Let's face it, some of the software we use on a daily basis has become subject to security vulnerabilities and exploits. Software manufacturers do their best to develop and test fixes / patches as fast as possible, but this can take time. A lot of users just cannot keep up with all of the updates and hotfixes. A few years ago Microsoft released the Enhanced Mitigation Experience Toolkit (EMET) to deal with just this issue.

View of the main screen inside EMET 5.5

So what is EMET? EMET monitors selected programs (Internet Explorer, Microsoft Office, etc.) for known attack actions and techniques. When one of the several pseudo mitigation technologies is triggered, EMET will either block the programs' access to the resource it is trying to reach or just terminate it. EMET expands on the technologies that Microsoft implemented with Data Execution Prevention (DEP), which has been included in the Windows operating system since Windows XP SP2. It will also validate digitally signed SSL certificates inside of Internet Explorer.

View of the application configuration screen inside EMET 5.5

So how does EMET work? EMET acts as a shim between the program being monitored and the operating system. The monitored program thinks it's talking directly to the operating system, but it's actually talking to it through EMET. EMET comes with predefined profiles for some of the more common programs like Microsoft Office, Internet Explorer, Adobe Acrobat and Java. You can also add to the predefined profiles or create your own. I recommend that you monitor any program that can open files on or from the Internet.

What security exploits are currently covered

Here's is the current list of mitigations EMET 5.5 currently looks for.

• Attack Surface Reduction (ASR) Mitigation
• Export Address Table Filtering (EAF+) Security Mitigation
• Data Execution Prevention (DEP) Security Mitigation
• Structured Execution Handling Overwrite Protection (SEHOP) Security Mitigation
• NullPage Security Mitigation
• Heapspray Allocation Security Mitigation
• Export Address Table Filtering (EAF) Security Mitigation
• Mandatory Address Space Layout Randomization (ASLR) Security Mitigation
• Load Library Check - Return Oriented Programming (ROP) Security Mitigation
• Memory Protection Check - Return Oriented Programming (ROP) Security Mitigation
• Caller Checks - Return Oriented Programming (ROP) Security Mitigation
• Simulate Execution Flow - Return Oriented Programming (ROP) Security Mitigation
• Stack Pivot - Return Oriented Programming (ROP) Security Mitigation
• Windows 10 untrusted fonts

What programs should you harden / mitigate

You only want to harden / mitigate certain programs that are targeted on a regular basis. Web browsers like Chrome, Firefox and Internet Explorer, production / office programs like Microsoft Word, Excel and PowerPoint, e-mail clients like Outlook and Windows Live Mail are some of the few. I recommend that you harden any program that can open files on or from the Internet.

What programs should you not harden / mitigate

You should never configure EMET to monitor anti-virus, anti-malware, intrusion prevention / detection software, debuggers, software that handles Digital Rights Management (DRM) technologies or software that uses anti-debugging, obfuscation, or hooking technologies.

Installation notes

New installation: Just download EMET and install

Upgrade install: Since the registry keys for EMET changed with this version, you can either export your existing EMET settings using the method in the 'What's new' section below, download the converter or reconfigure all of the program settings. With the drastic change with the EMET data format inside of the registry, I think that it would be just easier to reconfigure EMET then try the export / import method. Either way, remember to uninstall any older version of EMET and restart your computer before you install this version.

What's new in EMET 5.5?

• Full-featured GPO management, compatible with reporting and compliance requirements
• Command line: new syntax and options
• Implementation of certificate pinning now based on root CA thumbprints. Exceptions logic removed.
• Export and Import now memorize path
• EMET registry has been refactored. To convert settings from previous versions of EMET (including EMET 5.5 Beta), registry values must be saved in a file then imported back with the use of the converter PowerShell script after EMET 5.5 is installed. Here are the steps to follow:

1. Export settings. With elevated PowerShell, run the following command:
   .\Migrate-EmetSettings.ps1 -RegFile .\NewEmetSettings.reg -MissingCertCsv .\MissingCerts.csv PowerShell script Migrate-EmetSettings.ps1 is provided with EMET 5.5 RTM. It includes documentation about its usage.
2. Uninstall former version of EMET.
3. Install EMET 5.5 RTM. When asked to choose between Use recommended settings and Configure manually later, chose option Configure manually later.
4. Import settings. With elevated PowerShell, run the following command:
   reg.exe import .\NewEmetSettings.reg

Supported Operating Systems

Windows 10 , Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2, Windows Vista

• EMET 5.5 requires .NET Framework 4.5.
• For Internet Explorer 10 on Windows 8 you need to install KB2790907 - a mandatory Application Compatibility update that has been released on March 12th, 2013 or any other Application Compatibility updates for Windows 8 after that

In this article, I am going to spotlight Microsoft Security Essentials (MSE). This is not Microsoft's first venture into the ant-virus market, but it is probably the best. Having used some of the more well-know anti-virus software (Norton / Symantec, McAfee, etc.) for over a decade, I decided to give MSE a try.

All of the articles I had read on Microsoft Security Essentials were quite positive, so I installed it on my netbook running Windows 7 in June. Since then, I have taken the netbook on several on-site service calls and vacation. I am happy to report that the netbook remains virus-free. What I like is the small footprint the software has. It does not take five minutes to start up Windows, as can happen on systems with limited resources (such as netbooks).

MSE works quite well with Windows 7 built-in firewall. The interface is clean and easy to use, unlike some of the anti-virus software out there. It's easy enough for a novice user to navigate. It also integrates into Windows Update. Here's a quote from Microsoft's website:

Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

I encourage you to take a look at Microsoft Security Essentials. It's simple and free.

Here is a list of four free Internet Security programs I recommend for those on a budget. Keep in mind that free software often comes with limitations, but are fully functional. Some of them require manual updating, but that is a small price to pay for great free software. Let us start with an Anti-Virus program:

(***Disclaimer: Never install and run two anti-virus programs on the same system.***)

AVG Free https://www.avast.com/

Upside: Here is a fully functional Anti-Virus program that has Anti-Virus, Anti-Spyware, E-mail, and link scanners. The program is fully automatic in updating itself. It can be updated from a file (USB drive) when you have to quarantine a system by disconnecting it from the internet/intranet.
Downside: There is no free technical support. Support for this product is sold at blocks of 15 minutes.

Next is a Firewall program:

(***Disclaimer: Before installing a firewall in Windows XP / Vista, disable the Windows Firewall in the Control Panel first. Moreover, never install and run two software firewalls on the same system.***)

ZoneAlarm http://www.zonealarm.com/

Upside: The program is fully automatic in updating itself.
Downside: It only provides inbound and outbound protection, but does it in full stealth mode. It also requires internet access to install.

Let us now look at two free spyware/malware programs. My first choice is Malwarebytes Anti-Malware. Note: I ranked Malwarebytes first only because it can be installed and run without the need for internet access (I use USB drives for installing software on quarantined systems).

Malwarebytes Anti-Malware https://www.malwarebytes.com/

Upside: It is an excellent malware program. It can be installed and run without internet access (always download the latest version first).
Downside: You have to open the program and manually update it.

Spybot https://www.safer-networking.org/

Upside: It is an excellent spyware scanner with many features, including an ‘Immunization’ feature for your internet browser. It can also update itself when the program is started.
Downside: It requires internet access to install. Not a good thing if you have to quarantine a system by disconnecting it from the internet/intranet.