How Microsoft Edge Super Duper Secure Mode Will Prioritize Your Security And Privacy Above All
Which do you prefer when browsing the web—raw speed or a combination of security and privacy? Generally speaking, modern browsers deliver the whole kit and caboodle, which is the way it should be. That said, Microsoft is testing a new "Super Duper Secure Mode" for its Edge browser that puts more of an emphasis on the latter.
According to Microsoft, a lot of the difficulty arises from the Just-In-Time (JIT) components that were introduced to browser over a decade ago. JITs are intended to speed up certain tasks when browsing, in part by leveraging speculative optimization of code.
This led Microsoft to wonder if the performance gains introduced by JITs is worth the security hassle. And in pondering the question, Microsoft also wonders if it would be a good idea to simply disable JIT. And so that is what the company is experimenting with, as part of its Super Duper Secure Mode.
"This reduction of attack surface has potential to significantly improve user security; it would remove roughly half of the V8 bugs that must be fixed. For users, this means less frequent security updates and fewer emergency patches required. These updates and patches are common points of frustration for our customers, particularly those in large enterprise environments who must test updates before rolling them out," Microsoft says.
What about performance, though? Microsoft ran undress of tests in its labs that mimic real-world sites and conditions, and grouped them into four categories—Memory, Page Load, Startup, and Power. In most cases, it found no discernible changes with JIT disabled.
"There are a few improvements and regressions, but most tests remain unchanged. Anecdotally, we find that users with JIT disabled rarely notice a difference in their daily browsing," Microsoft says.
Microsoft is planning to continue testing Super Duper Secure Mode over the next several months. Once complete, the challenge shifts to implementing mitigations in a way that balances the trade offs. The company readily admits there are "quite a few challenges to overcome," once of which is finding a new name for its tongue-in-cheek Super Duper Secure Mode designation.
If you want to test the feature for yourself, you will first need to download a test build (Edge Canary, Dev, or Beta). Then type edge://flags in the URL bar and look for the Super Duper Secure Mode setting.