Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EMET?


  • Please log in to reply
3 replies to this topic

#1 Z123Killer

Z123Killer

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 01 July 2016 - 04:20 AM

Should I use EMET?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:36 PM

Posted 01 July 2016 - 05:34 AM

Enhanced Mitigation Experience Toolkit (EMET) is a utility primarily for System Administrators to help protect enterprise servers/client computers using application hardening...a security feature designed to prevent exploitation of various types of vulnerabilities in software applications. EMET can be used to apply 12 different security mitigations to other programs running on the computer. These mitigations are designed to block common techniques used in software exploits, like Return Oriented Programming (ROP) and Address Space Layout Randomization (ASLR)...attack vectors used to defeat security defenses and execute malicious code on the system. For example, they can be used to bypass DEP (data execution prevention) which is used to stop buffer overflows and memory corruption exploits.
 
What operating system do you have?

Microsoft has officially stated that there is no need for EMET in Windows 10 since it already contains protections such as Device Guard, Control Flow Guard (CFG) and AppLocker that provide equivalent (or better) mitigations than EMET...see Mitigations in Windows 10


With Windows 10 we have implemented many features and mitigations that can make EMET unnecessary on devices running Windows 10. EMET is most useful to help protect down-level systems, legacy applications, and to provide Control Flow Guard (CFG) protection for 3rd party software that may not yet be recompiled using CFG. For the same reason, EMET does not protect Edge browser. However, EMET 5.5 is fully compatible with Windows 10...Given the advanced technologies used to protect Microsoft Edge, including industry leading sandboxing, compiler, and memory management techniques, EMET 5.5 mitigations do not apply to Edge.


What other security programs are you using?

This is important because some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can Return-oriented programming (ROP), and other exploit checks. This in turn can result in the system becoming even more vulnerable than if only one anti-exploit application is running. In some cases multiple tools can cause interference with each other and program crashes
 

While you should use an antivirus (even just the Windows Defender tool built into Windows 10, 8.1, and 8) as well as an anti-exploit program, you shouldn’t use multiple anti-exploit programs...These types of tools could potentially interfere with each other in ways that cause applications to crash or just be unprotected, too

How-To Geek on Anti-exploit programs

ROP is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as non-executable memory and code signing. It is an effective code reuse attack since it is among the most popular exploitation techniques used by attackers and there are few practical defenses that are able to stop such attacks without access to source code. Address Space Layout Randomization (ASLR) is a computer security technique involved in protection from buffer overflow attacks. These security technologies are intended to mitigate (reduce) the effectiveness of exploit attempts. Many advanced exploits relay on ROP and ASLR as attack vectors used to defeat security defenses and execute malicious code on the system. For example, they can be used to bypass DEP (data execution prevention) which is used to stop buffer overflows and memory corruption exploits. Tools with ROP and ASLR protection such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) use technology that checks each critical function call to determine if it's legitimate (if those features are enabled). EMET is not a tool I would recommend for novice users since it needs to be configured properly.

Further, EMET Security Technology is not impenetrable...


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Z123Killer

Z123Killer
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 01 July 2016 - 07:07 AM

 

I have Windows 10 and use Windows Defender, Malwarebytes anti malware, SuperAntiSpyware and Malwarebytes Anti exploit so after all the information that you have provided I think that EMET is unnecessary for me.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:36 PM

Posted 01 July 2016 - 07:23 AM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users