Microsoft is gearing up to deliver the bits for the next generation of a free security tool focused on mitigations. The Enhanced Mitigation Experience Toolkit has evolved to version 2, but it is not available for download at this point in time. According to the Redmond company, EMET v2 will be offered for download in the coming weeks, although a specific availability deadline was not provided at this point in time.

Some customers might already be familiar with EMET, as Microsoft released version 1 in October 2009. The tool is designed to allow developers to easily built and deploy security mitigation to arbitrary applications in order to render useless and exploits targeting vulnerabilities in the apps. While EMET does not actually help patch the security flaws, it does deliver barriers/mitigations, more than capable of fending off any attacks. According to Microsoft, EMET would best be used by third-party developers building applications designed to run on top of Windows, as well as by those needing to bulletproof as much as possible legacy applications. More »

When it comes down to bulletproofing systems, users should always opt for the latest releases of the Windows client. Volume eight of the Microsoft Security Intelligence Report (SIRv8) makes this perfectly clear, per the Operating System Trends analysis performed by Microsoft with data gathered from in excess of 500 million computers worldwide. Windows 7 RTM and Vista SP2 are the apex of security for the Redmond company as far as Windows clients are concerned.

Infection rates for both Windows 7 RTM and Vista SP2 are considerably lower than their predecessors, with the 64-bit (x64) flavors of the two platforms superior to the 32-bit (x86) versions. The statistics offered in SIRv8 reflect data collected from over half a billion Windows computers worldwide in the second half of 2009. Since Windows 7 was released on October 22nd, 2009, SIRv8 also includes information on Vista’s successor.

“Windows 7, which was released in 2H09, and Windows Vista with Service Pack 2 have the lowest infection rate of any platform on the chart. The 64-bit versions of Windows 7 and Windows Vista SP2 had lower infection rates (1.4 for both) than any other operating system configuration in 2H09, and the 32-bit versions both had infection rates that were less than half of Windows XP with its most up-to-date service pack, SP3,” Microsoft reveals in the report. More »

Internet Explorer 8 includes a security feature that shuts down misbehaving applications before they can harm your system.

This capability, known as Data Execution Prevention (DEP), runs by default when IE 8 is installed on XP SP3 and Vista SP1 or later, but it may not always be clear to you why DEP has put the brakes on one of your PC’s applications.

DEP is the best reason I know for updating to Internet Explorer 8 and Vista SP1. For many years, Microsoft has included DEP which is also called No-Execute (NX) only in parts of Windows. For example, DEP is available in IE 7 but is off by default to avoid conflicts with old, incompatible programs.

DEP is now a key part of Vista and Internet Explorer 8. When I try to install older software on newer machines, I must configure Data Execution Prevention to allow the software installer to run with DEP disabled.

To open the Data Execution Prevention dialog in XP, open Control Panel, choose System, and then select the Advanced tab. Click the Settings button in the Performance section and select the Data Execution Prevention tab. In Vista, choose Performance Information and Tools, click Advanced Tools in the left pane, select Adjust the appearance and performance of Windows, and click the Data Execution Prevention tab. More »

This tips helps you enable or disable Data Execution Prevention (DEP) for Office applications.

To enable or disable DEP automatically, click the Fix it button or link. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.

Note this wizard may be in English only; however, the automatic fix also works for other language versions of Windows.

Note if you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: More »