Microsoft Edge is the new browser which Microsoft will ship with Windows 10, and is meant to replace Internet Explorer. This web browser boasts of several new security features. Let us look at some of the key security features in Microsoft Edge.
Security features in Edge browser
There cannot be a comprehensive list of threats one can face on the Internet. There are malicious adverts waiting to pounce on browsers, there are innocent websites with malicious codes that download when you open the sites, there are hackers on the prowl who want to get hold of your browser and thereby your computer network and then there are phishing websites! A good browser should be capable of protecting you and your data from these and other kinds of threats.
In addition, the extensions used on browsers have nominal safety standards as they do not have to undergo vigorous testing as other software do. These extensions may act as a small hole that can be used to compromise your browser and thereby, your whole computer network.
Microsoft Edge promises better security over the Internet Explorer and over other browsers in the market.
Edge Login Process
Irrespective of what kind of device you use, Microsoft will use the device certificate to provide you with proper login process. The Microsoft Passport that comes with Windows 10 will make sure you are not logging into fake websites by making sure there is a certificate (as required by the two-factor authentication method) to log into your websites. If it is a phishing website, it will expect plain text credentials. But since Microsoft Passport will use asymmetric keys, it will not be able to decipher the key and won’t get any information about your login credentials.
Sandboxing the Edge App
As an added measure to provide more security features to Microsoft Edge, the browser will always run in partial sandbox. This will prevent attackers from gaining control of all of your computing resources. It will be hard for them to gain access to browsers as it will be using only signed extensions and other things. Even if they gain access to the browser, they will be sandboxed and put there, so that they can’t go ahead and compromise your computer.
Microsoft SmartScreen was introduced with IE8 and will be an essential component of both Edge and Windows Shell. It protects users from phishing sites by performing a reputation check on the websites they are trying to get on to. If the website is ok, SmartScreen will allow you to proceed and if anything looks dubious, you will get a warning. You must have already experienced this feature in IE 8 and later versions. The only thing is that since SmartScreen will be integrated into Windows 10 shell, Edge and other apps will be able to use it for screening websites before they can access it.
This has an added advantage as some apps try to connect to websites on their own – without the need for browser. SmartScreen in Windows 10 Shell will prevent them from connecting to phishing or malicious websites.
Secure Model: No ActiveX and other controls
This would mean two things. Firstly, developers will have to move to HTML5 for letting Edge render their websites properly because most of the websites still depend on ActiveX. Secondly, for accessing such websites, if you have confidence in the site, you can use the Internet Explorer that will still be present in Windows 10 for legacy websites. For others, HTML5 is a good substitute for such controls and scripts. That is to say, the web would be a safer place in years to come if the developers move from regular code to HTML5 and other latest coding languages.
Microsoft also says that they are working on a model that will help users in accessing websites that are still to migrate to HTML5. I am not sure what that means, but I am sure there won’t be any permissions to use ActiveX controls as in Internet Explorer because that will defeat the very purpose of Edge. We will get to know about it by the time Windows 10 is released. In other words, Edge may be capable of rendering websites that use ActiveX controls but without actually using any of those scripts. It might use a workaround which has not been yet made clear by Microsoft.
Web Standards in Microsoft Edge as Security Features
Microsoft Edge uses an entirely new rendering engine called EdgeHTML. This engine is focused more on security and rendering so that web developers can develop better websites without having to worry about interoperability. There is support for W3C standard for Content Security Policy that will help developers in protecting their websites from cross scripting attacks. It also employs HTTP Strict Transport Security to help ensure that connections to e-commerce websites are safe and reliable.
Defending against memory corruption
It is easy for a hacker to send scripts to a program that might result in buffer overflows and while the browser deals with it, to take control of the machine where the browser is working. Microsoft Edge has given a thought to it and makes the browser secure by preventing buffer (memory) overflow using a wide range of techniques.
Extensions for Edge
In a chat on Twitter, project Spartan group had answered quite a good number of questions regarding extensions to Microsoft Edge. They clarified that there will be extensions to the browser. They also made clear that the extensions will be tested thoroughly before being made available to the users. They said they might not allow extensions based on manipulative languages such as Java and Silverlight.
Microsoft says that security is a journey and not a destination. So they will have bug bounty programs for checking out bugs in Microsoft Edge from time to time. That will help them discover any vulnerabilities that the official team might miss.
Now read our Windows 10 Review.