dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3322
share rss forum feed


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

EMET saves the day

I know many here have never heard of Microsoft's EMET (Enhanced Mitigation Experience Toolkit) or don't bother to give it a try (it's free). That said it's another layer to add to A/V software etc. It takes next to no resources,

Currently EMET is in Beta (v4.0) but is scheduled for release on May 28th.

Anyway here's a story about how EMET performed in a real-world test.

quote:
Would EMET 3.5 have stopped the attack as I predicted four months earlier? Yes, I am fully aware EMET 4v Beta is available for download. But I am trying to remain honest to my words from January 1st. Let’s see. The team at Metasploit reproduced the exploit used in the attack and posted the source.

...

So at this point, I’m pretty happy. EMET has kept me honest against Deep Panda and their threat towards Nuclear Scientists. What I said four months earlier that EMET 3.5 preventing against novel attacks held very true four months after I said it.
Nuclear Scientists, Pandas and EMET Keeping Me Honest
--
Don't feed trolls--it only makes them grow!

GuruGuy

join:2002-12-16
Atlanta, GA

Does this only work on Internet Explorer?
--
GuruGuy



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

EMET is a generic tool for preventing certain type of exploits from occurring. It can be used with any software (e.g. browsers or other) although some applications aren't compatible with all it's methods.

For example my EMET configuration protects IE, Firefox, Office and many other common applications.

Perhaps that's why so many ignore EMET. Microsoft doesn't do a very good job at explaining it's purpose in non-technical terms.
--
Don't feed trolls--it only makes them grow!



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

1 recommendation

reply to StuartMW

Are you selling something

--
She shills sea shills by the Sea Shore.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

Sure. Microsoft pays me big bucks to push their free software
--
Don't feed trolls--it only makes them grow!



tempnexus
Premium
join:1999-08-11
Boston, MA

1 recommendation

reply to StuartMW

EMET 4 is buggy as hell with high level HIPS like OA.
It also wrecks SANDBOXIE on Win8 64bit.


HarryH3
Premium
join:2005-02-21
kudos:2
Reviews:
·Suddenlink

1 recommendation

reply to StuartMW

After looking through the FORTY-FIVE PAGES of the "user guide", I'm still somewhat baffled as to how to actually configure EMET. I did notice that is states that just installing EMET provides ZERO protection. It has to be configured before it will do anything, yet I find the lack of instruction on how to configure it to be typical of Microsoft... (Sorta like the "Click here for more info" in some of their error popups, event viewer logs, etc. that take to you a page that just says "No matches were found for this error code"!)


art22gg
Premium
join:2005-02-16
Courtenay, BC
kudos:6
Reviews:
·Shaw

1 recommendation

Here are 2 very good links for explaining on how to configure the program...

»www.rationallyparanoid.com/artic···t-3.html

»www.dedoimedo.com/computers/wind···-v3.html



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to StuartMW

EMET v.4 should be outa Beta: »blogs.technet.com/b/srd/archive/···eta.aspx


psloss
Premium
join:2002-02-24
Lebanon, KS

1 recommendation

reply to StuartMW

said by StuartMW:

EMET is a generic tool for preventing certain type of exploits from occurring. It can be used with any software (e.g. browsers or other) although some applications aren't compatible with all it's methods.

For example my EMET configuration protects IE, Firefox, Office and many other common applications.

Perhaps that's why so many ignore EMET. Microsoft doesn't do a very good job at explaining it's purpose in non-technical terms.

Anyone can use EMET, but it isn't for all situations -- I get the impression that it's targeting higher-risk situations. Compatibility is a big issue -- there's already a complicated AppCompat "engine" that runs to keep programs from breaking, and that's largely without considering security concepts. As a lot of the documentation emphasizes up front, applying aggressive techniques like EMET does will break a lot of software. For power users like me EMET is kind of fascinating, but it might be a difference-maker in some large organizations or other "high-value targets" that have people/units who have a current understanding of the risks that EMET is trying to mitigate today.


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11
reply to StuartMW

Isn't today the day???



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

said by Dustyn:

Isn't today the day???

Yeah. Hard night last night
--
Don't feed trolls--it only makes them grow!


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

said by StuartMW:

said by Dustyn:

Isn't today the day???

Yeah. Hard night last night

I don't mind waiting anyways.
I'm gonna wait and see how YOU like it first before I deploy it. lol
--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by Dustyn:

I don't mind waiting anyways.

You'll probably have to. As far as I can see Microsoft hasn't made it available yet. And despite being their shill they haven't told me anything
--
Don't feed trolls--it only makes them grow!
Expand your moderator at work


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to StuartMW

Re: EMET saves the day

Stay tuned - a few days
»blogs.technet.com/b/srd/archive/···t-4.aspx

quote:
Also, at this point we don’t want to give a new release date yet, but expect to see EMET 4 in the next few days.

Stay tuned!


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

Nothing yet...
I wonder what happened to cause such a delay?



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

1 recommendation

I did a search and found nothing more current than the last comments. The MSRC Team must have a reason for the continued delay.
You may reach the EMET Team directly: emet_feedback@microsoft.com



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to Dustyn

said by Dustyn:

Nothing yet...

Yup. Not the first time Microsoft (or anyone else) has been misleading about a release date. Perhaps they've been busy with the NSA

No biggie as v4 Beta is working for me.
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

1 edit

1 recommendation

reply to Dustyn

The MSRC Team never did reply to my inquiry email.



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

said by siljaline:

The MSRC Team never did reply to my inquiry email.

Quite interesting!
Very odd indeed?


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

Especially considering being an ex MVP they should have me on their blog roll - as it were.

I also did identify myself as an MVP - oh well.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to siljaline

A "few days", a few weeks, a few months it's all the same
--
Don't feed trolls--it only makes them grow!



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

Yep - MS is well know in taking forever via email reply. C'est la vie.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to StuartMW

said by StuartMW:

A "few days", a few weeks, a few months it's all the same

Or never.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to StuartMW

I'm reading at a long thread elsewhere that no one is current as to the extended delay of 4.0 final.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to antdude

said by antdude:

Or never.

I've no doubt that EMET v4 will be released eventually. Microsoft has obviously decided to give no specific date other than their "a few days" over 2 weeks ago.
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 recommendation

Those that claim to be more informed than me tell me the final is being worked on - is in the pipe and will be released shortly.

What "shortly" means is as good of a guess as any.

That's all I've got.

Don't worry - be happy - Man



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Dustyn

MSRC webcast recording as promised:

Registration - *required* -
»msevents.microsoft.com/CUI/WebCa···te=false

Once done: Webcast:

»www106.livemeeting.com/cc/MSEven···&fmt=wmm



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

2 recommendations

reply to StuartMW

EMET 4.0 now available for download
--
Don't feed trolls--it only makes them grow!