatar
 
Join Date: Oct 1999
Posts: 30,699
Default

Quote:
Originally Posted by Jjoshua2 View Post
So does this provide a security benefit with browsers like chrome? I saw a google engineer said that EMET v3 didn't provide any security boost since it already used everything, but presumably the new ROP stuff would be helpful? I'm running it with chrome and it seems to be compatible, unlike v3 when it first came out.
Do you remember where you read that? If it were me, I'd go ahead and add all browsers to the protection list regardless.
mechBgon is offline   Reply With Quote
Old 07-27-2012, 09:56 AM   #4
eliasb
Junior Member
 
Join Date: Jul 2012
Posts: 1
Default

mechBgon, EMET 3.5 has been tested with Chrome, Firefox, Aurora, Opera.

It even works with Visual Studio

This is a tech preview and we expect some compatiiblity issues, please feel free to write to EMET support if you spot something.

Thanks,
Elias
eliasb is offline   Reply With Quote
Old 07-27-2012, 11:00 AM   #5
mechBgon
Super Moderator
Elite Member
 
mechBgon's Avatar
 
Join Date: Oct 1999
Posts: 30,699
Default

Quote:
Originally Posted by eliasb View Post
mechBgon, EMET 3.5 has been tested with Chrome, Firefox, Aurora, Opera.

It even works with Visual Studio

This is a tech preview and we expect some compatiiblity issues, please feel free to write to EMET support if you spot something.

Thanks,
Elias
So far it's been smooth sailing on Win7 x64 with the software I use at home and at work. Microsoft's MMC.exe, as I mentioned, needs EAF disabled or it'll crash on launch.

If you guys want to top yourselves, create a vulnerability checkup like Secunia's PSI, but make it free for business use. Maybe you could build this into MBSA?
mechBgon is offline   Reply With Quote
Old 07-28-2012, 10:40 PM   #6
Jjoshua2
Senior Member
 
Join Date: Mar 2006
Posts: 627
Default

EMET [v3] does not provide any additional protection for Chrome.
http://blog.chromium.org/2010/11/com...with-emet.html

The new ROP stuff might. It would be nice to hear from a security expert at Google.

Quote:
Originally Posted by mechBgon View Post
Do you remember where you read that? If it were me, I'd go ahead and add all browsers to the protection list regardless.
Jjoshua2 is offline   Reply With Quote
Old 08-14-2012, 05:54 PM   #7
Emulex
Diamond Member
 
Join Date: Jan 2001
Location: ATL
Posts: 9,554
Default

where do you get emet 3.5 profiles? allrop2.xml?
__________________
-------------------------
NAS: Dell 530 Q6600 8gb 4tb headless VHP
KID PC1: Mac Pro Dual nehalem - 6gb - GF120 - HP ZR30W
Browser: Dell 530 Q6600 4GB - Kingston 96gb -gt240- hp LP3065 IPS - 7ult
Tabs: IPAD 1,2,3 IPOD3,HTC flyer, Galaxy Tab - all rooted/jb
Couch1: Macbook Air/Macbook White
Couch2: Macbook Pro 17 2.66 Matte screen - 8GB - SSD
HTPC: Asus C2Q8300/X25-V - Geforce 430- 7ult - Antec MicroFusion 350
Emulex is offline   Reply With Quote
Old 08-14-2012, 11:57 PM   #8
mechBgon
Super Moderator
Elite Member
 
mechBgon's Avatar
 
Join Date: Oct 1999
Posts: 30,699
Default

Quote:
Originally Posted by Emulex View Post
where do you get emet 3.5 profiles? allrop2.xml?
They included three of their own, but I made my own by manually adding software executables in the Configure Apps section. As you noticed, the ROP mitigations are all disabled by default, and it's a hassle to manually check all those checkboxes. Instead, try this:

1. add the programs you want in Configure Apps*. I scrounge my Program Files and Program Files (x86) directories for likely targets, and also look at the running-task list in EMET for stuff to add.

2. go into Configure Apps and click File > Export... and export the current config to a file

3. open the file in Notepad and hit CTRL H for the "find-and-replace" feature. Replace false with true throughout the file, then save it.

4. now in EMET, do a File > Import of that file, and all the ROP stuff will be toggled on after a moment or two.


*On Win7, I also added everything in the Windows and System32 directories to see what would happen, and it pretty much works except you'll need to leave MMC.exe exempt from the EAF mitigation. Might want to set a System Restore point first, in case your Windows is less cooperative.

Last edited by mechBgon; 08-15-2012 at 12:01 AM.
mechBgon is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:31 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.