Barney's Blog

Blog archive

EMET 3.0: A Hacker Emetic

Some security tools are straightforward. Antivirus software stops or eradicates viruses. Anti-spam software does the same for spam. Firewalls stand guard at the perimeter (or wherever you happen to place them). Malicious software removal tools remove malicious software after it is has been unfortunately installed.

Microsoft's free Enhanced Mitigation Experience Toolkit 3.0 (EMET 3.0), now available, is a bit harder to figure out. In general it could be called anti-exploit software. But like firewalls, spam and virus tools, it doesn't pretend to block all exploits. That's probably one reason previous versions were not officially "supported" by Microsoft.

Here's how Microsoft describes it: "Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software."

OK, I still don't get it. I went through all the material Microsoft seems to offer and I'll tell you what I think I know. Afterwards I'm sure a true expert, i.e. a Redmond Report reader, will cut to the chase for us all by writing dbarney@redmondmag.com.

First, EMET is designed to "make it more difficult for an attacker to exploit vulnerabilities in a given piece of software," Microsoft says.

According to Redmond, other mitigation tools force you to recompile software. EMET is based on an opt-in method -- you submit your software to EMET and it works to protect it. This tells me EMET is a very application specific and not a general purpose tool like Windows Defender.

You can even place mitigations on processes rather than the entire product. This is deep-in-the-weeds security and seems ideal for corporate developers. EMET is also aimed at legacy apps that are often no longer protected by their providers. Here you can take matters into your own hands and use EMET to help harden the old stuff.

With EMET and other tools, hopefully when hackers invade, we can hurl them right back out!

I see this as one more layer of protection -- not quite a full layer and certainly not "the" layer.

What's also cool is that it is totally free and, as you can tell by version 3.0, Microsoft is fully committed to this tool.

Posted by Doug Barney on 05/18/2012 at 1:19 PM


Featured

  • Azure Active Directory ID Protection 'Refresh' Now Available

    Microsoft's enhancements to the Azure Active Directory Identity Protection service are now said to be "generally available" (GA), or ready for commercial use, per a Wednesday announcement.

  • Microsoft Releases Windows 10 Version 1909

    Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.