Tightening Windows security with Microsoft's EMET utility

Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is a simple but powerful configuration utility that allows you to harden applications that weren't originally designed to take advantage of Windows security features. Here's how it works.

For a full description, see the accompanying blog post, The one security tool every Windows user should know about.

The EMET interface is divided into two parts. The top shows the system status; the bottom shows a list of running processes and whether they are currently running with EMET enabled.

Although it sounds tempting, I don't recommend the Maximum Security Settings option for Windows 7. That's especially true in a business setting, where compatibility is crucial.

Your XP options are more limited, because XP doesn't support SEHOP or ASLR. Enabling DEP universally on XP is a smart idea.

Most zero-day threats attack commonly used Internet-facing applications, such as Internet Explorer add-ons, Adobe Acrobat and Reader, Apple QuickTime, and so on. EMET let you tighten security on these individual programs.

Because Address Space Layout Randomization (ASLR) is not supported on Windows XP, EMET offers five app-configuration options here, instead of the six you find with more modern Windows versions.

To view the security status of programs, open the main EMET UI and look in the Running Processes list.

In all Windows versions, you can click the Running EMET heading to sort the list so that all EMET-enabled apps are grouped together.