Wednesday, April 9, 2014

WINDOWS XP - The Enhanced Mitigation Experience Toolkit (EMET)

Now that SECURITY support for ordinary users of Windows XP is ended, here's an alternative way to protect WinXP.

Note that Microsoft Updates (which you should be using instead of Windows Updates) will still update some Microsoft software, like the "Malicious Software Removal Tool."  What stops is security updates to WinXP itself.

The alternative protection is Microsoft's The Enhanced Mitigation Experience Toolkit (EMET)

WARNING:  The EMET is NOT for amateurs.  If used incorrectly it can cause problems with WinXP.  But if you use Recommended Settings on installation, and the Quick Profile Name [Recommended Security settings] it should be safe.

Note that EMET is for all versions of Windows and some features are not available in WinXP.

Here's a screenshot of my EMET GUI:

With WinXP SEHOP & ASLR are not available.

There Software Profiles you can [Import].  I imported Popular Software.

From the support page in above link:

What is the Enhanced Mitigation Experience Toolkit?

The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited.  EMET achieves this goal by using security mitigation technologies.  These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities.  These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited.  However, they work to make exploitation as difficult as possible to perform.

EMET 4.0 and newer versions also provide a configurable SSL/TLS certificate pinning feature that is called Certificate Trust.  This feature is intended to detect man-in-the-middle attacks that are leveraging the public key infrastructure (PKI).

Are there restrictions as to the software that EMET can protect?

EMET can work together with any software, regardless of when it was written or by whom it was written.  This includes software that is developed by Microsoft and software that is developed by other vendors.  However, you should be aware that some software may not be compatible with EMET.  For more information about compatibility, see the "Are there any risks in using EMET?" section.

What are the requirements for using EMET?

EMET 3.0 requires the Microsoft .NET Framework 2.0.
EMET 4.0 and 4.1 require the Microsoft .NET Framework 4.0. Additionally, for EMET to work with Internet Explorer 10 on Windows 8, KB2790907 must be installed.

The Microsoft Download page for EMET.  You should download both the Setup and Guide.

Note that EMET is just a GUI that makes setting various Windows options easier.

Also, I did try with DEP [Always On] (Maximum protection settings) but that prevented 2 of my boot-time apps from running, like MiniMinder.  So I changed back to the settings you see in my GUI screenshot.

No comments: