Tuesday, August 28, 2012

Yes Virginia, you can still get viruses on Windows

I keep seeing posts online lately, and even my brother now buys into this: "you don't need antivirus" on Windows machines. Linux machines have rarely been hit; Android's had some rare instances; Apple / OSX is getting targeted more these days. But Windows: he's some Avast feedback from a drive I cleaned today...

The battle is not over. I regularly clean infections from machines: usually Vista SP1 or newer boxes, that have had expired copies of McAfee, TrendMicro, or Norton on them. Sysadmin forums regularly debate the merits of using MSE vs Avast vs nothing at all: right now, I'd consider nothing at all to be the equivalent of sex without condoms.

That being said, Microsoft has had a tool out for a while now, that helps mitigate some of the security concerns of late (the latest Java freakout, Adobe Reader concerns, etc). EMET version 3.0 has the ability to change master application permissions in Windows, as well as to be able to import/export them as XML files. My concerns are with Java, Internet Explorer, and even the basic file explorer. Adobe Reader X is technically its own sandbox; so is Google Chrome. Firefox is in between. Here is a copy of a profile I'm trying out myself: I know MS has other ones on their EMET page; you may want to experiment based on your own needs.

One thing I should note: you're welcome to set EMET to "Maximum"; but be prepared for any ActiveX-based apps, or games that use DRM, to stop working properly. My recommendation is to use the "recommended" setting + lock down key programs individually: servers should really be what you use "Maximum" on.

my XML file includes Explorer.exe; be advised that it may slow down your file browsing. Remove that from the list of apps if it gets to be a problem.
8-30-2012: Oracle patched Java for the latest exploit.


  1. EMET will not help protect against most Java exploits.

    1. I'm interested in anything that precludes having to uninstall plugins every time there's a 0-day.