EMET, Its actually pretty good!

I recently came across a tookit from Microsoft called EMET, Enhanced Mitigation Experience toolkit. I had never heard of it before but after reading it and trying it out for myself on a couple of systems I must say that I am clueless as to why its not included with Windows by default now.

Basically what it enables you to do is set system wide policies for DEP, ASLR and SEHOP. Meaning instead of applications opting in, you can set it to opt out (or with DEP you can also enable “always on”). Furthermore you can configure the security policy for each individual application. It works well and in theory at least adds a very significant layer of security. I wont dive into details but my impression is that it works really well and that exploits will have a very hard time bypassing EMET unless specifically crafted to do so. As far as Ive been able to tell, this has never been achieved, thanks in large to the EAF filtering and the fancy new “Bottom-Up Rand” mitigation Microsoft has so cleverly come up with.

I must say that EMET goes in line with a select few other pieces of Microsoft developed software that is simply amazing yet hardly advertised. WinDBG and the Sysinternals toolkit are other examples.

So I strongly recommend you give EMET a go!