Microsoft Edge: Building a safer browser

Microsoft Edge Dev Blog ^ | May 11, 2015 | Microsoft Edge Team

[dayglored]

With Microsoft Edge, we want to fundamentally improve security over existing browsers and enable users to confidently experience the web from Windows. We have designed Microsoft Edge to defend users from increasingly sophisticated and prevalent attacks.

This post covers some of the advanced technologies used to protect Microsoft Edge, including industry leading sandboxing, compiler, and memory management techniques developed in close partnership with Windows. Web Security Threats

While the web is predominantly a safe environment, some sites are designed to steal money and personal information. Thieves by nature don’t care about rules, and will use any means to take advantage of victims, most often using trickery or hacking:

• Trickery: in real life, a “con man” will use tricks to take advantage of a victim, e.g. “got two 10s for a 5?” On the web, attackers will try to fool victims using things like “phishing” attacks that convince a user to enter their banking password into a web site that looks like their bank, but isn’t.

• Hacking: in real life, a mugger might assault you and take your money, or a burglar might break into your home and steal your valuables. On the web, attackers present a victim’s browser with malformed content intended to exploit subtle flaws in your browser, or in various extensions your browser uses, such as video decoders. This lets the attacker run their code on the victim’s computer, taking over first their browsing session, and perhaps ultimately the entire computer.

These are threats faced by every browser. Let’s explore how Microsoft Edge addresses these threats and is helping make the web a safer experience.

...

[dayglored]

LOTS more description of Edge on the Blog.

This is looking pretty darn good, folks. I'm a die-hard Firefox fan, and my hatred of I.E. knows no bounds. But I'm gonna give Edge the benefit of the doubt and see what they've done.

[dayglored]

Great In-Depth Article on Microsoft's new browser Edge ... PING!

You can find all the Windows Ping list threads with FR search: search on keyword "windowspinglist".

[dayglored]

This caught my eye:

Microsoft Edge provides no support for VML, VB Script, Toolbars, BHOs, or ActiveX. The need for such extensions is significantly reduced by the rich capabilities of HTML5, and using HTML5 results in sites that are interoperable across browsers.

I had to blink a few times and be sure I was still on Microsoft's site.

[DiogenesLamp]

You know where this is eventually going? The end of anonymity and central control of all network usage.

We will eventually have our own cyber Stasi.

[dayglored]

> You know where this is eventually going? The end of anonymity and central control of all network usage. We will eventually have our own cyber Stasi.

Well, yes... but what does that have to do with a vastly improved browser for Windows?

I'm not saying you're wrong -- I at least partly agree with your concern -- but that concern deserves its own thread. This one is about a browser.

[Jonty30]

As they are designing it from the ground up, it should be about as safe as a browser can be.

[DiogenesLamp]

Well, yes... but what does that have to do with a vastly improved browser for Windows?

Seems relevant. Much of what I keep seeing in the way of "security improvements" tend to be along the lines of more control by third parties.

Also I hate Microsoft, Google, Apple, and Firefox. I'm using Pale Moon, but I figure they will screw the pooch one of these days and I'll have to find something else.

I'm just Bitching about tech companies involved in politics/government, and how the word "security" is starting to sound not so nice.

Never mind me. I'll stop now. :)

[upchuck]

I hope they make Edge W3C complaint. Coding HTML for other browsers and having to make special exceptions for IE all the time is tedious, expensive for the client and bullshit.

[stratboy]

As they are designing it from the ground up, it should be about as safe as a browser can be.

MS has such a great reputation for building safe browsers!!!

[zeugma]

I’ll believe they can make a better (and safer) browser when I see it. How many vectors to date have been based in I.E., and the hooks deep into the OS that micosoft insists on installing there?

[zeugma]

Microsoft Edge provides no support for VML, VB Script, Toolbars, BHOs, or ActiveX. The need for such extensions is significantly reduced by the rich capabilities of HTML5, and using HTML5 results in sites that are interoperable across browsers.

If, in fact there is no support for ActiveX and VB script, and it stays that way past the 'beta' period, I'll start taking them a little more seriously as far as browser security is concerned.

[Secret Agent Man]

Vastly improved browser, stated by a company making a browser == SPIN

They jut focus on what they want to hype what they wantto, and dont bring up any negative aspects like better snooping of you by big brother.

[Jonty30]

I’ve had no problems with viruses as of IE 1O.

As one computer expert told me, when you’re using an operating system that is a relatively open system, like Windows, you are making a tradeoff between being able to use any software and security. Apple has chosen security over openness.

It doesn’t necessarily mean that one is better than the other.

[daniel1212]

This is looking pretty darn good, folks. I'm a die-hard Firefox fan, and my hatred of I.E. knows no bounds. But I'm gonna give Edge the benefit of the doubt and see what they've done

Good to see advances in security, though other browsers also are working on that, but what it most likely means is a browser that enables even less customization than IE does, and is only better for browsing with no more than 5 tabs (and with Ctrl+Tab not toggling btwn the last active tab). Safer but sterile. If this were a car....

Thus Microsoft Edge provides no support for VML, VB Script, Toolbars, BHOs, or ActiveX. .

[PAR35]

Does it have a script blocker? If not, I don’t need it.

[dayglored]

> Does it have a script blocker? If not, I don’t need it.

Dunno. Might be they've got one, or perhaps they've put in hooks to allow adding one of the user's choice.

[dayglored]

> It doesn’t necessarily mean that one is better than the other.

Security and convenience are two forces in counterbalance, and always will be. There is no single "better" -- just, which is more appropriate to the particular task(s) at hand.

I find having a locked front door a major inconvenience when I arrive home with bags of groceries in my hands. Know what I mean> :-)

[Sparticus]

As they are designing it from the ground up, it should be about as safe as a browser can be.

I don't know who's saying this, but it's not true that Edge is a ground-up redesign. The Edge team started with a highly stripped down subset of IE 11. They cut out huge sections of legacy code in the IE code base and started from that.

[MV=PY]

MS’ biggest problem with IE is backward compatibility. That requirement makes stability and security enormously complex.

This is a new browser from the ground up, and they know what they’re doing.

It is worth checking out.

[deadrock]

I hate BHO.