EMET - a hidden Windows jewel!
 

The little known Microsoft Enhanced Mitigation Experience Toolkit (EMET) [now at a much easier to configure V4.0] is arguably the best security software for the Windows operating system.

------------------------------------------------------------------------------------------

PS: Couple it with sudowin - Sudo for Windows | Free System Administration software downloads at SourceForge.net - and you can be tighter than a mouse's ear'ole.

(Advised reading is This is SMHAM2.ORG! and for more detail https://www.sans.org/reading-room/wh...s-sudowin-1726 - you may well need to modify sudoers.xml to update checksums and get more granular control but it is really quite simple.)

AND (drumroll) they both work with the dreaded XP...

Mac

:cool:

Eeewww..... nasty. :yuk:

People should just use the built-in "run-as" tools provided by Microsoft.

Windows is not conducive to sudo like behaviour, hence the need for hacky tools such as sudowin.

Sudowin being reliant on a local server instance running as admin providing the sudo service to the client on your drop down menus and command line.

Nice little attack vector there.... hence my recommendation of AVOID.

And as I keep on repeating.... they will do absolutely bugger all to improve your XP security after April. Just as is the case with anti-virus and any other security software.

So please, don't sell them as a solution to the problem and don't encourage people to cling onto XP. XP will be dead in April, end of story.

Mix: I know all about Run-As - Run-As is particularly nasty.

The problem with run-as is that a user needs the administrator password since this option is to run a program as administrator and not to briefly elevate a user's rights to administrator. This is a major security risk since more people then have the administrator password. NOT a good idea! With sudowin the limited user does not need the administrator password, since sudowin relies on the users password (and sudowin rules) to elevate the command. And importantly, unlike the run-as command, Sudo for Windows preserves the user's profile and ownership of created objects.

I cannot see how sudowin broadens my attack surface - rather the reverse, particularly it is thoughtfully written and very security tunable with little effort. You should actually read https://www.sans.org/reading-room/wh...s-sudowin-1726 before reacting (yes, I know you're busy, though not too busy to react!)

But anyway, what do you think of Microsofts own EMET ???

[Which was really what my post was about}

:ok:

Sorry, I shouldn't have made that joking reference to XP, I know that it's bad for your blood-pressure!

What people should really do is switch to Red Hat or Mint and then run XP in a secure VM image if they have to.

:cool:

Does it have an Interactive Console? If so, we can call it the EMETIC. :yuk: