For your home or work computers...
We have all heard dire
warnings (mostly from Microsoft and computer sales people) regarding how
dangerous and irresponsible you are if you dare to keep your Windows XP
machines running for another day without upgrading or replacing them
immediately, and even though these warnings are usually accompanied by
an offer to sell you upgrade licenses or new machines we still tend to
take them very seriously. Very recently, we've been shown just how
serious that can become...
Why? A "zero day" (meaning something
completely unprotected against by either antivirus or other means)
vulnerability was discovered within most versions of Microsoft's
Internet Explorer that could allow someone to remotely control your
computer using your own security privileges.
Sounds pretty scary, right? Panic did set in quite quickly...
The
Director of Homeland security last week set the new record for the
quickest over-the-top public display of sheer panic by telling the
public at large to stop using Microsoft's Internet Explorer completely
and recommended everyone immediately switch to Firefox or Chrome.
Who
wouldn't take them seriously? Everyone keeps telling you how every
hacker on the planet is now targeting you and your XP machine. But is it
really the end of the road for your XP machine? Are you left hanging in
the breeze with no recourse? The answer may surprise you.
So
let's look at how many ways XP was protected last week when a supposedly
devastating vulnerability sent even Homeland security scurrying for
cover:
The first thing we will look at is the most obvious:
Microsoft itself. Microsoft had actually released a tool that stopped
the latest vulnerability long before (November of 2013) this zero day
ever took center stage.
It's called EMET, or Enhanced Mitigation Experience Tool. In Microsoft's own words: EMET "is a utility that helps prevent vulnerabilities in software from being successfully exploited." It
does this by throwing up roadblocks to malicious execution of system
files in a wide variety of ways. You can find more detailed info by
following the link at the bottom of this article.
EMET has been
around for nearly 3 years now and contains a wide variety of protection
options that I won't go into here, but I mention here because one of
those tools is a full mitigation, or lock-down of Internet Explorer.
This single feature stops the zero day vulnerability that hit last week
cold in its tracks all by itself without a Microsoft patch, without
antivirus updates and most notably, with only very minor side effects.
In fact, when I deployed this within an environment running nearly 1000
pieces of software and over 700 users, I experienced only a single
problem which was resolved within an hour.
No comments:
Post a Comment