Windows 10’s ‘Edge’ Will Be Microsoft’s Most Secure Browser To Date
It became clear long ago that Windows 10 is Microsoft's most ambitious OS ever, but up until just a couple of months ago, we had no idea how seriously the company was going to be taking the Web browser that ships with it. As we discovered a few weeks ago, that Internet Explorer replacement is called Edge.
Since Microsoft's new browser was first revealed as Project Spartan, we've talked at length about the features it brings to the table. We're talking Cortana integration, a clean looking minimalist UI, a reading mode, and also the ability to draw on webpages, either to take notes, or keep track of things.
It's not just features that are going to sell this browser to people, it's the fact that Microsoft cares a lot about its performance and security. On Sunday, we revealed that Microsoft purged a lot of old code and many APIs with Edge, replacing that code with useful stuff, like major features and interop fixes.
Now, the company has revealed to the world exactly how it is planning on making Edge not only the most secure browser it's ever created, but the most secure browser - period.
A major focal point of Microsoft's security implementation in Edge is preventing people from falling victim to different sorts of trickery. Tying into this are a number of different mechanics that will cover common scamming avenues, such as phishing pages, sites that host malicious downloads, and fake websites that have fraudulent certificates.
To help defend against phishing sites, Microsoft will be making use of its Passport service to track and encrypt user passwords. It kind of sounds like Microsoft is targeting services like LastPass here, so it will be interesting to see how it fares once the feature lands. As with Windows 8, SmartScreen will be the security feature used to protect against bad downloads, while the company's Certificate Reputation mechanism will out fraudulent certificates.
It might not sound that exciting, but with Edge, Microsoft will be sticking to important Web standards that will allow some attacks to fail, such as with cross-site scripting.
It's one thing to be tricked, but it's another to be "hacked". Interestingly, Microsoft notes that one of the biggest things it's done with Edge to decrease the chance of hacking is by removing all of the things we talked about the other day, such as ActiveX, VBScript, and BHOs.
Also interesting is this: "To enable extensibility beyond what is provided by HTML5, we are working on plans for a modern, HTML/JS-based extension model." This sounds like a successor of sorts to these outgoing technologies, but we're at a point now where the implementation will undoubtedly be far more sane.
Other security enhancements include a forced 64-bit version of the browser, the use of app container sandboxes, and a huge focus on protection against memory corruption. Microsoft also notes that Edge will become part of its bug bounty program, so security researchers who discover serious flaws could score a nice payday.
Between its engine overhauling, new features, and updated security, Edge is shaping up to be one extremely competitive browser.