- Oct 31, 1999
- 30,699
- 1
- 0
Info and a download link for the preview release of EMET 3.5 is available here: http://blogs.technet.com/b/srd/arch...urity-mitigations-from-the-bluehat-prize.aspx
EMET has two functions. One is to provide an easy way to toggle OS settings (DEP, ASLR, SEHOP) that your OS supports. I suggest these settings:
The other is to add exploit resistance to any apps you choose to protect with the "Configure Apps" feature.
The 3.5 Tech Preview version has some new protective options available. If you install EMET 3.5 TP, and click "Configure Apps", the new protections are in the ROP tab. They're not enabled by default because some of them could clash with your software. My recommendation is to
1. In Configure Apps, add all the software you want EMET enhancement for. Browsers, media players, Office-type software, IM/VoIP, email clients, PDF readers, and if you're one of those unfortunate souls with Java installed, definitely Java!
2. Go to the ROP tab and enable all the ROP tweaks for the software you added.
3. Test your software and see if it has any hangups with the ROP tweaks. If so, make exceptions as needed. EMET 3.5 TP will put up a pop-up alert saying what tweak is being violated, so you know what ROP goodie needs to be turned off for that particular software.
Borrowing from the current Microsoft MSRC Progress Report (PDF), this graph shows how EMET 2.1 affected exploit success on WinXP against 184 exploits they threw at it:
I think the Win7 shown in the graph is just plain Win7 without EMET. Anyway, for a freebie app, it's worth having. I've daringly EMET'ed most of the executables on my Win7 systems, including the stuff in the Windows directories, with few problems (MMC.exe wont' tolerate EAF mitigation, and as always, some software needs exceptions made to DEP protection). Use caution before going down that road, but you can certainly score some easy wins by protecting your Internet-aware software as mentioned above.
If you have Win7 but run WinXP Mode on it for legacy-app support, you can install EMET on your WinXP Mode virtual machine for a boost in security.
EMET has two functions. One is to provide an easy way to toggle OS settings (DEP, ASLR, SEHOP) that your OS supports. I suggest these settings:
The other is to add exploit resistance to any apps you choose to protect with the "Configure Apps" feature.
The 3.5 Tech Preview version has some new protective options available. If you install EMET 3.5 TP, and click "Configure Apps", the new protections are in the ROP tab. They're not enabled by default because some of them could clash with your software. My recommendation is to
1. In Configure Apps, add all the software you want EMET enhancement for. Browsers, media players, Office-type software, IM/VoIP, email clients, PDF readers, and if you're one of those unfortunate souls with Java installed, definitely Java!
2. Go to the ROP tab and enable all the ROP tweaks for the software you added.
3. Test your software and see if it has any hangups with the ROP tweaks. If so, make exceptions as needed. EMET 3.5 TP will put up a pop-up alert saying what tweak is being violated, so you know what ROP goodie needs to be turned off for that particular software.
Borrowing from the current Microsoft MSRC Progress Report (PDF), this graph shows how EMET 2.1 affected exploit success on WinXP against 184 exploits they threw at it:
I think the Win7 shown in the graph is just plain Win7 without EMET. Anyway, for a freebie app, it's worth having. I've daringly EMET'ed most of the executables on my Win7 systems, including the stuff in the Windows directories, with few problems (MMC.exe wont' tolerate EAF mitigation, and as always, some software needs exceptions made to DEP protection). Use caution before going down that road, but you can certainly score some easy wins by protecting your Internet-aware software as mentioned above.
If you have Win7 but run WinXP Mode on it for legacy-app support, you can install EMET on your WinXP Mode virtual machine for a boost in security.
Last edited:
Facebook
Twitter