What does EMET Enhanced Mitigation Experience Toolkit do exactly?

What does EMET do exactly? How does it add security to your system?

I would think if it adds security and causes no problems, Microsoft would just add it as a feature of Windows by default, so I wonder if there are cons to it.

What are Pro and more importantly Cons? Does it interfere with programs and cause problems for some legitimate programs and processes?

Is it mainly for legacy software that is not updated, and not really beneficial to new actively updated software (Chrome for example)?

 

I am sure there are others that will post more details about what it does (I don't care to explain when I know someone will post a link to a site or blog of some kind explaining it better than I can) but potential cons and the reason that it is not just included by default are potential compatibility issues. It will cause some programs to crash. Overall I find it best to replace those programs with something newer/better.

 

Every PC has a unique hardware and software configuration. Even a given OS configuration can vary; fully patched, not patched at all, something in between. As such a sucessfull trouble free mass release of a low OS level tool such as EMET is impossible. A tool like EMET has to be monitored and "tweaked" in stages. EMET in it's present form is designed for IT pros, techies, and system administators.

 

It offers some protection from zero-day attacks.

See here.

 

On side note:
Kaspersky uses EMET technology in its security suite.

 

No, it's basing its exploit prevention on ASLR, not EMET.

 

So if you use Kaspersky IS, EMET would be redundant or a waste or possibly conflict?

 

I did not say it uses EMET.I said it uses EMET like technology.

 

If you are using kaspersky then you do not need EMET.

That is way overboard.

 

Is there some place I can get more information on this?

 

Kasperskys Automatic exploit prevention detect exploits after they have exploited the vulnerability and started executing the payload whereas EMET prevents the exploit from even exploiting the vulnerability in the program. Hence, you can use them together, they protect against the same thing but with different protection implementation and won't conflict. KIS AEP is similar to ExploitShield, it doesn't prevent exploits from occurring but detects the payload (and correlates it with the exploit that occurred previously) and prevents it from infecting the machine.

He probably concluded that because of abovementioned Automatic exploit prevention in KIS.
http://www.kaspersky.com/downloads/pdf/kaspersky_lab_whitepaper_automatic_exploit_prevention_eng_final.pdf

 

Thanks for clearing that up.

 

Thanks for information - I think I will add it.

For a casual user, which version is recommended 3.0 or the tech review 3.5?

For configuration, should I manually run its default-provided "all" profile list, as this Microsoft guy recommends in this video: http://www.microsoft.com/en-us/showcase/details.aspx?uuid=7683a9cb-28c9-428f-ada6-8adafd2efbee

 

I would skip the 3.5 at this point. Do the 3.0 or the 4.0 beta.