Geeks in Phoenix

Geek Blog


Strengthen your computer security with EMET 5

Updated January 31, 2021. Microsoft's Enhanced Mitigation Experience Toolkit reached the end of its life on July 31, 2018, and is no longer available for download.

It seems like every day, a new software exploit or vulnerability is found. Software vendors work hard at keeping their software secure, but it can take time to test and deploy patches. So what can you do to protect your computer? The Enhanced Mitigation Experience Toolkit (EMET) from Microsoft does just that.

The main window inside of EMET 5
The main window inside of EMET 5

EMET is designed to prevent attackers from taking control of your system. It works as 'shim' in-between your programs and the operating system. EMET looks for the most common attack techniques and will block and terminate any program it is monitoring. EMET works alongside your favorite anti-virus and anti-malware programs for layered security.

I have been using EMET as part of my layered security for years and have written a few blogs on it. With each version, Microsoft keeps improving it. Some of the improvements in EMET 5 include Attack Surface Reduction (ASR), Export Address Table Filtering Plus (EAF+), and 64-bit ROP mitigations. Here's is the current list of mitigations EMET currently looks for.

  • Structured Exception Handler Overwrite Protection (SEHOP)
  • Data Execution Prevention (DEP)
  • Heapspray allocation
  • Null page allocation
  • Mandatory Address Space Layout Randomization (ASLR)
  • Export Address Table Access Filtering (EAF)
  • Export Address Table Access Filtering Plus (EAF+)
  • Bottom-up randomization
  • Return Oriented Programming (ROP)
  • Attack Surface Reduction (ASR)

There are two (2) different ways to configure EMET, a Graphic User Interface (GUI) and a command-line tool. It is best to configure EMET through the GUI since the command-line tool doesn't allow access to all EMET's features. The built-in configuration wizard will enable you to use either the recommenced settings, keep previous settings (upgrade install), or manually configure EMET (new install).

Easily configure programs to monitor in EMET 5
Easily configure programs to monitor in EMET 5

Once you have EMET installed, it's pretty easy to add programs to monitor. Just open the program you want EMET to watch and then open EMET. On the lower part of the main window, you will see Running Processes. Just find the program you want to monitor in the list, right-click on it, and select Configure Process. You will have to restart any program you have just configured inside of EMET.

How to use layered security to protect your computer

Updated June 22, 2023

It seems whenever I tell someone that I repair computers for a living, I almost always get asked the question, "What do you recommend for anti-virus software?". I tell them I use a layered approach to security, not relying on just one program for protection. I'm not particularly eager to use all-in-one security suites. It's not that I don't trust any particular software; I don't like having only one piece of software protecting my computer. Here's how to use layered security to protect your computer.

How to use layered security to protect your computer

Software firewall

Windows has had a good firewall built-in since Windows Vista, and it's turned on by default. It comes pre-installed inside of Windows and is ready to go. There are also some great free and paid firewall products. And you will also find software firewalls included in most security suites, like McAfee or Norton. It's your choice.

Always remember that when you connect to the Internet, do it through a router or hotspot. Never connect a wired network connection directly to the Internet jack on your modem. With a router or hotspot, some form of Network Address Translation (NAT) happens, so you are not directly connected to the Internet.

Anti-virus software

This one is a no-brainer. Microsoft has included a built-in anti-virus program inside of Windows since Windows 8.1 and has worked hard to make it a top-rated program. And if you install a different anti-virus program, Windows Security will detect it and turn its real-time protection off. But you can still have it run periodic scans.

There are plenty of free and paid anti-virus programs on the market, and I have used quite a few different ones over the years. Some internet service providers like Cox Communications even offer free security suite software.

The only thing to remember when picking an anti-virus program is the system's performance you're installing it on. I would not install a full-blown security suite like Norton or McAfee on a laptop.

Anti-malware / anti-adware software

Anti-virus software typically looks for, you guessed it, viruses. I've cleaned out several pieces of malware and adware that anti-virus programs missed because it wasn't a virus. Quite a few anti-malware programs are meant to be run side-by-side with anti-virus software.

When it comes to anti-malware programs, Malwarebytes is the most popular. If you want real-time scanning, you will need a license. If you want to periodically manually scan your computer, the free version will work just fine.

Now with the rise of pop-up bogus security warnings, adware is becoming the biggest threat to consumers. Malwarebytes has a great program called AdwCleaner for finding and removing adware in all popular browsers (Chrome, Edge, Firefox, etc.).

Using anti-virus software together with anti-malware and anti-adware programs creates excellent layered security. As the old saying goes, "Never put all of your eggs in one basket.".

Creating stunning documents, spreadsheets and slide-shows with OpenOffice 4

With the cost of Microsoft Office going up, not to mention the subscription / non-subscription thing, it's nice to know there are alternatives out there. One of the best office alternatives has to be OpenOffice. And it just so happens that the Apache Software Foundation recently released a new version of their free productivity software, OpenOffice 4.

The main screen inside of OpenOffice 4
The main screen inside of OpenOffice 4

For those who are not familiar with it, OpenOffice is a suite of office productivity programs that rivals Microsoft Office. It has everything you could need for creating great-looking documents, spreadsheets, and slideshow presentations. Here's a complete list of all of the programs included in OpenOffice 4.

Program Equivalent to Program type
Writer Microsoft Word Word processor
Calc Microsoft Excel Spreadsheet
Impress Microsoft PowerPoint Multi-media slideshow presentation
Draw Microsoft Paint Graphic design
Base Microsoft Access Database
Math Design Science Mathtype Formula creation

OpenOffice 4 has some significant improvements over previous versions. A new Sidebar contains the most commonly used functions for that program, which can be docked, floating, or completely hidden. There is also much improved compatibly with Microsoft Office documents. The drawing, graphics, and gallery functions have also been enhanced, along with the copy & paste and drag & drop functionality.

The new Sidebar inside of OpenOffice 4 shown docked and floating
The new Sidebar inside of OpenOffice 4 shown docked and floating

OpenOffice does use Java, but it's not required for installation, as it can be added later on. Compatibility with other document formats is pretty impressive, but Star Office is no longer supported. OpenOffice can automatically load/convert and convert/save Microsoft Office (Word, Excel, and PowerPoint) and Design Science Mathtype documents. The only file types that it cannot save to is the Microsoft Office 2007 - 2019 .???x formats.

And since OpenOffice is open-source, there are hundreds of third-party extensions to expand on the functionality of the applications. Add in a copy of GIMP or Paint.NET, and you have a complete and free desktop publishing package.

OpenOffice 4 is available for Windows, Linux, and Mac operating systems. For more information on OpenOffice 4, just follow the links below:

Apache OpenOffice Open Source Project

Download OpenOffice 4

How to securely erase all of the data from your Windows based computer

Updated August 6, 2024

Do you have an old Windows-based computer you want to get rid of but want to ensure that all of your data is securely erased? Or would you like to wipe all the data from your hard drive and perform a clean Windows installation? Either way, you'll want to make the data is completely wiped out. Here's how to securely erase all the data from your Windows-based computer.

Backup all folder(s) and file(s) you want to save

This is the time to double and triple-check for any folder(s) and file(s) you may want to keep. If you plan on reinstalling Windows, make sure that you have all of the installation media available. If you need to create the recovery media stored on your computer, this is the time to do it. Once the hard drive is wiped clean, the recovery media images will be gone, too.

Windows 11 Backup

Windows 10 Backup

Windows 8 Backup

Windows 7 / Windows Vista Backup

Windows XP Backup

Download and create bootable media with disk-wiping software

The best way to completely wipe clean a hard drive is by booting the computer on a CD/DVD or USB drive. This way, you can erase all the space on the hard drive. Several free utilities exist for doing this, including Darik's Boot And Nuke, CMRR - Secure Erase, and PC Disk Eraser. I recommend the Ultimate Boot CD (UBCD), which has all of these and more already built-in.

Once you download the UBCD image file (.ISO), you can either create a bootable USB drive using Rufus or burn the image to a disk with Windows built-in disk burning software. I recommend Rufus, as it has predefined settings creating a bootable UBCD USB drive.

Encrypt the contents of your hard drive

This step may seem unnecessary, but it makes data recovery virtually impossible on the drive you will wipe. Windows has a built-in feature called Encrypting File System (EFS), but it's disabled by default. It encrypts files transparently with a File Encryption Key (FEK). For more on EFS, check out this Wikipedia article. So, even if someone could recover the data on the drive after wiping it, it would be in deplorable condition. After that, the data would have to be unencrypted, and being in such a bad condition would be hard, if not impossible.

  1. Open File Explorer / Windows Explorer (Windows logo key Windows logo key + E).
  2. Select the file(s) and/or folder(s) you want to encrypt.
  3. Right-click on the items selected and then left-click on Properties from the context menu that appears.
  4. On the General tab, left-click on Advanced.
  5. Left-click the check box for Encrypt contents to secure data.
  6. Left-click on OK. Be patient; encrypting the folders and files may take some time.

Insert bootable media and restart the system

When you restart your system, it should boot up on the media you created. Follow the on-screen instructions. If using the UBCD, navigate to HDD > Disk Wiping for the list of utilities. Each program will have similar data destruction settings. I always look for the latest Department of Defense standard (DOD 5220.22-M). If you really want to clean your hard drive, just run two or more of the disk-wiping programs included on the UBCD.

If your system does not boot up on the media you created, you may have to change your computer's boot order and turn off the secure / UEFI boot feature inside of the BIOS (Basic Input Output System). The BIOS can generally be accessed by pressing the DEL or F2 key when the 'splash' screen (motherboard/computer manufacturer logo) appears. It's always recommended to check your motherboard documentation on which keys are used to access the BIOS and where in the BIOS to change the boot order and turn off secure / UEFI boot.

Perform advanced disk defragmentation with Defraggler from Piriform

Have you ever opened a filing cabinet just to find the folders just scattered around? The files are all over the place, and you cannot find what you're looking for. The same thing can happen to the folders/files on your Windows based computer. Windows does come with a disk defrag program, but its options are minimal. If you're looking for something more in a disk defrag program, check out Defraggler by Piriform.

Drive view inside of Defraggler
Drive view inside of Defraggler

With Defraggler, you can do much more than just defragment your hard drive. You can do a quick or full defrag, defrag only free space, and my favorite, boot-time defrag. And it uses the same technology as Windows built-in defragmenter to read and write files. You can even have the option to replace the Windows built-in defrag program with Defraggler.

Block detail view inside of Defraggler
Block detail view inside of Defraggler

Defraggler also has something that has been missing from Windows built-in defragmenter for years, a drive map showing the status of files on your hard drive. And what is cool is that you can left-click on a block, and Defraggler will tell you what file(s) are located in it. And best of all, it's free. Here's a quote from the Piriform website:

Defragment exactly what you want
Most defrag tools only allow you to defrag an entire drive. Defraggler lets you specify one or more files, folders, or the whole drive to defragment.

Safe and Secure
When Defraggler reads or writes a file, it uses the exact same techniques that Windows uses. Using Defraggler is just as safe for your files as using Windows.

Compact and portable
Defraggler's tough on your files – and light on your system.

Interactive drive map
At a glance, you can see how fragmented your hard drive is. Defraggler's drive map shows you blocks that are empty, not fragmented, or needing defragmentation.

Quick Defrag
Give your hard drive a quick touch-up with Quick Defrag.

Defragment free space
Organizes empty disk space to further prevent fragmentation.

Scheduled defragmentation
Defragment while you sleep - and wake up with a faster PC. Set Defraggler to run daily, weekly or monthly.

Multi-lingual support
No matter what your native tongue is, Defraggler speaks your language. It currently supports 37 languages.

For more information on Defraggler, just follow the link below:

Defraggler - File and Disk Defragmentation

Free computer diagnostics

Repairing a PC can sometimes be expensive, and that is why we offer free basic in-shop diagnostics. Give one of our professional and experienced technicians a call at (602) 795-1111, and let's see what we can do for you.

Check out our reviews

Geeks In Phoenix LLC, BBB Business Review

Customer service is #1

Here at Geeks in Phoenix, we take pride in providing excellent customer service. We aim to give the highest quality of service  from computer repair, virus removal, and data recovery.

Bring your computer to us and save

Repairing a computer can be time-consuming. That is why we base our in-shop service on the time we work on your computer, not the time it takes for your computer to work! From running memory checking software to scanning for viruses, these are processes that can take some time.

Contact us

If you have any questions, please feel free to give us a call at (602) 795-1111  and talk with one of our Geeks. Or you can send us a message from our contact page , and one of our Geeks will get back to you as soon as possible. Or you can stop by and see us. Here are our hours and location.

Like Geeks in Phoenix on Facebook

Follow Geeks in Phoenix on Twitter

Watch Geeks in Phoenix on YouTube