Home Security Web & Email Microsoft Reveals New Details on Security in Its Latest Edge Browser

Microsoft Reveals New Details on Security in Its Latest Edge Browser

Microsoft Edge browser logo

There are spammers who have a system going on where they lure you to false sites. These sites are built to resemble a legitimate website, and it can be very difficult, if not impossible for the most of us to determine any difference between them and real websites. Once they have accomplished getting you to these false sites, they begin collecting your personal information simply by requesting it from you. Let’s begin by elaborating on the new web browser called the Edge.

The new Microsoft’s Edge browser help users to identify a legitimate website if they look for a HTTPS lock symbol, along with an Extended Validation (EV) green address bar.

Now, even though the Edge was designed to give us protection against such phishing attacks, Microsoft says that these features have not been living up to their expectations, with limited success. This brings it down to the fact that Microsoft is now talking about removing the need for users to have to enter any clear text (like passwords) on the websites at all.

Microsoft commented in a blog post making reference about the latest version of Windows 10 that gives users a convenient way to access their gadgets, and easier access to their Microsoft Passport as well. The Microsoft Passport technology in Windows 10 provides an asymmetric cryptography to authenticate in websites.

Instead of using the new Edge browser, let us go ahead and use something like SmartScreen, which was one of the introduced features of Internet Explorer 8. For those who did not already know, SmartScreen is also supported by Windows 10 Shell and Microsoft Edge.

SmartScreen was designed to repeatedly check the websites visited, blocking those that are potentially dangerous. SmartScreen was also given the ability to send a warning to users anytime they could be about to download or install software that is malicious.

Due to the increasing amount of websites using certificates that are fraudulent to look legitimate, the Microsoft has extended the solution for their Certificate Reputation to be used, letting developers report fraudulent certificates to Microsoft in a much quicker matter going trough Bing Webmaster Tools.

In order to enhance the security of the new Microsoft Edge browser, the new HTML engine will have unique security features that are found in W3C and IETF standards. This will allow the creation of websites to be more simplistic, and will allow a developer a bit more wiggle room to be able to focus on the reliability and security of the website.

Most of the attacks that are made from spammers are completely dependent on deceptions. Malicious attacks such as these will normally target a user by exploiting any vulnerabilities that they may have from their web browser. Microsoft’s Edge has been able to incorporate various mitigation methods that have been intended to prevent various attacks like these.

It has been Microsoft’s decision to remove support for the features found in the Edge browser, and for other various legacy technologies, saying that the HTML5 is providing rich enough capabilities.

The following is a list of things they will no longer support:

  • ActiveX
  • Document Modes
  • (BHO) Browser Helper Objects
  • DirectX Filters
  • The Current Style Property
  • (VML) Vector Markup Language
  • Transitions

Microsoft is working on a JavaScript and HTML based model extension that will enable an extension far beyond that provided by HTML5.

When using a 64-bit processor, Microsoft Edge browser will continuously run on the 64-bit by default. Note that the processes of a 64-bit browser are going to be more secure due to Windows Address Space Layout Randomization (ASLR) having a much stronger line of protection.

As explained by Crispin Cowan, Microsoft’s Senior Program Manager, attackers are looking to embed malicious codes into the process of browsers via a coding bug executing their malicious code.

ASLR is making that a harder process for attackers to achieve by taking the memory layout and randomizing it. With the new Edge browser, all web pages that users visit are rendered by default in a container.

These containers or sandboxes can be beneficial in protecting any website from intended use of some vulnerabilities that can be found in the browsers or its plugins. There is similar protection offered in the IE 7 Protected Mode, and also in the IE 10 Enhanced Protected Mode. However, you should be warned that the Enhanced Protected Mode is not going to be in the default mode for the IE 10 and IE 11 versions of the desktop.

Evidently, by making the address space exponentially larger on the 64-bit processes, Microsoft will make the ASLR work more effectively. As a result, it makes it harder for attackers to locate the components of the sensitive memory which they need to perform their attacks.

Microsoft introduced several mitigations and additional protection technologies: SEHOP (Structured Exception Handling Overwrite Protection), ASLR, DEP (Data Execution Prevention), MemGC (Memory Garbage Collector), and CFG (Control Flow Guard). These technologies protect users from attacks that corrupt the memory using browser vulnerabilities. They are included in the latest Edge browser and switched on by default.

Will Microsoft beat its competitors with a new browser?

Microsoft is of course very aware that a few vulnerabilities of Edge browser may have been overlooked by its developers. That is the reason for the recent decision to launch a bug bounty program for Microsoft Edge.

It would seem that Microsoft has come fully prepared for the occasion simply by offering $15,000 to anyone who can spot any major vulnerabilities within the web browser. This is because Microsoft wants to improve Edge’s user security from attackers, spammers and whatever else may make an appearance.

According to Cowan, the brand new Microsoft Edge browser will have different goals and requirements than any of the other browsers have had in the past. It will consist of some opt in features that are older, and will always be moving and always on. Along with a few brand-new features in security and many security enhancements.

It is possible that the Microsoft Edge browser might turn out to be the most secure browser ever created by Microsoft. Since security is a continuing process, the Edge will infinitely be built upon with hopes of achieving the perfect browser one day.