Windows has a Data Execution Prevention (DEP) interface, for instance, but it’s not exactly easy to spot. And Structured Exception Handler Overwrite Protection (SEHOP) or Address Space Layout Randomisation (ASLR) are handy at protecting key data structures from attack, but they’re normally only available if you know exactly where to look in the Registry.
Fortunately there is a simpler approach, though, in the shape of Microsoft’s clumsily-named Enhanced Mitigation Experience Toolkit (EMET). Launch the program and it’ll immediately display your current DEP, SEHOP and ASLR status; you can reconfigure any of these settings it just a few clicks; and the EMET adds a host of brand-new “pseudo-mitigations” which will help to protect you from a range of common attacks.
At a minimum, then, you should set DEP, SEHOP and ASLR to “Application Opt In”, if they’re not configured that way already (just click Configure System and choose the Recommend Settings profile).
But if you click the “Configure Apps” button, then you can also take advantage of some additional EMET technologies for specific applications. So, for instance, enabling Export Address Table Access Filtering blocks a technique often used by malware to find the location of Windows functions. And Heap Spray Allocation pre-allocates commonly abused memory addresses to prevent simple heap spraying attacks. (See this Windows blog post for more.)
You do need to be careful when you’re tweaking your security settings with the EMET. Some applications don’t play well with such low-level trickery, and you could find they become unstable, crash, or maybe bring your whole PC down with them. So if you change any individual setting, be sure you take the time to test your PC and confirm everything’s still working just fine before you get back to any serious work.
Still, if you’re interested in maximising your system’s security then the EMET is definitely worth a look. Especially as it’s now an officially supported Microsoft tool, with its own forum: if you have any difficulties then pay them a visit and ask for more advice.
Fortunately there is a simpler approach, though, in the shape of Microsoft’s clumsily-named Enhanced Mitigation Experience Toolkit (EMET). Launch the program and it’ll immediately display your current DEP, SEHOP and ASLR status; you can reconfigure any of these settings it just a few clicks; and the EMET adds a host of brand-new “pseudo-mitigations” which will help to protect you from a range of common attacks.
At a minimum, then, you should set DEP, SEHOP and ASLR to “Application Opt In”, if they’re not configured that way already (just click Configure System and choose the Recommend Settings profile).
But if you click the “Configure Apps” button, then you can also take advantage of some additional EMET technologies for specific applications. So, for instance, enabling Export Address Table Access Filtering blocks a technique often used by malware to find the location of Windows functions. And Heap Spray Allocation pre-allocates commonly abused memory addresses to prevent simple heap spraying attacks. (See this Windows blog post for more.)
You do need to be careful when you’re tweaking your security settings with the EMET. Some applications don’t play well with such low-level trickery, and you could find they become unstable, crash, or maybe bring your whole PC down with them. So if you change any individual setting, be sure you take the time to test your PC and confirm everything’s still working just fine before you get back to any serious work.
Still, if you’re interested in maximising your system’s security then the EMET is definitely worth a look. Especially as it’s now an officially supported Microsoft tool, with its own forum: if you have any difficulties then pay them a visit and ask for more advice.