I’m using Microsoft Windows 8 and I have been since just a few days after the official release. Naturally EMET (click here for more info) is one of the first programs I install on any Windows OS and with ATI now supporting ASLR with the 12.7 and up drivers I’ve set my system to the maximum settings for all categories.
Essentially the three major exploit mitigation techniques, DEP, ASLR, and SEHOP, are forced on all executables on the system. The default setting for both DEP and ASLR is Opt-In, which isn’t very secure (though all new programs ship with DEP at this point due to compiler default flags) so by ignoring program settings and forcing these techniques system wide EMET makes the system more secure.
The downside is potential compatibility issues. So far I’ve only had issues with CCleaner’s installer, which does not like ASLR, although CCleaner itself does work fine with ASLR enabled.
Anyone looking to really secure a Windows system against attack should consider setting EMET up this way. To see how to enable ASLR to Always On via EMET just click here.
Remember, to get the full benefit of EMET you should also make use of the per-application settings, which will enforce multiple techniques other than DEP, SEHOP, and ASLR. And if you don’t mind Metro you should consider moving to Windows 8 as it has significantly improved ASLR.