Reducing Exploitation of Failed Security with EMET
Reducing Exploitation of Failed Security with EMET
Objective
This article aims to demonstrate how to install and configure theEMET to reduce the exploitation of flaws insecurity on yourcomputer quickly and easily.
Overview
Virtually all software has had somevulnerability andsecurity for those who have not had is just a matter of time before some hacker or technology student discover the vulnerability and make it public. Thinking about thatMicrosoft created theEMET (Enhanced Experience Mitigation Toolkit).TheEMET was created to reduce the exploitation of security holes used by hackers to gain access to systems that havevulnerabilities known and theZero-day Attack .
A major challenge for users today isto keep their computers updated and safe and I'm not talking here only of the operating systems fromMicrosoft, but all the other thousands of software programs that are installed on the computers, such asAdobe Reader ,Winzip, Firefox, Apple QuickTime, etc..
The big software vendors likeMicrosoft has released security updates constantly to prevent their software from being exploited by hackers, but in some cases these vulnerabilities are discovered and before the manufacturers become public without prior notice. When this happens the software is vulnerable toZero-day Attack until a patch is created and distributed by the manufacturer. As aworkaround you can use theEMET to protect your system until a patch is available.
Note
TheEMET allows you to force the use ofDEP , ASLR andSEHOP throughout its system, which prevents some common programming errors result in exploitable vulnerabilities. Application level can force the use ofDEP, SEHOP, NullPage, HeapSpray, EAF, MandatoryASLR.
Installing EMET
1 - To install theEMET do first download at:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04
2 - Click ondownload and wait until the download is completed.
3 - Double-click the fileEMET Setup.msi. Will load the dialog box as shown in Figure 1.1.
Figure 1.1
4 - In the dialog boxEMET Welcome to the Setup Wizard click theNext button to continue. Will load the dialog box as shown in Figure 1.2.
Figure 1.2
5 - In theSelect Installation Folder dialog select the location where it will be installed and setEMET who can use it and then click theNext button. Will load the dialog box as shown in Figure 1.3.
Figure 1.3
6 - In theLicense Agreement dialog box, read the license terms and selectI Agree and then click theNext button. Will load the dialog box as shown in Figure 1.4.
Figure 1.4
7 - On theConfirm Installation dialog box, clickNext to install theEMET. Will load the dialog box as shown in Figure 1.5.
Figure 1.5
8 - In theUser Account Control dialog click theYes button to allow theEMET is installed on your computer. Will load the dialog box as shown in Figure 1.6.
Figure 1.6
9 - In theInstallation Complete dialog box, click theClose button to close the installation program.
Configuring the EMET
EMET After installing on your computer, the next step is to configure, but before setting out all the software from your computer to use theEMET, it is important that you do before all the tests required for each software individually because depending on the software or settings that you make with theEMET it can cause outages in using the software. Then enable the first software toEMET are considered major vectors of attacks by hackers, such as PDF readers, web browsers, instant messaging programs, and any other software that has Internet connectivity.
1 - ClickStart, All Programs, Enhanced Experience Mitigation Toolkit and click theEMETprogram2.0. Will load the dialog box as shown in Figure 1.7.
Figure 1.7
2 - In theUser Account Control dialog click theYes button to enable the implementation of theEMET program on your computer. Window will be loaded as shown in Figure 1.8.
Figure 1.8
3 - At the top of the window click theConfigure buttonEMET System. Will be charged the dialog box as shown in Figure 1.9.
Figure 1.9
4 - In theSystem Configuration dialog box you have optionsDEP, ASLR andSEHOP, which will affect the entire system.
The recommended option is to keep theApplication Opt-In Mitigation of the three options, which is the criterion ofEMET enable protection or not in your system. If you want to set the maximum security, you can enable theMaximum Security Settings in theProfile Name. Selecting this option you may have some additional locks on your system, in which case you need to return the configuration toOpt-In Application. Choose the desired setting and then click theOK button. In our example, we will not change this setting.
Note
InWindows XP andWindows Server 2003, onlyDEP is available.
5 - At the bottom click theConfigure buttonApps. Window will be loaded as shown in Figure 1.10.
Figure 1.10
6 - In theApplication Configuration dialog box, click theAdd button to add an application to be configured byEMET. Will load the dialog box as shown in Figure 1.11.
Figure 1.11
7 - In theAdd Application dialog box, locate the software to be configured byEMET and then clickOpen. In our example we will select theAdobe Reader software. Window will be loaded as shown in Figure 1.12.
Figure 1.12
By default theEMET will mark all the options(DEP SEHOP, NullPage, HeapSpray, EAF, MandatoryASLR), but depending on what software you have added a list of options may be incompatible, which could cause a crash of the software, then make several tests before starting production.
8 - In theApplication Configuration dialog box, click theOK button. Window will be loaded as shown in Figure 1.13.
Figure 1.13
Note
At the end of the window displays the messageEMET The changes you made May Require Have restarting one or more applications.
9 - Run the program that you configured in previous steps, in our example we will run theAcrobat Reader. The window displays the process ofEMET Adobe Reader as shown in Figure 1.14.
Figure 1.14
As you can see theAdobe Reader (AcroRd32 process) is running with the protection ofEMET.Now just repeat the same procedure to add other software on the list.
Luciano Lima
[Enterprise Security MVP] - [MCSA Security] - [MCSE Security]
www.ticlassificados.com (New)
www.guiamcitp.com.br
www.guiamcse.com.br
www.guiamcse.com.br / forum (New)
www.guiacissp.com.br
www.guiacissp.com.br / forum (New)
How Do I Remove the Security Essentials 2011 - How to Perform a Security Essentials 2011 Removal Remove Eset Smart Security - Get Rid Of Eset Smart Security The Easy Way Security Shield Remove Failed - Security Shield Uninstall Guide Company Security Provided With The Master Key System Of Locksmiths Sydney Securing Your Events with Linebacker Cable Protectors A glimpse into the world of security system Avg Security Refuses the Install Other Program - Where Can I Completely Remove Avg Security Green AV Security Suite Removal-How to Remove Green AV Security Suite? How to Uninstall Symantec Security Check Antivirus – Quickly Conduct a Symantec Security Check Antivirus Removal Keyless Remote - Get Advanced Locking System For Security And Convenience Understanding Password Security ADT Security System Security Systems and Surveillance