OK, so you have your Anti Virus and you keep it up to date. You are running some sort of Anti Malware program (such as Malwarebytes) once in a while to try to get things that your AV might have missed. Maybe you even downloaded the application I talked about in my last post to let you know when you have out of date applications. What else could there be you ask?
Glad you asked. Adobe finally released their "sandboxed" version of Adobe Reader. This is supposed to be their response to the problems they had. Guess what though? If your not running Windows Vista or higher, then it doesn't matter. If you are running Windows 7 or Vista, I recommend you go and install Adobe Reader X now, you can get it here.
But wait...there is more!
A while back, Microsoft released a tool called EMET. This stands for Enhanced Mitigation Experience Toolkit. You can download it here. I highly recommend you do that after you get the rest of your applications up to date. This program adds some additional protections for your programs. I have tested this in my lab environment and I have been unsuccessful in getting standard Adobe exploits to execute properly while running this. If you add it to the new Adobe Reader X, I can only image it will get even better (I haven't fully tested with Adobe X yet to say for sure).
Download and install EMET. After installing it, go to your Start menu and locate EMET 2.0 (note: it may be under the Enhanced Mitigation Experience Toolkit folder under All Programs.)
Once the application is running click the Configure System button. Change the values for DEP, SEHOP, and ASLR from Application Opt In to Always On or Application Opt In if Always on is not available for you. Click the OK Button.
Next you want to click the Configure Apps button in the lower right hand corner. This will bring up the Configure Application Window. Click the Add button in the lower left hand side. Double Click on your C Drive. Double click on Program Files (or Program Files x86 if your running a 64 bit machine. You will know you are if you see a Program Files x86 folder here). Double click the Adobe folder. Double click on Reader 10.0 (if you installed Adobe X as instructed, if not, choose the version you have listed such as 9.0). Double click the Reader folder. Finally double click AcroRd32.exe Ensure all of the boxes are checked for DEP, SEHOP, NullPage, HeapSpray, EAF, and Mandatory ASLR.
Click Add again. This time, click your C drive, Program files (or Program Files x86), and then double click the Java folder. Double click the jre6 folder. Double click the bin folder. Double click the java executable and ensure all of the check boxes are selected.
Next click Add again. This time navigate to C:\Program Files\Internet Explorer. (note: if your running a 64 bit machine and have the Program Files x86 folder, you will want to do these steps for both C:\Program Files\Internet Explorer and C:\Program Files (x86)\Internet Explorer files. In each of those folders, choose the iexplore.exe file. Ensure that the check boxes are all checked for these as well.
You will want to do these same thing for any other browser you might use such as Firefox or Google Chrome. Just find their exe files and choose them. (note: you can normally find these by right clicking the icon on your desktop or Start menu folder and choosing properties.) I would also recommend you do the same thing for your Anti Virus, Anti Malware applications and Office applications.
When your done adding all of your programs, click the OK button. This will bring you back to the main screen of EMET. Click the Red button with the white X in the upper right hand corner. This will pop up a warning saying the changes you made will require you to restart your system. Click OK. This does not force you to restart. Save all your documents and what not and reboot your machine.
This is not a silver bullet to keep you safe, but I can guarentee it will make it more difficult to be infected with malware if you do the following:
Keep your OS and third party applications up to date.
Keep your Anti Virus application and signatures up to date.
Keep your Anti Malware application and signatures up to date.
Upgrade Adobe reader to Adobe Reader X.
Install EMET and configure it to protect all of the commonly exploited applications (Adobe, Java, Anti Virus applications, web browsers, Office applications etc)
If you have any questions, please let me know!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment