Microsoft EMET 5.5 review - The goodness abides


Updated: Date, Year

Microsoft makes a bunch of products. Some I hate. Some I love. EMET is one of the latter, probably the best thing to hit the digital world since T-rex dinosaurs with laser beams strapped to their forehead. Enhanced Mitigation Experience Toolkit is the dog's bollocks approach to security, providing a framework that lets you wrap your application with strict execution policies. If it misbehaves, it dies. There's no good or bad.

This makes EMET superior to all other security tools, and we've seen it in action a myriad times, including a highly detailed tutorial on version 4, as well as a follow up review on the more recent version 5. Now, with half an integer increment in the version release cycle, it's time for another article. Let's see what this new edition brings to the table.

Setup

EMET 5.5 installed fine and without any issues. On the particular test box with Windows 7, there already was EMET 5.1 on the disk, and the setup completed smoothly, and I wasn't asked to reboot. The new GUI is almost identical to the previous one.

As far as basic functionality goes, I heard there were some issues with this new version and system status slash security settings profile, with possible conflicts with Bitlocker and such, but I didn't encounter any, no matter how rigorously I played with the security configurations, including DEP, SEHOP and friends.

GUI

Browsing about

The application configuration list shows the same mitigations as version 5.X. As always, you are advised to apply them all, and then test your programs, and if you find any issues, uncheck the boxes one by one until you find the conflicting setting. The certificate trust configuration also looks and behaves the same.

App mitigations

Trust configuration

Overall, EMET 5.5 was behaving well. It has the familiar workflow, and you can easily import and export rules, which makes it simpler to manage or restore systems. You can also use wildcards, and in general, 'tis an awesome little utility. I didn't encounter any weird crashes or problems with my programs. That's quite encouraging, too.

Small problems

I did encounter some niggles. The process table would not always refresh, and I had to close the GUI and launch it again to see programs running under EMET. This is an odd little quirk that needs to be fixed.

Then, the bigger problem actually relates to a new functionality introduced here. In the main menu, I wanted to check what the Group Policy button does, as it was not available in previous tool editions. My assumption is that it allows remote server administration, and pushing policies across the organization. This makes more sense for business than home environment.

However, when I tried to use it, I was told my host was missing either GPMC or RSAT tools. Naively, I quickly downloaded the installer for the first, only to discover it is not compatible with Windows 7. Like duh, it's a Windows XP/2003 tool. The other one is a hefty 250MB download, so I couldn't be bothered.

This little error could easily be resolved. Most importantly, the popup should not be generic, and it should be tailored to the right operating system, so that users aren't sent chasing tools that do not run on their particular box. It's a confusing waste of effort. Secondly, the ability to install the extra tools could be a part of an extended EMET setup, so that the configuration can be completed in one smooth go. This way, there's no need for silly errors or issues.

GPMC, RSAT error

Compat issues with GPMC

Conclusion

For people who believe in the sensible approach to security and already well versed in the ways of mitigation experience, EMET 5.5 is a natural continuation of this digital religion. It works as advertised, sans a few odd bugs, and it's fast, lithe, simple, hassle-free, free, and awesomely robust and useful. This is how security should really be done. By killing all and any misbehaving code, be it your favorite app or whatever. Not by handpicking baddies from a sea of dross.

EMET works, EMET is transparent, and it will protect your bytes in the background. You do need to be aware that programs may have incompatibilities, so you do need an inkling of techno karma to use this tool. Beyond that, it's one of the best Microsoft products in the past decade. Version 5.5 confirms the results, so you might as well download right now and test for yourself. Dedoimedo out.

Cheers.

RSS Feed icon

del.icio.us del.icio.us stumbleupon stumble digg digg reddit reddit slashdot slashdot



Advertise!

Would you like to advertise your product/site on Dedoimedo?

Read more

Donate to Dedoimedo!

Do you want to
help me take early retirement? How about donating
some dinero to
Dedoimedo?

Read more

Donate