– Is there something more I can do to protect my computer and get computer support? Yes.
The number one complaint I hear about Antivirus programs is that they slow you down. Moreover, the first place I look as an IT professional when I hear a computer is being ‘slow’ is the antivirus. The reason for this is that antivirus programs actively monitor your computer’s actions to identify potential threats – the more your computer does, the more your antivirus has to do to keep up.
The second complaint is the too familiar question: “How did I get a virus? I have such & such antivirus. Is such & such antivirus no good?” I am afraid that is the nature of AV: it works more like vaccines than cures. Unless repeatedly & carefully configured, Antivirus programs rely exclusively on definitions to identify viruses. That means that until a real live person finds, identifies & blacklists a virus manually, antivirus programs cannot detect it – consequently, many antivirus programs update several times a day to keep their definitions up to date. Unfortunately, it also means that someone has to get a virus before antivirus will protect against it.
The third complaint (people complain about their antivirus a lot), is that a particular antivirus program is not compatible with a particular, often uncommon or line of business specific, program. The antivirus may block it, slow it down, or mistake it for a virus and delete it. This is the number one reason why antivirus programs usually depend exclusively on definitions. If they analyzed behavior, they would constantly block legitimate programs.
I would like to introduce The Enhanced Mitigation Experience Toolkit by Microsoft. However, that is a mouthful so instead I will introduce EMET. EMET works by laying down some rules & shuffling some behind the scenes things so that viruses & hackers cannot break the rules and count on the computer reacting a certain way – namely, reacting in a way that gives the hacker or virus the ability to access your computer.
The best thing about EMET is that there is no effect on your computer’s performance: EMET does not really do anything on its own, it changes the way your computer does the things that it already does. In addition, EMET does not need to adjust based on the latest viruses because it does not stop particular viruses per say, it blocks specific errors that viruses can use. Lastly, EMET affects only common programs by default; as such, EMET will not crash your line of business applications. Oh, and it is free.
Before you jump up and down or uninstall your antivirus, let me tell you that EMET will not affect a virus that follows the rules. Unfortunately, many viruses are programs that someone downloads and installs like any other program. They lie to you, show false images, and trick you into installing them. Usually these viruses are Trojans – they pretend to be normal programs, but when you open the gate and let the big wooden horse in, a horde of enemy soldiers pour out and burn down your city – metaphorically. Antivirus programs & experience are about the only way to prevent these viruses.
Even though it will not replace your antivirus, EMET is still worthwhile: it has no downsides and improves the defenses of your computer. I am about to get technical, so if the next paragraphs sound like gibberish send me an email at firstname.lastname@example.org or call us at 503-585-7751 and we can walk you through it.
To download EMET, go to Microsoft.com and search for EMET 3.0. At this time (May 2013), v3.0 is the latest, but version 3.5 is just around the corner. You can also find its homepage on Microsoft Support here: http://support.microsoft.com/kb/2458544. There you will find a link to the download as well as additional details about exactly what EMET does.
Once downloaded, the install is a quick process. The only default I recommend you change is to select ‘everyone’ instead of ‘just me’ during the install. After the installation completes, you need to turn on EMET. In your start menu, buried in your ‘all programs’ menu, inside the newly created ‘Enhanced Mitigation Experience Toolkit’ folder, is a shortcut for ‘EMET 3.0’. When you launch EMET, you will see that it has two parts: System & Apps. Click ‘Configure System’ & choose the profile ‘Recommended Settings’ then click ‘OK’. Click ‘Configure Apps’ & click ‘Import’ in the ‘File’ menu dropdown. In your ‘Local Disk (C:)’, in ‘Program Files (x86)’, ‘EMET’, ‘Deployment’, ‘Protection Profiles’ you will find the file ‘All’; open it. If you cannot find it, copy & paste this path: “%programfiles(x86)%\EMET\Deployment\Protection Profiles\All.xml”
After you click OK to close the Configure Apps window, you can close EMET. Most of the changes will take effect the next time you open a program, but you will need to restart before your computer can implement all the changes. If you have any questions or run into any problems, please do not hesitate to email or call.
-Tim Alvey, MCITP