Security Questions - Integrated Level Support & EMET 2016-01-04, 22:51:57 A member of the forum by German IT-publisher Heise compared several Browsers Integrated Level Support:Mozilla Firefox would be the only global player (inside the MS-World) without such a security feature. Due to its "IL 3" (which would correspond to the normal user rights) write access to SSD, registry, other processes ... would be possible. If the user would have been stupid enough to disable UAC, then malicious code would own full administrative privileges.Chrome and IE would be running on "IL 2": As a result malicious code (which leaves the browser) would have write access only to other browser processes (in the same Integrated Level) as well as an write access to the temporary files folder.Vivaldi would be even more exemplary and thus be running on "IL 1" (untrusted code).Does Otter implements the benefits of Integrated Level Support like Vivaldi? Does Otter by the way accords with Microsoft's Enhanced Mitigation Experience Toolkit (EMET) as it "helps protect in a wide range of scenarios"?Thanks in advance. A luser (right?)...
Re: Security Questions - Integrated Level Support & EMET Reply #1 – 2016-01-11, 19:01:26 @florian17, to be honest, I have no idea what exactly does this framework and how it interacts with application, that article form MS is more like advertisement. ;-)
Re: Security Questions - Integrated Level Support & EMET Reply #2 – 2016-01-11, 22:37:23 Now I don't have to feel like a newbie!Unfortunately, I can't say anything to EMET's functions or even this ILS-stuff - in which I am still interested: I hope that's the missing link https://msdn.microsoft.com/en-us/library/ms345101.aspx but to be honest, although Heise is quiet good its forum-community...
Re: Security Questions - Integrated Level Support & EMET Reply #3 – 2016-01-12, 10:02:08 Quote from: http://www.dedoimedo.com/computers/windows-emet-v4.html By now, you know that Microsoft Enhanced Mitigation Experience Toolkit is the best security software for the Windows operating system. The reasons are many. Chiefly, it is simple and transparent to setup, and there are no silly questions. It's free. And it's effective in what it does. Not stopping you from being a fool, but stopping software from misbehaving. And that's what makes it awesome, and this is why it gets so little spotlight in the pay-for-security world out there.Now, the first really public version is out there, numbered 4.0. True, the previous versions were also usable, but they were sort of beta slash interim editions, mainly intended for geeks. This one can be used by normal people, too. Let me try to give you an overview as well as a somewhat detailed tutorial that should help you use and implement EMET in your security setup with jolly good ease. After me.
Re: Security Questions - Integrated Level Support & EMET Reply #4 – 2016-02-03, 15:33:58 Thanks Frenzie. But I rather thought of "don't know anything about" EMET's functions such asAttack Surface Reduction (ASR) MitigationData Execution Prevention (DEP) Security Mitigation (described for instance by MS Technet)Mandatory Address Space Layout Randomization (ASLR) Security Mitigation (which is implented in Windows, Linux or for instance OpenBSD - cp. Wikipedia)and all of the other stuff mentioned in my first link to MS EMET above.Please consider, that at Pwn2Own 2014 all major browsers were hacked. But no hacker was able to claim the $150,000 grand prize for hacking IE 11 secured with EMET (e.g. cp. Microsoft News IE with EMET unhacked). And NSA-TAO-Chief Rob Joyce recommends EMET, too (cp. USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers (Youtube-Clip)).That's why I would be grateful to be aware of including at least those security functions which are also widespread amongst other Operating Systems.The Happy End of my posts in this thread EDIT: Sorry for the two typos. Last Edit: 2016-02-03, 19:08:53 by florian17
Topic: Security Questions - Integrated Level Support & EMET (Read 1647 times)
