Toughen your computer security with EMET 5.1

Keeping your computer secure has always been tough. It seems like every week there is another exploit making the rounds. Nobody can predict what kind of attack hackers will use next. But you can protect your computer from the most common actions and techniques used with the Enhanced Mitigation Experience Toolkit 5.1 (EMET).

The main screen inside of EMET 5.1
The main screen inside of EMET 5.1

What is EMET? It monitors selected programs (Internet Explorer, Microsoft Office programs, etc.) for known attack actions and techniques. When one of the several pseudo mitigation technologies is triggered, EMET can block or even terminate the program in question. It will also validate digitally signed SSL certificates inside of Internet Explorer. Here's is the current list of mitigations EMET currently looks for.

  • Structured Exception Handler Overwrite Protection (SEHOP)
  • Data Execution Prevention (DEP)
  • Heapspray allocation
  • Null page allocation
  • Mandatory Address Space Layout Randomization (ASLR)
  • Export Address Table Access Filtering (EAF)
  • Export Address Table Access Filtering Plus (EAF+)
  • Bottom-up randomization
  • Return Oriented Programming (ROP)
  • Attack Surface Reduction (ASR)

The about screen inside of EMET 5.1
The about screen inside of EMET 5.1

EMET 5.1 includes the following improvements:

  • Attack Surface Reduction (ASR) has been updated to limit the attack surface of applications and reduce attacks.
  • Export Address Table Filtering Plus (EAF+) has been updated to improve and extend the current EAF mitigation.
  • 64-bit ROP mitigations have been improved to anticipate future exploitation techniques.
  • Several security, compatibility and performance improvements.

EMET can also be customized via the registry (see EMET manual for instructions). Here are a few of the items that can be modified:

  • Enable unsafe configurations.
  • Configuring custom message for user reporting.
  • Configuring certificate trust feature for third party browsers.
  • Configuring local telemetry for troubleshooting
  • Configuring EMET Agent icon visibility.

Here's a quote from Microsoft's website:

The Enhanced Mitigation Experience Toolkit (EMET) helps raise the bar against attackers gaining access to computer systems. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques. EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software. EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives.

EMET should never monitor anti-malware and intrusion prevention or detection software, debuggers, software that handles digital rights management (DRM) technologies or software that uses anti-debugging, obfuscation, or hooking technologies. Click here for the EMET 5.1 application compatibility list.

For more information on EMET, just follow the links below,

Enhanced Mitigation Experience Toolkit
Enhanced Mitigation Experience Toolkit 5.1 download

My digital toolbox

Every computer repair technician has a digital toolbox, more than likely several. They are either on a CD / DVD or USB drive and contain programs that we use on a regular basis. Here are a few of the programs that I have in my digital toolbox.

My Digital Toolbox

All of the following programs have one thing in common, they don't require installation. Just right-click on them in File Explorer and select Run as administrator, that's it. Some of the programs may require access to the Internet for complete functionality.

AdwCleaner

One of the best stand-alone adware removal tools I have found yet. Right out of the box and it will scan your system with a generic set of definitions. But if you are connected to the Internet before you start up AdwCleaner, it will download a current set of definitions. And if you select uninstall, it will remove any quarantined files and then delete itself.

AdwCleaner

.NET Framework Cleanup Tool

When it comes to resolving .NET problems, sometimes you're better off just removing and reinstalling the framework. The .NET Framework Cleanup Tool is a stand-alone program that does just what its name implies. Just pick the version you wish to remove (or all) and click Cleanup Now. Once it is complete, just reboot and use Windows Update to reinstall whatever version of .net framework you need.

.NET Framework Cleanup Tool

Sysinternals Suite

Hands down the best collection of Windows trouble shooting tools. All of them are stand-alone programs, over 70 altogether. From seeing everything that automatically starts up with Autoruns, exploring running processes with Process Explorer or monitoring network usage with TCPView. When it comes to Windows diagnostics, the Sysinternals Suite cannot be beat.

Sysinternals Suite

How to safely remove external drives

External storage devices like flash drives or hard drives are so convenient for carrying data between computers. Just plug and play, as they say. But did you know it's not the same for when you unplug your drives? Here's how to safely remove external drives from your Windows computer.

How to safely remove external drives

Recently I was at customer's location repairing her computer and needed some files from one of my usb flash drives. When I was done, I went through the process of ejecting the usb drive from her computer. She was surprised that I didn't just pull the flash drive out. Most of the time you can just unplug an usb device like mouse or printer without having to do anything to your Windows based computer. It's only when you have a storage device, like a flash drive or external hard drive that you have to take an extra step to safely remove the device.

What is write caching?

Windows by default enables write caching on storage devices for better performance, whether internal or external. With write caching, it allows programs to write to the device and continue on without waiting for the data to be actually written. By properly ejecting a storage device, you are ensuring that the cache is getting written to the device before you disconnect it.

How to safely remove external drives

  1. Left-click on the Safely Remove Hardware icon on the Taskbar.
    Safely Remove Hardware icon on the Windows 8 Taskbar
  2. Left-click on the device you want to disconnect.
    List of removable drives ready to be ejected

or

  1. Open File Explorer (Windows logo key Windows logo key + E).
  2. Under This PC / Computer, right-click the drive you want to disconnect and select Eject.

Windows will display a notification when it's safe to disconnect the drive.

How to keep your computer running longer

Everyone wants their computer to last forever. But the reality is the average life span of a computer is 3-5 years. Allot of times you can get a computer to run for over a decade with common sense and regular maintenance. Here's how to keep your computer running longer.

How to keep your computer running longer

Keep your computer clean

As the saying goes "A clean computer is a happy computer!" and it's true. A system that is dust-free will run cooler and has a less chance of creating a short circuit (dust is a conductor of electricity). Visually inspecting your computer every month or so and cleaning as needed can extend its life. If a fan fails to cool, the extra heat could damage the hardware.

A while back, I wrote an article on how to clean the dust out of your computer that covered basic dust removal from desktops. The same holds true for laptops too. But there are just a couple of areas on a laptop that you have to pay attention to, the air vents. Since the cooling vents are normally on the bottom, they can and will draw in lint, fuzz, pet hair and other debris. If they get clogged up, your laptop could over heat and damage the system.

How to clean a laptop CPU fan
How to clean a laptop CPU fan

In the article 'How to clean the dust out of your computer', I talk about using non-metallic rods (plastic, wood) to hold the various fans in-place while cleaning then with compressed air. Since the vents on laptops are smaller than desktops, you will need to use a thinner rod to hold the CPU fan in-place. I normally use a tooth pick, but if the holes in the vents are really small, I have to use an un-folded paper clip. Remember to blow compressed air in both the inlet and outlet vents.

Stay away from static electricity

The placement of your computer will also have an effect its life span. I always recommend placing a desktop computer at least 18" off of the floor to prevent issues with static electricity. I personally have had problems with static electricity in my house. The dry climate in Arizona and wool carpet does create allot of static electricity. To resolve the static electricity issue, I have a spray bottle full of tap water. Whenever I feel the static building up on the carpet, I just spray a light mist of water on the high-traffic areas of the carpet and the static just dissipates.

Liquids and computers don't mix

The last item on my list seems like a no-brainer, but it really does bears repeating, liquids and computers don't mix. Your cup of coffee or soda should never be placed on the same surface as your computer. If you need to have your computer on top of your desk, then at least elevate it above the desktop. With a laptop you can use a stand or riser; with a desktop you can use a stand, a couple of 2x4's cut to size or even an 8x16x4 CMU block. That way, even if you do spill some liquid, it won't be able to get into the case of your computer.

Inside the Windows 10 Technical Preview

Coming on the heels of the Windows 8.1 Update, Microsoft recently released the Windows 10 Technical Preview. With this new version of Windows, Microsoft is combining elements from Windows 7 and Windows 8 / 8.1 to better enhance the keyboard / mouse user experience. Let's take a look at what's new in the Windows 10 Technical Preview.

The Start menu returns in the Windows 10 Technical Preview
The Start menu returns in the Windows 10 Technical Preview

With this version of Windows, we are seeing a shift in the focus from touch-based devices to keyboard / mouse systems. The biggest change by far is the return of the Start menu. And it is kind of a hybrid now, with elements from Windows 7 (Start menu (left-side)) and Windows 8 / 8.1 (Start screen Tiles (right-side)). But if you like using the Start screen, it's still there too. It's just a check box and restart away.

You can switch in between the Start menu and the Start screen in the Windows 10 Technical Preview
You can switch in between the Start menu and the Start screen in the Windows 10 Technical Preview

But let's be honest, the Start screen concept might work on a tablet or phone, but it fails miserably on a laptop or desktop computer without a touch screen. I have even been told by customers that they have returned brand new Windows 8 systems because they could not stand the Start screen.

Using multiple instances of the Desktop with Task view inside the Windows 10 Technical Preview
Using multiple instances of the Desktop with Task view inside the Windows 10 Technical Preview

Along with the return of the Start menu, Microsoft has also built-in the ability to run multiple instances of the Desktop called Task view. With Task view, you can have different sets of programs running in separate desktops. This feature is kind of cool if you're using a single display.

The Windows RT / Metro apps from Windows 8 / 8.1 have also under gone some changes. Thier name has been changed to Universal apps and they now run in completely re-sizable windows. You still need to use the Store to install universal apps and can still sync them across multiple devices using a Microsoft account.

There is also small change here and there too. One change is with the way you copy and paste with the Command Prompt. You can now use the Windows keyboard short-cuts (Ctrl + C for copy, Ctrl + V for paste) for these tasks.

The Windows 10 Technical Preview is available for anyone who wants to give it a try. Remember; do not install the Windows 10 Technical Preview on a production system. Use only a system that can be reformatted after the preview expires (4/15/15). For this article, I used an Oracle VirtualBox virtual machine.

For more information on the Windows 10 Technical Preview, check out the links below.

Windows Technical Preview
Windows Technical Preview FAQ's

Professional Service + Affordable Prices = Geeks in Phoenix

Like Geeks in Phoenix on Facebook
Follow Geeks in Phoenix on Twitter
Watch Geeks in Phoenix on YouTube