Securing your Windows computer (both client and server) should be a top priority in your organization. To that end Microsoft just released EMET 5.0. It’s not a matter of IF, but WHEN you will have a security breach. But the trick is to raise the security bar to make it less likely that you will get hacked. One great tool for raising the security bar on Windows computers is Microsoft’s FREE EMET tool. The Enhanced Mitigation Experience Toolkit (EMET) 5.0 has a number of knobs to tweak the security posture of your system, and help protect both against known exploits and zero day exploits.
Back when I was responsible for building golden images, EMET was *always* in my images. I also install EMET on all of my home computers. In an enterprise environment you will need to test, test, test before you decide to roll it out. Some programs will have problems with EMET and may not launch, crash, or act weird. There are various knobs in EMET that can mitigate much of the side effects, and yet allow you to run in a more secure posture.
For the full EMET 5.0 announcement, see this MS blog post announcement. It covers the new features in 5.0. You can download EMET 5.0 here.
For my home system I use the maximum security settings profile, and also import all three protection profiles. Again, in the enterprise you will want to thoroughly test settings and will likely not be able to use the maximum security settings policy.
If you are responsible for making golden images, or work in your organization’s IT security department, do yourself a favor and seriously check out EMET and consider deploying it on all Windows computers.
” I use the maximum security settings profile, and also import all three protection profiles.”
What three? There are only two:
* Popular Software.xml
* Recommended Software.xml
Are you including CertTrust.xml also?
Yes I included all three.