Microsoft's Internet Explorer security
The big Internet Explorer security panic on 4/29/14 may be way overblown and there is no patch as of May 2, but as recommend by ZDNet (and others) the installation of Microsoft's EMET would be a good idea (discussed below).
We have found by some testing, EMET causes slight delays when opening Internet pages, but maybe a slight delay for more security is ok.
Partial description from Microsoft's EMET site:
The Enhanced Mitigation Experience Toolkit (EMET) helps raise the bar against attackers gaining access to computer systems. EMET anticipates the most common actions and techniques adversaries might use in compromising a computer, and helps protect by diverting, terminating, blocking, and invalidating those actions and techniques. EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software. EMET benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives.
Also Microsoft recommends enabling Enhanced Protected Mode (EPM).
- To enable EPM in IE 10 or 11, click the Tools menu and then click Internet options.
- In the Internet Options window, click the Advanced tab.
- Scroll down the list of options until you see the Security section.
- Look for the option to Enable Enhanced Protected Mode and click its checkbox to turn it on.
- If you're running IE 11 in a 64-bit version of Windows, you also need to click the checkbox to Enable 64-bit processes for Enhanced Protected Mode.
- Restart IE to force the new setting to take effect.
And here are other work-arounds for this security problem.
Recently (10/2015)
If you have the older 4.x version, you may get errors trying to open any Microsoft Office product. If so, simply uninstall EMET and install the later version (if desired).
EMET
Note: I rushed through to get the below information ready by test installing EMET on a Windows 7 and a XP machine. I very well could have missed a step... Probably best to close out of everything you have open and do a fresh reboot before proceeding.
If you already have an older version of EMET, be sure to uninstall it first!
Microsoft's EMET 5.0+ protection is here: http://www.microsoft.com/emet
- Click Download
- Select EMET Setup
- Next
- * Open/run (you will get a download or pop-up warning which you need to allow to continue)
- Click next, I agree, bla-bla, next to install.
- Best just to accept the default settings.
Once installed you can open the tool and make adjustments. See below.
* But it's never just simple is it...
If the installer indicates you need the latest .NET Framework, click yes to install, then on that page:
- Windows XP, Vista and 7 proceed to NET Framework 4
- For whatever reason there are 2 Window XP updates.
If the above 4 does not work, try the
.NET Framework 3.5 SP1
- For whatever reason there are 2 Window XP updates.
If the above 4 does not work, try the
- Windows 8 proceed to NET Framework 4.5.1
Downloading .NET typically "offers" other things to install which you can skip. Once NET Framework is done, try the EMET installer again.
Install Error
On our recovery Windows 7 machine, the install FAILED referring to a script error but no further information was available. Since we don't use that machine on the Internet we're not concerned. Sometime later we will find out what causes the error and post the fix here.
Application Op-in/out
One adjustment you may consider is the DEP settings. Change it from Application op-in to application op-out. This forces EMET to inspect all applications that run.
We simply have not looked into this very deeply yet. If you have problems with an application, you will need to change the DEP setting. Change ONLY the Dep setting for a specific application by unchecking the option.