none
Issues With EMET and iTunes and Safari

    Question

  • I installed EMET on my 64-bit Windows Vista Home Premium Service Pack 2 machine at home and set it to use the default settings.  From that point on I have been unable to get my iTunes and Safari software to run.  I even went to the Programs and Features and uninstalled EMET and reinstalled iTunes.  iTunes will still not run.  I cannot adequately express my dissatisfaction with this product and the fact that it was advertised on the MSNBC.com site as something everyone should install.  My machine is getting a bit old and at this point, because of this, I am seriously considering buying a Mac.  Do you have any idea how to get iTunes working again - as your software obviously broke it and I would like to be able to access it so I can transfer my files to a new machine.


    Wednesday, September 19, 2012 5:04 AM

All replies

  • I have the same Problem under Windows 7 Ultimate 64 bit. The problem exist again, after the deinstallation of EMET an an new installation of itunes.
    Thursday, September 20, 2012 8:00 AM
  • I'm also having issues with iTunes and EMET I believe.  I can run iTunes, but when I click on the iTunes Store it crashes the application. 

    Have you all had any success in solving this issue?..

    Friday, September 28, 2012 5:18 PM
  • Wednesday, October 03, 2012 7:44 PM
  • Hi Gary Hitzel and SimoneDice,

    I have tested Apple iTunes 10.7 (64 bit) on Windows 7 Ultimate SP1 64 bit with EMET 3.0 and EMET 3.5 Tech Preview. I  was unable to install iTunes 10.7 32 bit on Windows 7 Ultimate SP1 64 bit . I did not encounter any issues when following the default settings of EMET.

    I was able to successfully reproduce and correct this issue (namely the crash of iTunes as it would access the iTunes Store. The issue was caused by having EMET set to non-default settings. Such settings should only be changed when you know what these settings are used for and what issues they can cause. In addition thorough testing is recommended following any settings change.

    I was able to log into the iTunes store and purchase a copy of Empire magazine once I had found the cause of the issue.

    The issue was caused by having SEHOP (Structured Exception Handler Override Protection) Enabled for all applications. i.e. the Application Opt Out setting. I was able to resolve this issue with 20 minutes of methodical troubleshooting on a Windows 7 Ultimate SP1 64 bit PC.

    Please note that at no time did the EMET Notifier display a notification telling me that the mitigation had conflicted with iTunes. This is expected behavior when SEHOP is enabled for all applications. Since this is a system wide i.e. global Windows setting and is not related to the EMET Notifier. However system SEHOP is a setting that can be changed more easily with EMET.

    @ Gary Hitzel and KKnackst:

    The fact that uninstalling EMET had no effect and that you were still experiencing crashes with iTunes should have told you something had changed that EMET was not responsible for.

    Please find below the settings that I found worked with iTunes 10.7 (64 bit). Please note that I had the Caller Checks and Simulate Execution Flow mitigations of EMET 3.5 Tech Preview enabled but these can be problematic and the most likely to cause problems, so please take that into account if you use these settings. I did not encounter issues with iTunes but did not test other applications.

    The effects of the Caller Checks and Simulate Execution Flow mitigations are discussed in the EMET 3.5 Tech Preview User Guide (PDF) that is installed in the EMET folder (an equivalent user guide is also installed with EMET 3.0).

    EMET 3.0:

    EMET 3.5 Tech Preview:

    I can post the EMET config files that I used if you wish.

    This global SEHOP setting can be changed using EMET’s configuration interface, or independently of EMET by editing the Windows Registry or applying the Automated Fix IT Tool, according to the following blog posts and support articles:

    http://support.microsoft.com/kb/956607

    http://blogs.technet.com/b/srd/archive/2009/02/02/preventing-the-exploitation-of-seh-overwrites-with-sehop.aspx

    http://blogs.technet.com/b/srd/archive/2009/11/20/sehop-per-process-opt-in-support-in-windows-7.aspx

    I have SEHOP enabled on all of my Windows systems since June 2010 (Windows 7 Ultimate SP1 64 bit, Windows Vista Ultimate SP2 64 bit and Windows 8 Release Preview 64 bit). I have not encountered any applications that this setting has conflicted with but the above information should underline the importance of thorough testing.

    My approach is to add extra applications to the EMET application list and then test those applications by using every function and feature that they provide in an attempt to cause them to crash. If everything is OK, I then proceed to use the application as normal, again looking for anything suspicious. The EMET Notiifer is a big time saver in tracing which mitigation caused the issue.

    If at any time you encounter an issue you should ask the question, did I not add that application recently to EMET? If yes, then you should consider removing some mitigations from that application and then test it again. If not, what else has changed on your computer since the last time that application worked correctly?

    EMET can be a tool that you can set and forget, but with not every application and not without testing.  If you do not have the troubleshooting ability and/or the time/patience to properly configure EMET, this tool is not for you.

    EMET is not a tool that will work on everyone’s computer without any issues. If you encounter issues, the EMET Notifier should inform you which mitigation is at fault and you should then disable that mitigation only for the program/application that experienced the issue (see my comments on this above).

    In a recent security article on ZDNet, EMET was described as a tool not designed for and too advanced for home users, while I strongly disagree with that (see my comment on the first page under the name of JimboC421 for more information). EMET is a tool that works for most applications without additional configuration. However there are occasions when the mitigations it enables conflict with a program since that program was not designed to work with such mitigations enabled.

    A thread containing the list of known application issues is available from the following link:

    http://social.technet.microsoft.com/Forums/en/emet/thread/1e70c72b-67b2-43c4-bd36-a0edd1857875

    If you are not willing to make changes to the configuration of EMET, then do not use it. Naively suggesting that using a Mac is the answer to your security issues is also an urban myth.

    Apple Mac computers also have many security issues that are fixed regularly. Macs are no more secure than PCs running Windows or Linux. No software created by humans ever will be totally secure. If we ever create a computer that writes software using Artificial Intelligence, it still will not be perfect since we created the Artificial Intelligence.

    Here are some links to news articles from respected security websites that illustrate the recent security landscape of Apple computers:

    http://threatpost.com/en_us/blogs/mac-security-how-threats-against-os-x-have-escalated-071712

    http://www.zdnet.com/apple-tv-vulnerabilities-closed-after-being-watched-for-months-7000004747/

    http://threatpost.com/en_us/blogs/apple-fixes-huge-number-flaws-itunes-107-091312

    http://www.zdnet.com/apple-provides-197-security-reasons-to-upgrade-to-ios-6-7000004535/

    http://nakedsecurity.sophos.com/2012/08/07/mac-malware-threat-real/

    http://nakedsecurity.sophos.com/2012/07/11/backdoor-malware/

    http://nakedsecurity.sophos.com/2012/06/29/apple-mobile-device-security/

    @Susan Bradley:

    A repair of QuickTime would not resolve this issue since the setting at fault is not related to QuickTime. In addition, since iTunes 10.5 QuickTime is no longer required to use iTunes.

    I did not have QuickTime installed when I carried out the above testing to resolve this error.

    @Gary Hitzel:

    Apple no longer support Safari for Windows since the release of Mac OS X Mountain Lion (i.e. when Safari 6 was launched). 5.1.7 is the final version and it will not be updated to v6. I strongly advise you to uninstall Safari and choose a different web browser.

    Here are some news articles that discuss Apple’s decision with regard to Safari for Windows and the risks that you are leaving yourself open to. EMET makes your PC harder to compromise, but not impossible to compromise.

    http://www.msnbc.msn.com/id/48425652/ns/technology_and_science-security/t/apple-security-update-ditches-snow-leopard-windows-users/

    http://nakedsecurity.sophos.com/2012/07/30/no-safari-security-updates/

    Having recently tested the Microsoft Browser Choice update on 1 of my PCs, Apple Safari is no longer on the list of browsers to choose from.

    I did not test Safari for Windows for the above reasons but I can do so if you wish.

    You may find that using EMET on Windows Vista is far from ideal. Windows Vista’s implementation of DEP and ASLR for many Windows DLLs was not perfect. Allow me to explain, while DEP and ASLR were implemented in Vista, not all DLLs were designed to support this additional security (but the majority of DLLs were).

    Using EMET 3.0 on Windows Vista often results in “This application has behaved unexpectedly and will be closed” errors (especially on 32 bit programs). The solution is usually to disable mandatory ASLR and if necessary EAF mitigations of EMET for these programs (while leaving all other mitigations enabled).

    For example, Windows Media Player does not support Mandatory ASLR (confirmed by Microsoft’s testing)(see the All.xml deployment profile located in the Deployment\Protection Profiles folder of EMET 3.0 and later versions for this information).

    I am not stating that EMET does not work with Vista, but simply stating that additional configuration is necessary for it to work smoothly. The specific implementation of DEP and ASLR was chosen to minimize application compatibility errors when upgrading to Windows Vista.

    Windows 7 has near total DEP and ASLR support while Windows 8 extends the reach of these security features even further. This makes EMET work much smoother on these versions of Windows. See the following articles for more information:

    http://www.itworld.com/security/85803/pros-and-cons-windows-7-security?page=0,0

    http://blogs.msdn.com/b/b8/archive/2011/09/15/protecting-you-from-malware.aspx

    However EMET 3.0 and 3.5 do not yet fully work with Windows 8:

    http://social.technet.microsoft.com/Forums/en/emet/thread/3d750eee-a701-4910-aa34-e9c0e1af8aa2

    I hope the above information is of assistance to you. If you have any further questions, please do not hesitate to ask. Please mark this thread as resolved if my information has resulted in a solution for you.

    Thank you.

    -------------------------------

    I am not a Microsoft employee. I work in the IT industry and have an in-depth knowledge of Windows internals and Windows security mitigations.



    • Edited by JamesC_836 Friday, October 05, 2012 3:14 PM Added extra info.
    Friday, October 05, 2012 2:36 PM