Security features in Microsoft Edge browser for Windows 10

Microsoft Edge is the new browser which Microsoft will ship with Windows 10, and is meant to replace Internet Explorer. This web browser boasts of several new security features. Let us look at some of the key security features in Microsoft Edge.

Microsoft_Edge_browser_logo

 

Security features in Edge browser

There cannot be a comprehensive list of threats one can face on the Internet. There are malicious adverts waiting to pounce on browsers, there are innocent websites with malicious codes that download when you open the sites, there are hackers on the prowl who want to get hold of your browser and thereby your computer network and then there are phishing websites! A good browser should be capable of protecting you and your data from these and other kinds of threats.

Among the most vulnerable are JavaScript and ActiveX controls for rendering dynamic content on websites. As much as they are a boon to web developers, they are a curse to browsers as they cannot identify between malicious codes and genuine codes.

In addition, the extensions used on browsers have nominal safety standards as they do not have to undergo vigorous testing as other software do. These extensions may act as a small hole that can be used to compromise your browser and thereby, your whole computer network.

Microsoft Edge promises better security over the Internet Explorer and over other browsers in the market.

Edge Login Process

Irrespective of what kind of device you use, Microsoft will use the device certificate to provide you with proper login process. The Microsoft Passport that comes with Windows 10 will make sure you are not logging into fake websites by making sure there is a certificate (as required by the two-factor authentication method) to log into your websites. If it is a phishing website, it will expect plain text credentials. But since Microsoft Passport will use asymmetric keys, it will not be able to decipher the key and won’t get any information about your login credentials.

Sandboxing the Edge App

As an added measure to provide more security features to Microsoft Edge, the browser will always run in partial sandbox. This will prevent attackers from gaining control of all of your computing resources. It will be hard for them to gain access to browsers as it will be using only signed extensions and other things. Even if they gain access to the browser, they will be sandboxed and put there, so that they can’t go ahead and compromise your computer.

Microsoft SmartScreen

Microsoft SmartScreen was introduced with IE8 and will be an essential component of both Edge and Windows Shell. It protects users from phishing sites by performing a reputation check on the websites they are trying to get on to. If the website is ok, SmartScreen will allow you to proceed and if anything looks dubious, you will get a warning. You must have already experienced this feature in IE 8 and later versions. The only thing is that since SmartScreen will be integrated into Windows 10 shell, Edge and other apps will be able to use it for screening websites before they can access it.

This has an added advantage as some apps try to connect to websites on their own – without the need for browser. SmartScreen in Windows 10 Shell will prevent them from connecting to phishing or malicious websites.

Secure Model: No ActiveX and other controls

The security features of Microsoft Edge will make sure that they are not using any of the scripting (except JavaScript) when browsing or transacting the Internet. The ActiveX controls, VML, VB scripts, Toolbars etc will be disabled when you are browsing.

This would mean two things. Firstly, developers will have to move to HTML5 for letting Edge render their websites properly because most of the websites still depend on ActiveX. Secondly, for accessing such websites, if you have confidence in the site, you can use the Internet Explorer that will still be present in Windows 10 for legacy websites. For others, HTML5 is a good substitute for such controls and scripts. That is to say, the web would be a safer place in years to come if the developers move from regular code to HTML5 and other latest coding languages.

Microsoft also says that they are working on a model that will help users in accessing websites that are still to migrate to HTML5. I am not sure what that means, but I am sure there won’t be any permissions to use ActiveX controls as in Internet Explorer because that will defeat the very purpose of Edge. We will get to know about it by the time Windows 10 is released. In other words, Edge may be capable of rendering websites that use ActiveX controls but without actually using any of those scripts. It might use a workaround which has not been yet made clear by Microsoft.

Web Standards in Microsoft Edge as Security Features

Microsoft Edge uses an entirely new rendering engine called EdgeHTML. This engine is focused more on security and rendering so that web developers can develop better websites without having to worry about interoperability. There is support for W3C standard for Content Security Policy that will help developers in protecting their websites from cross scripting attacks. It also employs HTTP Strict Transport Security to help ensure that connections to e-commerce websites are safe and reliable.

Defending against memory corruption

It is easy for a hacker to send scripts to a program that might result in buffer overflows and while the browser deals with it, to take control of the machine where the browser is working. Microsoft Edge has given a thought to it and makes the browser secure by preventing buffer (memory) overflow using a wide range of techniques.

Extensions for Edge

In a chat on Twitter, project Spartan group had answered quite a good number of questions regarding extensions to Microsoft Edge. They clarified that there will be extensions to the browser. They also made clear that the extensions will be tested thoroughly before being made available to the users. They said they might not allow extensions based on manipulative languages such as Java and Silverlight.

Microsoft says that security is a journey and not a destination. So they will have bug bounty programs for checking out bugs in Microsoft Edge from time to time. That will help them discover any vulnerabilities that the official team might miss.

Now read our Windows 10 Review.

Posted by on , in Category Uncategorized with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

6 Comments

  1. Safe Browser

    It’s good to see that Microsoft is *finally* taking web browsing seriously. The above features should have been adopted back in IE5 and 6, when all of the IE browser vulnerabilities started to crop up (circa 2001-02). I guess it’s better to be late to the game instead of just ignoring the problem 🙂

  2. Ed

    No, they have just stood by and watched all the mistakes made by Firefox and vulnerabilities that Chrome just outright ignores and made one super browser that leave them both in the dust.
    For all you Firefox and Chrome cronies, your browser(s) will have no place on Windows 10, unless they improve enough to at least match up to Edge, which I seriously doubt will happen anytime soon.

  3. Safe Browser

    Hey Ed, I hope you are right. We can only hope that Microsoft delivers as they promise. Historically, this hasn’t been the case. And 13 years later, here we are 🙂

  4. Ed

    You really don’t know until you have tested it, I have, believe me it’s not hype, it is everything they say it is.

  5. Safe Browsing

    LOL Oh and by the way…. read on… Edge is using third-party (Firefox) technologies in it; asm.js. http://www.ghacks.net/2015/05/08/microsoft-edge-benefits-significantly-from-mozillas-asm-js/

  6. CK Wellington

    I find it funny that When using Windows 10/EDGE, Microsoft sites themselves produce Site Certificate errors…and you can not load Microsoft Web Sites…WTF…Then there is the issue in Edge where you search something, select the web link that was produced in the search, realize that it was not quite what you where looking, so you hit the back button and you go back to some previous search you did a while ago…WTF…I like EDGE, but i have to use Firefox for half my things anyway…I tend to use FireFox more because i have less issues with it..

Leave a Reply

Your email address will not be published. Required fields are marked *


1 + 7 =