Seems like every day a new software exploit comes out. And of course your computer is vulnerable until a patch is released. Or maybe you have older software that doesn't have support any more. But you can still protect your computer from known exploits with the Enhanced Mitigation Experience Toolkit 4.0 (EMET) from Microsoft.
The new user interface inside of EMET 4.0
EMET monitors programs for several known types of exploits using pseudo mitigation technology and is aimed at disrupting currently known hacking techniques. It is not meant to replace anti-virus software, but to work side-by-side with it. EMET adds on to the Data Execution Prevention (DEP) and Structured Exception Handler Overwrite Protection (SEHOP) protection that is already inside of Windows. If a program that EMET is monitoring tries to executes any these exploits, EMET can log it or terminate it.
Here's a list of the software mitigations that EMET currently monitors:
- Structured Exception Handler Overwrite Protection (SEHOP)
- Data Execution Prevention (DEP)
- Heapspray Allocations
- Null Page Allocation
- Mandatory Address Space Layout Randomization (ASLR)
- Export Address Table Access Filtering (EAF)
- Bottom-up randomization
- Return Oriented Programming (ROP) mitigations
So how does EMET work? EMET acts as a shim between the program being monitored and the operating system. The monitored program thinks it's talking directly to the operating system, but it's actually talking to it through EMET. EMET comes with predefined profiles for some of the more common programs like Microsoft Office, Internet Explorer, Adobe Acrobat and Java. You can also add to the predefined profiles or create your own. I recommend that you monitor any program that can open files on or from the internet.
EMET also includes a Certificate Trust feature that checks the validity of websites, but it currently only works with certain versions of the Internet Explorer. EMET does have what Microsoft considers unsafe options to change, as they have been known to cause system instability. They are hidden by default, but can be invoked by changing a registry key. If you want to change it, the instructions can be found in the advanced options section of the EMET 4.0 User Guide.
When upgrading from EMET 3.0 to 4.0 the configuration wizard prompts you keep your existing settings or start off new
If you have EMET 3.0 already installed, EMET 4.0 will automatically uninstall it and ask if you want to import the current settings or start off new (recommended). If you have any other version of EMET installed, you will have to manually uninstall it and remove its registry hives HKLM\Software\Microsoft\EMET and, if it exists, HKLM\Software\Policies\Microsoft\EMET.
EMET 4.0 works on the following operating systems:
- Windows XP service pack 3 and above
- Windows Vista service pack 1 and above
- Windows 7 all service packs
- Windows 8
- Windows Server 2003 service pack 1 and above
- Windows Server 2008 all service packs
- Windows Server 2008 R2 all service packs
- Windows Server 2012
EMET 4 does require the .NET 4 Framework to be installed. Also, for EMET 4 to work properly on Windows 8 and Server 2013, Microsoft KB 2790907 must be installed.
For more information on EMET from Microsoft, just follow the links below.
Enhanced Mitigation Experience Toolkit
Enhanced Mitigation Experience Toolkit 4.0 download page