Geeks in Phoenix

Geek Blog


Toughen your computer security with EMET 5.1

Updated January 31, 2021. Microsoft's Enhanced Mitigation Experience Toolkit reached the end of its life on July 31, 2018, and is no longer available for download.

Keeping your computer secure has always been challenging. It seems like every week there is another exploit making the rounds. Nobody can predict what kind of attack hackers will use next. But you can protect your computer from the most common actions and techniques used with the Enhanced Mitigation Experience Toolkit 5.1 (EMET).

The main screen inside of EMET 5.1
The main screen inside of EMET 5.1

What is EMET? It monitors selected programs (Internet Explorer, Microsoft Office programs, etc.) for known attack actions and techniques. When one of the several pseudo mitigation technologies is triggered, EMET can block or even terminate the program in question. It will also validate digitally signed SSL certificates inside of Internet Explorer. Here's is the current list of mitigations EMET currently looks for.

  • Structured Exception Handler Overwrite Protection (SEHOP)
  • Data Execution Prevention (DEP)
  • Heapspray allocation
  • Null page allocation
  • Mandatory Address Space Layout Randomization (ASLR)
  • Export Address Table Access Filtering (EAF)
  • Export Address Table Access Filtering Plus (EAF+)
  • Bottom-up randomization
  • Return Oriented Programming (ROP)
  • Attack Surface Reduction (ASR)

The about screen inside of EMET 5.1
The about screen inside of EMET 5.1

EMET 5.1 includes the following improvements:

  • Attack Surface Reduction (ASR) has been updated to limit the attack surface of applications and reduce attacks.
  • Export Address Table Filtering Plus (EAF+) has been updated to improve and extend the current EAF mitigation.
  • 64-bit ROP mitigations have been improved to anticipate future exploitation techniques.
  • Several security, compatibility and performance improvements.

EMET can also be customized via the registry (see EMET manual for instructions). Here are a few of the items that can be modified:

  • Enable unsafe configurations.
  • Configuring custom message for user reporting.
  • Configuring certificate trust feature for third party browsers.
  • Configuring local telemetry for troubleshooting
  • Configuring EMET Agent icon visibility.

Here's a quote from Microsoft's website:

The Enhanced Mitigation Experience Toolkit (EMET) helps raise the bar against attackers gaining access to computer systems. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques. EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software. EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives.

EMET should never monitor anti-malware and intrusion prevention or detection software, debuggers, software that handles digital rights management (DRM) technologies or software that uses anti-debugging, obfuscation, or hooking technologies.

My digital toolbox

Every computer repair technician has a digital toolbox, more than likely several. They are either on a CD / DVD or USB drive and contain programs that we use regularly. Here are a few of the programs that I have in my digital toolbox.

My Digital Toolbox

All of the following programs have one thing in common; they don't require installation. Just right-click on them in File Explorer and select Run as administrator, that's it. Some of the programs may require access to the Internet for complete functionality.

AdwCleaner

AdwCleaner is one of the best stand-alone adware removal tools I have found yet. Right out of the box, and it will scan your system with a generic set of definitions. But if you are connected to the Internet before you start up AdwCleaner, it will download a current copy of adware definitions. And if you select uninstall, it will remove any quarantined files and then delete itself.

AdwCleaner

.NET Framework Cleanup Tool

When it comes to resolving .NET problems, you are sometimes better off just removing and reinstalling the framework. The .NET Framework Cleanup Tool is a stand-alone program that does just what its name implies. Just pick the version you wish to remove (or all) and click Cleanup Now. Once it is complete, reboot and use Windows Update to reinstall whatever version of .net framework you need.

.NET Framework Cleanup Tool

Sysinternals Suite

Sysinternals is hands down, the best collection of Windows troubleshooting tools. All of them are stand-alone programs, over 70 altogether from seeing everything that automatically starts up with Autoruns, exploring running processes with Process Explorer, or monitoring network usage with TCPView. When it comes to Windows diagnostics, you cannot beat the Sysinternals Suite.

Sysinternals Suite

How to safely remove external drives

External storage devices like flash drives or hard drives are so convenient for carrying data between computers. Just plug and play, as they say. But did you know it's not the same for when you unplug your drives? Here's how to safely remove external drives from your Windows computer.

How to safely remove external drives

Recently I was at a customer's location repairing her computer and needed some files from one of my USB flash drives. When I was done, I went through the process of ejecting the USB drive from her computer. She was surprised that I didn't just pull the flash drive out. You can, most of the time, unplug a USB device like a mouse or printer without having to do anything to your Windows-based computer. It's only when you have a storage device, like a flash drive or external hard drive, that you have to take an extra step to remove the device safely.

What is write caching?

By default, Windows enables write caching on storage devices for better performance, whether internal or external. Write caching allows programs to write to the device and continue without waiting for the data to be written. By properly ejecting a storage device, you ensure that the cache is getting written to the device before you disconnect it.

How to safely remove external drives

  1. Left-click on the Safely Remove Hardware icon on the Taskbar.
    Safely Remove Hardware icon on the Windows 8 Taskbar
  2. Left-click on the device you want to disconnect.
    List of removable drives ready to be ejected

or

  1. Open File Explorer (Windows logo key Windows logo key + E).
  2. Under This PC / Computer, right-click the drive you want to disconnect and select Eject.

Windows will display a notification when it's safe to disconnect the drive.

How to keep your computer running longer

Everyone wants their computer to last forever. But the reality is the average life span of a computer is 3-5 years. Allot of times, you can get a computer to run for over a decade with common sense and regular maintenance. Here's how to keep your computer running longer.

How to keep your computer running longer

Keep your computer clean

As the saying goes, "A clean computer is a happy computer," and it's true. A dust-free system will run cooler and have less chance of creating a short circuit (dust is a conductor of electricity). Visually inspecting your computer every month or so and cleaning as needed can extend its life. If a fan fails to cool, the extra heat could damage the hardware.

A while back, I wrote an article on cleaning the dust out of your computer that covered essential removal from desktops. The same holds for laptops too. But there are just a couple of areas on a laptop that you have to pay attention to, the air vents. Since the cooling vents usually are on the bottom, they can and will draw in lint, fuzz, pet hair, and other debris. If they get clogged up, your laptop could overheat and damage the system.

How to clean a laptop CPU fan
How to clean a laptop CPU fan

In the article 'How to clean the dust out of your computer', I talk about using non-metallic rods (plastic, wood) to hold the various fans in-place while cleaning them with compressed air. Since the vents on laptops are smaller than desktops, you will need to use a thinner rod to hold the CPU fan in-place. I usually use a toothpick, but if the vents' holes are tiny, I have to use an unfolded paper clip. Remember to blow compressed air in both the inlet and outlet vents.

Stay away from static electricity

The placement of your computer will affect its life span. I always recommend placing a desktop computer at least 18" off the floor to prevent static electricity issues. I have had problems with static electricity in my house. The dry climate in Arizona and wool carpet does create a lot of static electricity. To resolve the static electricity issue, I have a spray bottle full of tap water. Whenever I feel the static building up on the carpet, I spray a light mist of water on the carpet's high-traffic areas, and the static dissipates.

Liquids and computers don't mix

The last item on my list seems like a no-brainer, but it does bear repeating, liquids, and computers don't mix. Your cup of coffee or soda should never be placed on the same surface as your computer. If you need to have your computer on top of your desk, then elevate it above the desktop. With a laptop, you can use a stand or riser; with a desktop, you can use a stand, a couple of 2x4's cut to size, or even an 8x16x4 CMU block. That way, even if you do spill some liquid, it won't be able to get into your computer.

Inside the Windows 10 Technical Preview

Note: the Windows 10 Technical Preview program expired on 4/15/15 and is no longer available.

Coming on the heels of the Windows 8.1 Update, Microsoft recently released the Windows 10 Technical Preview. With this new Windows version, Microsoft combines elements from Windows 7 and Windows 8.1 to enhance the keyboard/mouse user experience better. Let's take a look at what's new in the Windows 10 Technical Preview.

The Start menu returns in the Windows 10 Technical Preview
The Start menu returns in the Windows 10 Technical Preview

With this Windows version, we see a shift in the focus from touch-based devices to keyboard/mouse systems. The most significant change by far is the return of the Start menu. And it is a hybrid now, with elements from Windows 7 (Start menu (left-side)) and Windows 8.1 (Start screen Tiles (right-side)). But if you like using the Start screen, it's still there too. It's just a checkbox and a restart away.

You can switch in between the Start menu and the Start screen in the Windows 10 Technical Preview
You can switch in between the Start menu and the Start screen in the Windows 10 Technical Preview

But let's be honest, the Start screen concept might work on a tablet or phone, but it fails miserably on a laptop or desktop computer without a touch screen. Customers have even told me that they had returned brand new Windows 8 systems because they could not stand the Start screen.

Using multiple instances of the Desktop with Task view inside the Windows 10 Technical Preview
Using multiple instances of the Desktop with Task view inside the Windows 10 Technical Preview

Along with the Start menu's return, Microsoft has also built-in the ability to run multiple instances of the Desktop called Task view. With Task view, you can have different sets of programs running in separate desktops. This feature is kind of cool if you're using a single display.

The Windows RT / Metro apps from Windows 8 / 8.1 also have undergone some changes. Their name has been changed to Universal apps, and they now run in completely re-sizable windows. You need to use the Store to install universal apps and can sync them across multiple devices using a Microsoft account.

There is a small change here and there too. One difference is with the way you copy and paste with the Command Prompt. You can now use the Windows keyboard shortcuts (Ctrl + C for copy, Ctrl + V for paste) for these tasks.

The Windows 10 Technical Preview is available for anyone who wants to give it a try. Remember; do not install the Windows 10 Technical Preview on a production system. Use only a system that can be reformatted after the preview expires (4/15/15). For this article, I used an Oracle VirtualBox virtual machine.

Free computer diagnostics

Repairing a PC can sometimes be expensive, and that is why we offer free basic in-shop diagnostics. Give one of our professional and experienced technicians a call at (602) 795-1111, and let's see what we can do for you.

Check out our reviews

Geeks In Phoenix LLC, BBB Business Review

Customer service is #1

Here at Geeks in Phoenix, we take pride in providing excellent customer service. We aim to give the highest quality of service  from computer repair, virus removal, and data recovery.

Bring your computer to us and save

Repairing a computer can be time-consuming. That is why we base our in-shop service on the time we work on your computer, not the time it takes for your computer to work! From running memory checking software to scanning for viruses, these are processes that can take some time.

Contact us

If you have any questions, please feel free to give us a call at (602) 795-1111  and talk with one of our Geeks. Or you can send us a message from our contact page , and one of our Geeks will get back to you as soon as possible. Or you can stop by and see us. Here are our hours and location.

Like Geeks in Phoenix on Facebook

Follow Geeks in Phoenix on Twitter

Watch Geeks in Phoenix on YouTube