Microsoft Edge is designed to be impregnable through the most common attacks. Security has been the key element in the design phase, so here is what are the main new features.
In a new blog post, Microsoft has described some of the choices made in the design of the new web browser, Edge precisely, and how safety has been the priority in every new feature. The new browser is constructed so that each user can ” use the web with confidence ” within the proposed native Windows, without going to seek third-party solutions.
Edge implements the use of sandbox, compiler and memory management techniques designed to help protect customers against attacks from the web, more and more ” common and sophisticated, ” said the giant. Among the most common by far that, we cannot mention phishing attacks, or fake sites or links disguised as well-known services that actually lead to web pages with malicious purposes. Microsoft has a cure for this and Passport.
It is a service password management which of course does not deliver sensitive user credentials to external sites to the official, or unreliable. The objective is to eliminate the need to manually enter their passwords, so that the task is performed automatically by the integrated technologies protected by safer methods of asymmetric encryption of the operating system.
In all this will have an essential task SmartScreen technology, which controls the level of reliability of the contents of a page based on a system of certificates, in turn, based on new safety standards W3C and IETF. But there are only added, many of the improvements in terms of safety features come from eliminated with the aim of streamlining the code and make it more in line with the needs of the modern web.
In splitting the rendering engine from the old Trident, Microsoft has eliminated 220,000 lines of code and API 300, with the objective to obtain, in addition to better security, performance and reliability. Microsoft got rid of Active X, whose duties will be handled by HTML 5 will still be present to support Flash and PDF. They will be also deleted Browser Helper Objects in favor of extensions based on JavaScript, but will only be available from a Document Mode.
Microsoft Edge is also a Universal Windows app, and this changes substantially the way the software manages the processes and content, which are made all within the sandbox. It is a feature already available on IE7 with the so-called Protected Mode, and which are an evolution of IE 10 (with Enhanced Protected Mode). Surfing the sandbox is always active on Edge, and not only proposed as an option.
This allows you to create separate experiences for each open tab in the browser, not allowing the exploitation of a vulnerability in the browser to access resources outside the tab itself. Microsoft Edge also operates entirely in 64-bit hardware-compatible, enabling element for effective implementation of ASLR (Address Space Layout Randomization), and makes it more difficult to run malicious code by exploiting a security flaw.
Another common practice that Microsoft wants to fight with Edge is the exploitation of memory corruption to break into sensitive parts of the system. Microsoft claims that programs developed in C / C++ are particularly susceptible to this type of attack because they do not offer any kind of security in these cases. Edge instead will use measures as MemGC (Memory garbage collector) and CFG (Control Flow Guard), continuously monitoring what happens in the memory occupied by the browser.
Not least the program bug hunt organized by the company for the new operating system. The Windows 10 Technical Preview Browser Bug Bounty rewards economically researchers uncover any security holes in the browser, in a way that we have seen used by other big industry. Consider all of these features, ” Edge will be the web browser safer released by Microsoft, ” according to the same company, with the goal of making more reliable for the content network, and to get away from the albeit excellent reputation now compromised Internet Explorer.