Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    iNET Interactive
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    688
    Thanks
    11
    Thanked 65 Times in 51 Posts

    Protecting PCs from the next zero-day threat




    TOP STORY


    Protecting PCs from the next zero-day threat


    By Susan Bradley

    One of the better tools for protecting our systems from the new threats is Microsoft's oddly named Enhanced Mitigation Experience Toolkit.
    If you must use Internet Explorer for specific applications, use another browser as much as possible and remove or disable Java.

    The full text of this column is posted at windowssecrets.com/top-story/protecting-pcs-from-the-next-zero-day-threat (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Lounger
    Join Date
    Dec 2009
    Location
    Manitoba, Canada
    Posts
    30
    Thanks
    0
    Thanked 4 Times in 2 Posts
    Good information. Thank you. (I've downloaded it ...)

    I understand why you focus on XP, but could you follow up and expand on the benefits to Vista, Win7 and even Win8. Just a table listing the EMET mitigations that benefit the other Windows versions would help sell management on supporting the effort required to implement this free tool.

  4. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Connecticut River Valley, CT
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the update. One point of note...if EMET 3.0 is installed it must be removed using Control Panel before EMET 3.5 can be installed...At least in Windows 7 Professional (X64).
    Regards,

    Bob Johnston, CISSP

    When entrusted to process, you are obligated to safeguard!

  5. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    Philadelphia
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Am I correct that all the column content (9/26) applies to Internet Destroyer, not other browsers?

    As an aside, it has finally happened to me: I never thought I'd be in the situation of not understanding over 70% of the terminology in a computer tech article. I feel like the truck drivers who strayed across the CanAm border in the '40's and wound up in a small diner in Canada around 4AM...

    "Say, Sister, we're lost! Can you tell us where we are?"

    "Saskatoon, Saskatchewan!"

    (Turns to his co-driver) "Nice job of navigating.... they don't even speak ENGLISH here!"


    I feel his pain.

  6. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Houston, Texas, USA
    Posts
    3
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Absolute (almost) protection from hackers

    I appreciate very much the information in this article as well as the others WS publishes which help us keep our computers ASAP (as safe as possible). I use a simple and brutally effective way to protect my valuable data: I don't make it accessible to the internet. When I purchased my most recent PC, I saved the old one, upgraded it a touch, pulled it offline, and use it for the data that absolutely must be kept intact. That may be extreme, and yes, I have to do some minor data manipulation via flash drives, but I live in comfort knowing that my financial, tax, business, and other vital information is safe from the reach of internet hackers. And, the offline computer runs crazy fast, because it is not loaded down with malware, virus and other such software running in the background. I will soon replace the offline computer with a newer one; basic PCs are very inexpensive these days, and it seems like cheap but reliable insurance to me.

  7. #6
    New Lounger
    Join Date
    Jan 2010
    Location
    Tomball, Texas
    Posts
    9
    Thanks
    0
    Thanked 2 Times in 1 Post

    EMET not working for me

    When I got to the part about enabling internet explorer and clicked 'open' on the profile file I got a warning about Active X ( I guess I should not trust Microsoft, eh?) After electing to run the Active X item nothing happens. After reboot EMET is not protecting anything. I guess I got this all wrong, eh? (Windows XP system).

  8. #7
    3 Star Lounger
    Join Date
    Nov 2001
    Location
    Morganville, New Jersey, USA
    Posts
    240
    Thanks
    17
    Thanked 2 Times in 2 Posts

    Configure Apps winows different

    I uninstalled 3.0 and installed 3.5. When I tried to "Configure Apps," the window is much more basic than in the article and there was no "Import" feature. Is that because I use Windows 7 Home Premium rather than Professional? Or some other reason?

    Thanks.

  9. #8
    New Lounger
    Join Date
    Apr 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    SEHOP on XP

    Your article says:

    "For example, EMET will add Structured Exception Handling Overwrite Protection (SEHOP; more info) to Windows XP."

    But your own grahic in the article shows the program's main window saying that SEHOP remains "unavailable". After some digging, I determined that this means Windows *itself* won't use SEHOP but applications can be configured to use it (as one does by following your very-nearly-complete instructions). This is an unfortunate opportunity for confusion in EMET's user interface.

    Another thing that seems puzzling is the presence of "EMET Notifier" in the Windows System Tray after closing the EMET program. And its absence after the PC has been rebooted. This would seem to imply that one must have the EMET program within one's Strartup programs for it to take effect... or at least, for whatever the "Notifier" is, to take effect.
    Last edited by rretter; 2012-09-27 at 19:47.

  10. #9
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,298
    Thanks
    138
    Thanked 112 Times in 96 Posts
    Quote Originally Posted by bwhite2323 View Post
    I appreciate very much the information in this article as well as the others WS publishes which help us keep our computers ASAP (as safe as possible). I use a simple and brutally effective way to protect my valuable data: I don't make it accessible to the internet. When I purchased my most recent PC, I saved the old one, upgraded it a touch, pulled it offline, and use it for the data that absolutely must be kept intact. That may be extreme, and yes, I have to do some minor data manipulation via flash drives, but I live in comfort knowing that my financial, tax, business, and other vital information is safe from the reach of internet hackers. And, the offline computer runs crazy fast, because it is not loaded down with malware, virus and other such software running in the background. I will soon replace the offline computer with a newer one; basic PCs are very inexpensive these days, and it seems like cheap but reliable insurance to me.
    And the best way to avoid electrical shocks is to live without electricity, I suppose.
    -- Bob Primak --

  11. #10
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,298
    Thanks
    138
    Thanked 112 Times in 96 Posts
    Quote Originally Posted by rretter View Post
    Your article says:

    "For example, EMET will add Structured Exception Handling Overwrite Protection (SEHOP; more info) to Windows XP."

    But your own grahic in the article shows the program's main window saying that SEHOP remains "unavailable". After some digging, I determined that this means Windows *itself* won't use SEHOP but applications can be configured to use it (as one does by following your very-nearly-complete instructions). This is an unfortunate opportunity for confusion in EMET's user interface.

    Another thing that seems puzzling is the presence of "EMET Notifier" in the Windows System Tray after closing the EMET program. And its absence after the PC has been rebooted. This would seem to imply that one must have the EMET program within one's Strartup programs for it to take effect... or at least, for whatever the "Notifier" is, to take effect.
    This article from Tech Republic contains an explanation of the EMET Notifier. It is a Real-Time notification of any event where an application was terminated due to an EMET violation.

    The EMET Notifier, a new feature added in this version, also helps organizations in monitoring EMET, as it can write events to the Application log and present the user with notifications on the taskbar area when an application has been terminated due to an attempted exploit.
    This would appear to be useful, but not a necessary component. And yes, it could be added to Startups to run whenever Windows is running. Just an added layer of protection, it seems. Logging is also possible with EMET.
    -- Bob Primak --

  12. #11
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    London
    Posts
    524
    Thanks
    195
    Thanked 2 Times in 2 Posts
    Am I correct in assuming this adds no extra protection for someone who uses Firefox rather than IE on an XP machine?

  13. #12
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,298
    Thanks
    138
    Thanked 112 Times in 96 Posts
    Quote Originally Posted by georgelee View Post
    Am I correct in assuming this adds no extra protection for someone who uses Firefox rather than IE on an XP machine?
    EMET can add protections for all or any selection of programs. Yes, Firefox can benefit -- just not as much in this current issue as IE.
    -- Bob Primak --

  14. #13
    New Lounger
    Join Date
    Jan 2010
    Location
    United States of America
    Posts
    9
    Thanks
    2
    Thanked 0 Times in 0 Posts
    One thing I noticed when importing the "Office Programs" protection settings is that it left DEP unchecked for certain Microsoft Office programs, specifically ones in the "Office10" folder (see screenshot). Does this mean that there are certain programs that won't run correctly or will run with reduced performance if DEP is forced on them? Why does EMET leave DEP disabled for them by default?
    image_2012_9_29_0.bmp
    Last edited by aguazales; 2012-09-29 at 16:27. Reason: spelling

  15. #14
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,298
    Thanks
    138
    Thanked 112 Times in 96 Posts
    Quote Originally Posted by aguazales View Post
    One thing I noticed when importing the "Office Programs" protection settings is that it left DEP unchecked for certain Microsoft Office programs, specifically ones in the "Office10" folder (see screenshot). Does this mean that there are certain programs that won't run correctly or will run with reduced performance if DEP is forced on them? Why does EMET leave DEP disabled for them by default?
    image_2012_9_29_0.bmp
    Probably yes. The article warns to go slowly for this reason.
    -- Bob Primak --

  16. #15
    Star Lounger
    Join Date
    May 2012
    Location
    Michigan
    Posts
    80
    Thanks
    36
    Thanked 4 Times in 3 Posts

    Why Configure Apps window is more basic with Windows 7 and protecting IE

    Quote Originally Posted by globalist View Post
    I uninstalled 3.0 and installed 3.5. When I tried to "Configure Apps," the window is much more basic than in the article and there was no "Import" feature. Is that because I use Windows 7 Home Premium rather than Professional? Or some other reason?

    Thanks.
    Using Windows 7 Pro, I clicked "File" and then "Import." Next, double click in this order: "Local Disk (C," "Program files," "EMET (Tech Preview)," "Deployment", "Protection Profiles," and "Internet Explorer". When the the last page listing all the defaults for IE came up, all the checkboxes were selected. Just to make sure all the checkboxes would remain selected, I clicked "Okay," closed EMET, and rebooted my computer.

    Using Windows 7 is apparently the reason the window you refer to is more basic than in the article. When my operating system was Windows XP, the window was the same as in Susan Bradley's excellent article.
    Last edited by csmart4125; 2012-12-07 at 21:50.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •