Redmond's EMET defense tool disabled by exploit torpedo Microsoft's Enhanced Mitigation Toolkit (EMET) tool can be deactivated andbypassed according to Offensive Security researchers. The exploit struck dead the latest standard and updated version 4.1 of EMET designed to make attacks more complex and expensive through the use of Address Space Layout Randomisation and Data …
Yes, in exactly the same way as your HIBS firewall and security suite downloads profiles for applications and websites.
However, outside of the few applications supported out of the box, EMET does require the user to add an application, explicitly create rules and enable rather than doing all this in background automatically.
What is odd is that EMET doesn't seem to be protected against being disabled - my security suite requires a password if I wish to do anything with it.
You might be drowning in the acronym soup surrounding this area! There are specific "mitigations", such as DEP and ASLR and then there's the free, downloadable tool EMET which forces programs on the system to use the mitigations.
Windows XP got DEP support built into it and Vista onwards also supported ASLR which may be where the confusion lies. EMET lets you choose which programs enjoy ASLR (it's supported but not enforced by default) and a load of other exploit mitigations. Some of the mitigations break programs, hence the choice.
Nope. Separate from the OS.
By default it will "protect" various Microsoft applications, plus Adobe Acrobat/Reader, Java, and I think a few others. These are included because they are common to attacks.
If you want to apply it to heavy vulnerable applications like Google Chrome, you have to add it.
Nothing was ever 100% with EMET or Windows, it was just one more added precaution. Use throwaway VMs when needed for unsafe activities.
Nothing is ever 100%. Better to use throwaway VMs for all or most activities in addition to other precautions. Many enterprises are moving to a VD environment for this among other reasons. Qubes OS is another implementation of this idea, though for standalone workstation users. None of it is bullet proof - you still have to protect the data, for example - but it is a really good start.
As mentioned it can't be enabled by default as then thousands of in house business software packages and loads of software that isn't coded properly or written before say 2005 will fall over instantly.
I've installed it on quite a few customer machines and even today modern software like Firefox and Chrome still cock up updates that trigger it.
Again its the human element that lets it down.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
