Why Google with F-Secure Search?

Superuser

Re: Why Google with F-Secure Search?

So, this EMET thing - if I install it, what will it actually do?  Can I just use it's default setting, and forget it, or will it keep pestering me every time I want to do something on the PC?

Advocate

Re: Why Google with F-Secure Search?

I've described EMET here (below Malwarebytes) Click the "Spoiler" for more info. There's also troubleshooting tips and a link to an extensive review.

 

Short answer Yes, install and forget. If any of the programs EMET monitors are exploited with the "techniques"(mitigations) activated for that specific program, EMET will stop that process and alert. If you never come across an exploit you'll never notice EMETs presence, besides its systray icon.

If you're unsure about using maximum settings, then use the recommended settings.

Champion

Re: Why Google with F-Secure Search?

NikK wrote "I assume Malwarbytes Anti-Malware would've picked up if F-Secure hadn't. (I have both on real-time protection)"

 

I was trying to determine if F-Secure had a problem with MBAM Pro.  So it does not.  You are a wealth of information!  Smiley Happy

Highlighted
Champion

Re: Why Google with F-Secure Search?

Simon wrote "Can I just use it's default setting"

 

I strongly recommend taking the default (recommended) settings until you are familiar with EMET.  Last Patch Tuesday or the one before it had two updates for EMET 4.5.1.  These updates broke EMET (with custom settings) on my systems and those of others (IE would not start, with EMET complaining of caller mitigation; I ended up uninstalling EMET, uninstalling the two NET 4.5.1 updates, reinstalling the two NET 4.5.1 updates, and reinstalling EMET).  My professional opinion (with the operative word here being "opinion") is that EMET is a little touchy with respect to NET.  Make sure you have all current NET updates before installing EMET.  If you install a fresh copy of W-7, Microsoft Updates will skip NET 4.0 and go straight to 4.5.1.  By the way, EMET 4.1 is the most recent.

 

"will it keep pestering me every time I want to do something on the PC"

 

As NikK said, you will rarely notice that it is running.  It is not like UAC.  It does add a few seconds to start-up, however.

Superuser

Re: Why Google with F-Secure Search?


@baroque-quest wrote:

Simon wrote "Can I just use it's default setting"

 

I strongly recommend taking the default (recommended) settings until you are familiar with EMET.  Last Patch Tuesday or the one before it had two updates for EMET 4.5.1.  These updates broke EMET (with custom settings) on my systems and those of others (IE would not start, with EMET complaining of caller mitigation; I ended up uninstalling EMET, uninstalling the two NET 4.5.1 updates, reinstalling the two NET 4.5.1 updates, and reinstalling EMET).  My professional opinion (with the operative word here being "opinion") is that EMET is a little touchy with respect to NET.  Make sure you have all current NET updates before installing EMET.  If you install a fresh copy of W-7, Microsoft Updates will skip NET 4.0 and go straight to 4.5.1.  By the way, EMET 4.1 is the most recent.

 

"will it keep pestering me every time I want to do something on the PC"

 

As NikK said, you will rarely notice that it is running.  It is not like UAC.  It does add a few seconds to start-up, however.


 

Thanks for the advice, but I've had to uninstall it, as it crashed my Outlook 2007 every time the PC started.  All oif the boxes are ticked for Outlook, so I don't know what's going wrong, but to be honest, I've lived without it all this time, so I can't really be bothered to investigate it too deeply.

Advocate

Re: Why Google with F-Secure Search?

If you change your mind (and to other people reading this):

 

If a program isn't compatible with an EMET mitigation, take a note of which mitigation it was and uncheck it for that program. For example I sometimes had Caller Mitigations when using the preview pane in windows explorer or when double-clicking certain file types in windows explorer. That's why I wrote this (from previous link):

 

EMET troubleshooting

I recommend to launch and test all programs monitored by EMET: test locally and on trusted sites(for programs that uses internet). Test compatibility with windows explorer preview pane and double-clicking file types in windows explorer for any incompatible caller mitigations etc. That way you'll get rid of any incompatible settings and EMET false alerts.

If you add programs yourself, it's a good idea to only add one program at a time and test it as described above. If any pre-defined program(or programs you've added yourself) is not compatible with all EMET mitigations, it will crash(EMET ending the process). Find out the type of mitigation EMET detected for that program, and uncheck that mitigation for the program in EMET, and try again. The type of mitigation detected is shown in the EMET pop-up alert and can also be found in Windows Event Viewer.

Tags (1)
Superuser

Re: Why Google with F-Secure Search?

I consider myself an 'average user', with enough knowledge to get me by, and to sometimes be able to help others with the basics.  EMET seem too much like hard work to me, so I doubt I'll change my mind, but good luck to anyone else who tries it.  :)

Advocate

Re: Why Google with F-Secure Search?

Well It's not for everyone and probably the reason why not so many "average users" have heard of it.

 

I just read an (to me ;-) interesting related article, to demonstrate how much more difficult it is to bypass EMET. If you succeed you can get awarded with $100,000

 

http://threatpost.com/latest-microsoft-100000-bounty-winner-bypasses-aslr-dep-mitigations/104328

Senior Advisor

Re: Why Google with F-Secure Search?

So yet another reminder that there is no single security measure that is 100% infallible.

 

Yes, EMET can be a very useful free tool but there is a potentially a very large userbase without technical knowledge where configuring EMET correctly would be an impossibility for them.

 

Overall, the average user popping in here for help has enough problems in uninstalling their old AV and then installing F-Secure correctly; configuring EMET would be totally beyond them. 

 

 

Advocate

Re: Why Google with F-Secure Search?

I agree! So we might as well also mention Malwarebytes Anti-Exploit as an alternative to EMET (which I remember you also mentioned before, Blackcat). It's much easier and more targeted to the "average user". It's also free but still in Beta. (maybe that's why it's free?!)

 

As a fresh example why it's good to have an exploit blocker - Yesterdays critical Adobe Flash Player zero-day vulnerability. As mentioned in Malwarebytes blog :

 

"Basic security measures such as keeping your computer up-to-date, running antivirus and anti-malware solutions go a long way but still leave a small window open for zero-day attacks. Exploit mitigation software such as Microsoft’s EMET or our own Malwarebytes Anti-Exploit aim at closing that gap."