Using Microsoft Edge online may provide even more security than competing offerings, if a new release from the company is to be believed.
Microsoft has disclosed information regarding an experiment it carried out with its web browser that disabled some features in order to boost extra security protection.
The aptly-named new "Super Duper Secure Mode" reportedly offers heightened security by disabling a system known as the JavaScript just-in-time (JIT) compiler.
- We've put together a list of the best anonymous browsers around
- These are the best VPN services on the market
- Also check out our roundup of the best free PDF reader options
Super Duper Secure Mode
The trial was revealed in a blog post by Microsoft Edge Vulnerability Research lead Johnathan Norman, who described JIT compiling as a "remarkably complex process that very few people understand and it has a small margin for error".
By disabling the system, which Norman notes could immediately remove half of all security bugs for the V8 JavaScript engine, Microsoft Edge was able to turn on extra protections such as Intel's Control-flow Enforcement Technology (CET) and the Winodws Arbitrary Code Guard (ACG) and Control Flow Guard (CFG).
Both of these systems were incompatible with JIT, but could help protect against a variety of threats, Norman noted - with the results apparently overwhelmingly proving his hypothesis.
"By disabling JIT, we can enable both mitigations and make exploitation of security bugs in any renderer process component more difficult," he wrote.
"This reduction in attack surface kills half of the bugs we see in exploits and every remaining bug becomes more difficult to exploit. To put it another way, we lower costs for users but increase costs for attackers."
Users would not see any effect in terms of the browsing experience, despite Microsoft's tests finding that versions of Edge without JIT did show a 16.9% decrease in page load times and 2.3% hit in terms of memory usage.
Norman noted that the experiment was just that for the time being, and Super Duper Secure Mode would not be coming to the official Microsoft Edge release anytime soon.
However anyone wishing to try it out can do so in the Edge Canary, Dev, and Beta modes.
The news comes shortly after Microsoft Edge revealed a range of new customization options for users, including the option to change the default entry on allowing auto playing media in the browser, as well as "un-ignore" password health alerts for a particular website.
- We've also highlighted the best password managers around
No comments:
Post a Comment