Posts

How to Secure Your Computer using Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)

2014-06-10 16_41_50-Enhanced Mitigation Experience ToolkitToday I’m going to show you how downloading a single program and spending 2 minutes configuring it can substantially improve the security of your computer. With this software installed, your PC will be almost completely hacker-proof.

First, you’ll need to download the Enhanced Mitigation Experience Toolkit (EMET) from Microsoft and install it. It’s best to use the Recommended Settings option. This will enable recommended settings designed to protect against the exploitation of the most commonly vulnerable programs. These program include Internet Explorer, Microsoft Office, Microsoft Outlook Adobe Reader, the Java plug-in, and Wordpad.

Next, open the EMET GUI (which can be found in your Start menu).

Then click the Import button at the top left.

Of the files listed as available for importing, select “Popular Software”. This will add new protection rules for many popular programs, including:

  • 7zip
  • Mozilla Firefox
  • Apple iTunes
  • mIRC
  • Opera web browser
  • Google Chrome
  • Pidgin instant messenger
  • Quicktime media player
  • Skype
  • Mozilla Thunderbird
  • VLC media play
  • WinAmp
  • WinZip
  • and many more programs.

It’s possible to add your own protection settings for individual applications, but this is an advanced feature recommended only for expert computer users.

How EMET Works

EMET enables many security features that are built into Windows but not always turned on by defautlt.

One such protection is Data Execution Prevention (DEP) which allows the operating system to mark specific memory sections as non-executable. This means your computer will treat it only as data, and not as runnable software. In the event that an attacker attempts to use a buffer overflow vulnerability in a protected application that relies on executing memory marked as non-executable, the attack will fail.

Another security feature enabled by EMET is Address space layout randomization (ASLR). ASLR randomizes the locations where applications and system libraries are loaded into memory. Not being able to predict where in memory an application is loaded makes it much harder for attackers to write reliable exploits.

These two features have been available in Unix systems like Linux and OpenBSD for years, and with EMET they’ve been successfully integrated into Windows. In fact, at the most recent Pwn2Own hacking competition, Internet Explorer 11 with EMET protection was the only web browser not to be successfully exploited. (It should be noted that the other browsers were not using EMET protections, which was probably a big factor.)

Together these features substantially reduce the number of security vulnerabilites that can be exploited, and the severity of the vulnerabilities when they occur. And they do all of this without impacting the functionality or performance of the programs that are protected, which is pretty impressive.

Want to keep your computer safe from internet super villains? ZookaWare’s computer experts are available 24 hours a day for remote technical support.