Should I use EMET?
Jump to content
Posted 01 July 2016 - 05:34 AM
Enhanced Mitigation Experience Toolkit (EMET) is a utility primarily for System Administrators to help protect enterprise servers/client computers using application hardening...a security feature designed to prevent exploitation of various types of vulnerabilities in software applications. EMET can be used to apply 12 different security mitigations to other programs running on the computer. These mitigations are designed to block common techniques used in software exploits, like Return Oriented Programming (ROP) and Address Space Layout Randomization (ASLR)...attack vectors used to defeat security defenses and execute malicious code on the system. For example, they can be used to bypass DEP (data execution prevention) which is used to stop buffer overflows and memory corruption exploits.
What operating system do you have?
Microsoft has officially stated that there is no need for EMET in Windows 10 since it already contains protections such as Device Guard, Control Flow Guard (CFG) and AppLocker that provide equivalent (or better) mitigations than EMET...see Mitigations in Windows 10
With Windows 10 we have implemented many features and mitigations that can make EMET unnecessary on devices running Windows 10. EMET is most useful to help protect down-level systems, legacy applications, and to provide Control Flow Guard (CFG) protection for 3rd party software that may not yet be recompiled using CFG. For the same reason, EMET does not protect Edge browser. However, EMET 5.5 is fully compatible with Windows 10...Given the advanced technologies used to protect Microsoft Edge, including industry leading sandboxing, compiler, and memory management techniques, EMET 5.5 mitigations do not apply to Edge.
What other security programs are you using?
This is important because some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can Return-oriented programming (ROP), and other exploit checks. This in turn can result in the system becoming even more vulnerable than if only one anti-exploit application is running. In some cases multiple tools can cause interference with each other and program crashes
While you should use an antivirus (even just the Windows Defender tool built into Windows 10, 8.1, and 8) as well as an anti-exploit program, you shouldn’t use multiple anti-exploit programs...These types of tools could potentially interfere with each other in ways that cause applications to crash or just be unprotected, too
How-To Geek on Anti-exploit programs
ROP is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as non-executable memory and code signing. It is an effective code reuse attack since it is among the most popular exploitation techniques used by attackers and there are few practical defenses that are able to stop such attacks without access to source code. Address Space Layout Randomization (ASLR) is a computer security technique involved in protection from buffer overflow attacks. These security technologies are intended to mitigate (reduce) the effectiveness of exploit attempts. Many advanced exploits relay on ROP and ASLR as attack vectors used to defeat security defenses and execute malicious code on the system. For example, they can be used to bypass DEP (data execution prevention) which is used to stop buffer overflows and memory corruption exploits. Tools with ROP and ASLR protection such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) use technology that checks each critical function call to determine if it's legitimate (if those features are enabled). EMET is not a tool I would recommend for novice users since it needs to be configured properly.
Further, EMET Security Technology is not impenetrable...
Posted 01 July 2016 - 07:07 AM
I have Windows 10 and use Windows Defender, Malwarebytes anti malware, SuperAntiSpyware and Malwarebytes Anti exploit so after all the information that you have provided I think that EMET is unnecessary for me.
0 members, 0 guests, 0 anonymous users