EMET is Easy

Whether you are an expert or a novice, a Microsoft fanboy or not, EMET is a great tool to install and enhance the security of your environment.

The most recent version can be downloaded directly from Microsoft for FREE here.

There is a prerequisite of .NET 4.  The full download is here.  There are two types of .NET, client side and full.  The full which the link goes to here is slightly larger and contains server side components.  Immediately after installing .NET 4 you will need to check for updates…there will be at least 4 (unless they update the download to slip stream them).

So now you have this tool installed…what does it do?  Why exactly did I install this thing again?  Oh yeah…security.

The way that EMET works is that it protects your system against common programming errors and attack vectors.  It is configured out of the box to protect Windows components, but requires some tweaking to monitor programs that you have installed.  You may want to exercise caution on implementing EMET on everything.  As Krebs mentions, implementing a program at a time and evaluating stability is a good idea.  The User Guide (aka Help) inside of the application explains how to configure via the GUI or the command line.  On most systems you can quickly deploy the most common settings using the following command lines:

“C:\Program Files (x86)\EMET 5.2\EMET_Conf” –import “C:\Program Files (x86)\EMET 5.2\Deployment\Protection Profiles\CertTrust.xml”

“C:\Program Files (x86)\EMET 5.2\EMET_Conf” –import “C:\Program Files (x86)\EMET 5.2\Deployment\Protection Profiles\Popular Software.xml”

“C:\Program Files (x86)\EMET 5.2\EMET_Conf” –import “C:\Program Files (x86)\EMET 5.2\Deployment\Protection Profiles\Recommended Software.xml”

As a former full time *NIX guy I have to say that Microsoft has really come around on the security front.  It’s just too bad that EMET is not included in the OS.  Some would argue that if they didn’t make a buggy OS, then this would be unnecessary…but we are where we are, and mitigation is better than nothing.  The features will still be standalone in Windows 10 (which was recently released).  Depending on how comfortable you are with tweaking things there is a lot of options and you can get deep in to it.  But the good news is that you don’t have to touch a thing and you will make yourself a more difficult target.  That is not to say that you will ever be totally protected, but as long as there is an easier target out there you are less likely to experience a compromise.

-Tony

Leave a Reply

Your email address will not be published. Required fields are marked *