EMET installation option

[nle]

Hello.

I've been wondering: what is meant exactly by "Install EMET for yourself, or for anyone who uses this computer:".

I mean I understand of course the general meaning, but I'm not sure what are the effects if one selects "Just me".
Would that imply that:
1) only that user can start and configure EMET but everything he configured (DEP/SEHOP/ASLR) would apply to all users
or
2) features enabled through EMET would only apply to that user (no DEP/SEHOP/ASLR for other users?)

Thanks

 

[ZyanWu]

DEP/SEHOP/ASLR are always applied system-wide.
The other protection options, however, can be installed for you or all the users on the PC.

 

[nle]

I didn't know there were other protection options actually.
Those are not system-wide then, I guess?

My setup has 2 users: 1 admin and 1 standard user.
So I suppose in my case it's a good idea to install it (as admin) for all users so I can benefit from the "other protection options" as the standard user?
Or to the contrary is it a risk in that a malware would only need to "own" the standard user in order to obtain sufficient authority to access/mess with EMET configuration, disabling protection options in the process ?

BTW, I've read there's a registry key that can be create/modified to make it possible to use ASLR for all process. (can't find the article again)
Is this a bad idea? Seems quite a hassle to track down all the programs one uses/installs and add them manually every time :-/

(Sorry for all the question but I find that tool rather confusing) :-/

Thanks for your answer.

 

[ZyanWu]

I didn't know there were other protection options actually.
Those are not system-wide then, I guess?

You can apply the other protection options to applications you choose when you click the Configure Apps in EMET.
The Configure System options are system-wide, the Configure Apps options are only applied to the Current user.
If you don't select "Install EMET for all users" you might not be able to get EMET to start on other accounts and apply the Application configuration for their account.

My setup has 2 users: 1 admin and 1 standard user.
So I suppose in my case it's a good idea to install it (as admin) for all users so I can benefit from the "other protection options" as the standard user?
Or to the contrary is it a risk in that a malware would only need to "own" the standard user in order to obtain sufficient authority to access/mess with EMET configuration, disabling protection options in the process ?

It's OK to install EMET for all users. A standard user will not be able to modify the system-wide options without proper elevation.

BTW, I've read there's a registry key that can be create/modified to make it possible to use ASLR for all process. (can't find the article again)
Is this a bad idea? Seems quite a hassle to track down all the programs one uses/installs and add them manually every time :-/

Microsoft should make some sort of Application that will update these entries daily/weekly. Atm, you can only update them if you have proper documentation on the malware that you want to keep out of your system.
The default entries are set for knows exploits from Metasploit Framework and some other sites. (Honestly, ASLR will only keep out script kiddies, not someone that knows what he's doing.) I have this option disabled because it will sometimes crash legitimate software (like DeepFreeze).