A sophisticated anti-malware tool, Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is especially adept at protecting Internet Explorer from zero-day threats.
Currently in beta, the final version of EMET 4.0 is due out any day now. Here’s what’s new.
Microsoft’s advanced anti-malware app updated
When I wrote about EMET in the Jan. 6, 2011, Best Practices story, Microsoft was testing Version 2.0. The more recent Version 3.4 never made it out of “Tech Preview.” EMET 4.0 (site), currently available as a beta download, adds new features that should interest IT managers. But it also includes something new for the average Windows user — Windows 8 support.
Technically speaking, EMET helps protect Windows systems from zero-day threats by preventing the exploitation of memory-corruption vulnerabilities in applications — especially Internet Explorer and older Windows software. In EMET 4.0, protection for Internet Explorer, Adobe Acrobat, and Java (from a security aspect, three of our most problematic applications) is enabled by default.
In addition, Version 4.0 fixes various bugs discovered in EMET 3.5, including one that caused problems for me: a conflict between Internet Explorer 9 and the Windows Snipping Tool.
As noted in an SRD blog post, EMET 4.0 also adds a form of SSL protection called certificate pinning, which helps detect and prevent man-in-the middle attacks. (In a typical man-in-the-middle attack, a hacker sets up a wireless access point and spoofs a common SSL certificate. Your browser is tricked into trusting a bogus — and usually malicious — site.)
Google’s Chrome has been doing this for a few years, as noted in a Security On blog post. Its implementation creates a white list of trusted Certificate Authorities (such as Verisign and Google Internet Authority) for specific sets of Internet domains. It ensures that a browser validates these protected domains with specific, trusted Certificate Authorities (CA) in its white list — not just with CAs in its Trusted Root CA store. To sign in to your bank’s site, for example, Chrome would look for the bank’s signed certificate in its white list.