EMET (Enhanced Mitigation Experience Toolkit)

so i need explorer to be sandboxed first...?

 

That shortcut will make a sandboxed instance of explorer too. You don't have to do it "first".

As tzuk left it this way, I won't myself also call this exactly an "issue". EMET is a tool not at the moment even suitable for everyone or what particular security software they are running. Someone using this kind of tool needs in my opinion be prepared to be willing to learn what is needed for the software to work.

 

Quite true. Read what the Palemoon developer states about EMET....Quote, "Using EMET is (as I explained before) NOT RECOMMENDED on Pale Moon because it already has all safeguards in place. Using EMET on top of that can and will break the browser and can make it less safe to use. EMET doesn't protect against 0-day exploits either, its use is very specific to legacy applications lacking DEP, ASLR, and similar safeguards that could allow a vulnerability to be exploited in practice more easily. Since Pale Moon is compiled with VS2012 with all safeguards enabled, EMET is pointless and would clash with the built in safeguards. EMET should only be used if you are running particularly old software that could be vulnerable, and that won't be updated anymore." end of quote....can be further read here. http://forum.palemoon.org/viewtopic.php?f=4&t=3899&p=23382&hilit=EMET 5.1#p23382
For me at the moment am using EMET 5.1 and it seems to be working well so far. I am kind of following the quide I found here. https://www.winhelp.us/general-security/other-free-security-programs/microsoft-emet.html

 

amg... i did it... i modified your shortcut a little... but it works!!
thanks...

 

after successfully EMETing FF you post this... WHY D:
now im confused... to EMET FF of not to EMET FF?? D:

 

Just for the record I have Palemoon in EMET with EAF and EAF+ unticked and it's working well. Sometimes you have to think and make decisions for youself and try and see if they work for you irrespective of what others may say or think. If it works for you then go for it.

 

well I've been using EMET + FF combo even before I started using sandboxie... and never had any issues... I'll probably keep this setup until a better alternative comes...
btw about this EAF+ i have it checked on all most every item i added (FF,hexchat,etc)... will this be a problem? and why are you not using it??

 

This is only for my setup, I found that by unticking the EAF's that Palemoon responded quicker. If you don't have a problem and are not getting any warnings then keep it as is. I am no expert on the subject but I do like to experiment and sometimes by adding this or subtracting that you kind of fine tune your setup to work more efficiently.

 

welp... thanks for your inputs... now im off to tweak EAFs on EMET...

 

Ok decided to try it again. Error I get is Simexec mitigation. Unchecked that and now can open IE. Anyone know why that would be?

 

But now After I unticked some thing , I can not retick them and have them hold. When I relook at Apps it still shows the unticked.

 

What a bold statement (not you, your quote), is it really from the dev of the palemoon?
I have read some of his post in that forum you quoted, and it's obvious he don't know recent exploit situation in details.

 

Here is copy of the thread found here, second post from the top and look to right at the poster's profile info and it does say "developer". http://forum.palemoon.org/viewtopic.php?f=4&t=3899&p=23382&hilit=EMET 5.1#p23382 Personally, I'm not making a big deal of it as I am running Palemoon with EMET 5.1 within Sandboxie with no ill effects.(so far) but keeping an eye on it.

 

Ah! Sorry, I somehow thought your quote is from Mr. Opera1215b1748 who has many wrong idea, but okay that was actually from Moonchild.
Thanks for clarifying.

 

I'm going to just guess that the Palemoon dev is not a security expert, because he's wrong. Though only a bit I suppose. Firefox has always implemented the most important mitigations that exist in EMET, but not all, certainly.

 

As I stated before I am using EMET 5.1 with Palemoon within Sandboxie and so far I have no problems. I unticked EAF as I found that Palemoon seems to be less sluggish with EAF unticked. EAF+ is also unticked. Now with EMET 5.0, a different story. I ran into a lot of problems with it and Palemoon and I just got fed up and ditched it. Not so with EMET 5.1 no problems so far.
As far as debating the the security tech abilities of anyone, that is beyond my limited scope of knowledge to judge one way or another. I use what works and ditch anything that don't work whether some techie expert recommends it or not.
Lastly if anyone disputes what any of the Palemoon devs state about EMET or anything else regarding Palemoon, they can always go to the Palemoon forum and discuss it there in a civil manner.

 

Yeah maybe I'll go over there to discuss it. I'm not trying to 'call out' any person. But not everyone focuses on security. In this case he's incorrect, though not by a lot, and for all of the important bits, 100% right.

If I rememebr I'll make a post over there.

 

When one uses code sanitizing and a modern compiler, a fair share of the ROP protections of EMET are irrelevant. SO maybe the developer of PM hinted on that?

 

I don't think so. I personally am not fond of EMET's 'anti-ROP' techniques, but Mozilla does not implement them, nor anything comparable as far as I know.

 

I don't know what option is available for Windows C programming, but options I know in gcc are not directly related to ROP. SPP is to prevent old stack over-flow, PIE (with ASLR) is for radical ASLR, and RELRO is to prevent GOT override.

Does Mozilla implement mitigation other than DEP & ASLR?

 

Not really. None of the others are really appropriate to implement, they don't really do much and aren't directly supportable.

 

Okay, thanks!

 

I have 5.1 now but EAF+ is a serious performance killer, I disabled it on IE.

 

EAF+ has been causing some performance issues with Chrome and Firefox as well.

 

Just reporting, I have EAF+ enabled on Cyberfox and have no issues. Although I didn't tweak the advanced setting of it.