New version of EMET is now available

I'd rather just keep Sandboxie, it closes all barriers.

 

EMET and Sandboxie are totally different technologies, so I'm not sure why this is an either/or decision. It could / should(?) be an "and" decision.

 

Exactly!

We aren't asked to choose one over the other!

Emet, I could view as a last line of defence in my layered world view.

IF (big word) a parasite somehow got in to my setup, past the moat, the iron gate, the high wall, the burning oil, and the archers then EMET has a good chance of plunging the intruder into quicksand so he can't move or do squat.

 

EMET isn't a last line. It's still a preventative measure. Last lines are things like UAC or Antiviruses, which assume that you're already infected.

EMET really just hardens your programs to protect from specific types of attacks.

 

We are word smithing here.

No, a last line to me (you may think differently) is a tool like EMET that deals with a parasite that has penetrated your setup or mine.

If EMET is using it's list of mitigations to block a parasite from executing using one of the vulnerabilities that ESET deals with, clearly it is present in memory.

So this intruder got by your FW, my AV, my HIPS my sandbox and now only faces EMET.

Take care !

 

Yes what I'm saying is that EMET does not deal with anything once it's on your system. If you have a virus EMET will not do anything. What it does is hardens applications to prevent exploits.

If it's gotten past your AV there is nothing EMET will do.

 

I don't think that's accurate.

Imagine a PDF file exploiting a vulnerability in Adobe Reader. The antivirus has no malware/exploit definition to detect the exploit. But, if Adobe Reader is under EMET's protection, then the user still has got a chance to be protected.

 

In that case EMET is your first line of defense... it's a system hardening tool. If malware programatically avoids EMET and infects your program you need some sort of HIDS. EMET is a HIPS (Host Infection Prevention System), by definition it's a front line defense.

 

I didn't say otherwise. I just meant that, even if the the antivirus/antimalware doesn't detect it, there's still EMET. I'm excluding anything else. So, EMET won't be useless in case antivirus/antimalware fails.

I agree with you, EMET is one of the first lines of defense, not a last one.

 

They're two separate things. The types of attacks that would be prevented by EMET are not going to ever be stopped by an antivirus because they don't involve downloading any files. EMET prevents against direct attacks on (usually) internet-facing programs that would exploit known vulnerabilities. Antiviruses are for when a user accidentally downloads a malicious file.

But good haha as long as we agree.

 

I'm only saying based on watching antimalware apps flagging PDF files etc. exploiting vulnerabilities. If they're lying... that's another thing.

 

Well thinking different is a good thing.

If the user removes all layers of defence, his FW, his sandboxie, his AV his ASW but leaves only EMET in place then I agree with you both EMET is his first line of defence.

 

Can EMET and Sandboxie be used peacefuly together in order to protect the browser?
Thanks

 

I have been using sandboxed Firefox and IE9 under EMET max protection without any problem.

 

Sandboxie haven't recognice the new version, so in my case it's shown as EMET 2.0 on sanboxie compatible program. But nevertheless it work just fine.

 

Yes, I used the same programs on both with no problems.

 

I have started a thread as a wishlist for EMET
http://social.technet.microsoft.com/Forums/en/emet/thread/28542b09-c75a-484a-b1b2-ef586ec43009

Take a look and post some ideas, you can also vote my post


Do I need UAC active if I use EMET? I mean is UAC needed in order to make EMET work?

 

Nice wishlist

 

EMET a HIPS? Really?
If we're going to haggle over semantics, let's just call EMET indeed an OS/system hardening tool.
Before you know, some newbie asks for a HIPS recommendation and someone else replies, he read about the HIPS EMET being recommended...

 

Interesting wishlist guest. I agree with all of them except for 8 (or is that 7?), because EMET is useful for protecting older versions, and of course a HIPS. Both are not what EMET is made for.