Microsoft Edge security improvements detailed

by Mark Tyson on 12 May 2015, 10:21

Tags: Microsoft (NASDAQ:MSFT), Windows 10

Quick Link: HEXUS.net/qacrdq

Add to My Vault: x

Microsoft has published a new blog post describing the actions it has taken in developing a more secure web browser. Microsoft Edge, which will ship with Windows 10, is built so that users can "confidently experience the web from Windows". The new browser implements sandboxing, compiler, and memory management techniques to defend end users from "increasingly sophisticated and prevalent attacks".

Combating fake sites/links

Many people are tricked by fake sites, 'phishing' for information. Nearly every day I get asked to 'resolve a case' with my PayPal account (or similar) by clicking a link and confirming my details – probably on a site which looks a lot like the one it is supposed to be. Microsoft has some tools implemented in Edge to help prevent you falling for this kind of trickery. On its blog we are told that you can keep your passwords safe in Microsoft Passport which would not authenticate your details on a dodgy site.

Other technologies that will help protect you from fakery are; Microsoft SmartScreen which performs a 'reputation check' on sites you visit, a Certificate Reputation system, and using new security features based upon the W3C and IETF standards.

Hacking protection

As Microsoft Edge is a Universal Windows App "both the outer manager process, and the assorted content processes, all live within app container sandboxes". The app container sandbox is turned on all the time so all browser processes run with less privileges than the user and browser controls.

Windows ASLR (Address Space Layout Randomization) is stronger on 64-bit computers. Attackers should find it much more difficult to inject malicious code into your browser process via a coding bug.

Memory corruption

Another common tactic used by those who want to hack or subvert your browsing is via memory corruption. Microsoft says that C/C++ programs are particularly vulnerable to such attacks as they don't offer 'type safety' or buffer overflow protection. If a hacker can corrupt the memory used by a program they can then sometimes gain control of the program. In Microsoft Edge users will benefit from security measures such as MemGC (Memory Garbage Collector) and CFG (Control Flow Guard).

Last but not least, Microsoft's Windows 10 Technical Preview Browser Bug Bounty program is intended to incentivise security researchers to quickly report problems with Edge so that hackers don't get time to exploit problems.

With all the above in consideration Microsoft claims that "Microsoft Edge will be the most secure web browser that Microsoft has ever shipped". If that is true and Edge is indeed proved to be particularly impervious to hacks and hijacking it will be good for both the reputations of the Windows PC and the safety of internet commerce.



HEXUS Forums :: 4 Comments

Login with Forum Account

Don't have an account? Register today!
All I want to know is whether it will feel smooth and quick. All the security stuff should be in the background and not the main selling point, I don't choose a browser based on whatever catchy name it has for another resource hogging feature.
bae85
All I want to know is whether it will feel smooth and quick. All the security stuff should be in the background and not the main selling point, I don't choose a browser based on whatever catchy name it has for another resource hogging feature.

As of build 10074, it is (IMO) the fastest, smoothest browser on the market, in a way I haven't seen since Opera was able to be installed on a 1.44 floppy, and at this point, it doesn't have the resource issues Firefox and Chrome have, although part of that is because it currently has no plug in capability.
GuidoLS
As of build 10074, it is (IMO) the fastest, smoothest browser on the market, in a way I haven't seen since Opera was able to be installed on a 1.44 floppy, and at this point, it doesn't have the resource issues Firefox and Chrome have, although part of that is because it currently has no plug in capability.

Sounds promising, I'm sure I'm not the only person who moved from IE years and years ago purely because of it feeling sluggish and being horrible to use. If they have finally upped their game it could spell the end for the browsers who don't have any major backing.
bae85
Sounds promising, I'm sure I'm not the only person who moved from IE years and years ago purely because of it feeling sluggish and being horrible to use.

IE 10 and 11 were not sluggish, but they were annoying compared to Chrome and Firefox due to the lack of certain features.