Enhanced Mitigation Experience Toolkit
Microsoft has developed a toolkit called Enhanced Mitigation Experience Toolkit (EMET). This toolkit protects the windows users from hackers trying to gain access to their systems.
As day by day there is an increase in hacking attacks due to software vulnerabilities and exploits. It is almost impossible for us to trust any software or any web app. Though many software providers come up with security updates, not to mention which are a lot annoying, still they are not enough to protect the users. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.
In the latest row of attacks, a Zero Day was found in Internet Explorer Browser.
Microsoft explains this vulnerability as “A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer. Then convince a user to view the website.”
Yunsun Wee, Director, Trustworthy Computing, recommended users protect themselves against attack by installing the Enhanced Mitigation Experience Toolkit. Known as EMET, it adds advanced security defenses on older Windows versions and more strictly enforces them on newer ones. Microsoft has more about the vulnerability, which affects all supported versions of Internet Explorer
What Does EMET Do?
EMET short for Enhanced Mitigation Experience Toolkit works on security mitigation technology. Which makes it very difficult for an attacker to exploit vulnerabilities in software. It also allows users to manage these technologies on their computers and provide many more benefits.
The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques. Still can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques.
Some of its benefits are:
- No source code required: Until now, several of the available mitigations (such as Data Execution Prevention (DEP)) have required for an application to be manually opted in and recompiled. EMET changes this by allowing a user to opt in applications without recompilation. This is especially handy for deploying mitigations on software that was written before the mitigations were available and when source code is not available.2. Highly configurable: EMET provides a higher degree of granularity by allowing mitigations to be individually applied on a per process basis. There is no need to enable an entire product or suite of applications. This is helpful in situations where a process is not compatible with a particular mitigation technology. When that happens, a user can simply turn that mitigation off for that process.3. Helps harden legacy applications: It’s not uncommon to have a hard dependency on old legacy software that cannot easily be rewritten and needs to be phased out slowly. Unfortunately, this can easily pose a security risk as legacy software is notorious for having security vulnerabilities. While the real solution to this is migrating away from the legacy software, EMET can help manage the risk while this is occurring by making it harder to hackers to exploit vulnerabilities in the legacy software.4. Ease of use: The policy for system wide mitigations can be seen and configured with EMET’s graphical user interface. There is no need to locate up and decipher registry keys or run platform dependent utilities. With EMET you can adjust setting with a single consistent interface regardless of the underlying platform.5. Ease of deploy: EMET comes with built-in support for enterprise deployment and configuration technologies. This enables administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment.
6. Ongoing improvement: EMET is a living tool designed to be updated as new mitigation technologies become available. This provides a chance for users to try out and benefit from cutting edge mitigations. The release cycle for EMET is also not tied to any product. EMET updates can be made dynamically as soon as new mitigations are ready.
What is DEP?
Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs. These types of attacks can harm your programs and files.
DEP can help protect your computer by monitoring your programs to make sure that they use system memory safely. If DEP notices a program on your computer using memory incorrectly, it closes the program and notifies you.
Language: Only English
File Name: EMET setup.msi
Size: 6.03 MB
Operating System: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows XP Service Pack 3.
How To Install EMET v3.0?
It is very easy to install EMET. To install EMET v3.0 first click on the EMET Setup.msi.
Step 1: Now click on next to continue the installation.
Step 2: Here you have to select the installation folder and the privileges on who can use EMET on the computer. You can also check the disk space left by clicking on Disk Cost.
Step 3: Read the Agreement and click on I Agree to continue.
Now it is almost done, give it some time for unpacking and after it is finished click on close.
After EMET is installed, a window will open in front of you. Now you can control this toolkit all by yourself.
You can see System status and the application processes running. It allows you to configure setting on which application to run DEP, SEHOP and ASLR.
To change the System configuration, Click on Configure System on the top. Here you will be giving option of custom setting where you can change the mitigation process yourself or you can click on the maximum security setting.
Note: We recommend you to keep the DEP Mitigation on Application Opt In.
You can also Configure Apps. Click on configure apps to change the apps setting.
Now let’s add some applications in it to test its working.
Keep in mind that any change you make in the EMET may require the restarting of that application.
Author: Naveen Thakur