Microsoft Edge Browser Gets Security Boost

The new Windows 10 browser, Microsoft Edge, is fortified with security measures to keep users safe.
Windows 10, HoloLens, Office: Microsoft Details Its Vision
Windows 10, HoloLens, Office: Microsoft Details Its Vision
(Click image for larger view and slideshow.)

Microsoft is pulling out all the stops to boost the appeal of Windows 10 to a global user audience. Most recently, these efforts have included tighter security measures for new minimalist browser, Microsoft Edge.

Edge, formerly codenamed Project Spartan, is one of the many new features arriving on desktops when Windows 10 launches this summer. The faster, more lightweight platform will replace Internet Explorer as the go-to browser for the majority of users running the new OS. Internet Explorer 11 will continue to be available for business compatibility.

Microsoft hopes to have Windows 10 on 1 billion devices within two to three years after its launch. That signifies a lot of users who could be exposed to security threats if the Edge browser has the same extent of vulnerabilities as its predecessor.

[Windows 10: Microsoft's Last Operating System?]

As a result, security has become a top priority for Microsoft Edge, as described in a May 11 blog post from Microsoft. The Edge team is implementing a series of advanced technologies to protect users from increasingly sophisticated cyberthreats.

In a major change from Internet Explorer, which was built into the Windows OS, Microsoft Edge will be available as a Universal app. This makes the browser easier to update and allows all processes to run in isolated "sandboxes" or "app containers."

Internet Explorer was affected by security vulnerabilities in the Windows OS; Edge will not be.

Edge is also changing Microsoft's browser extension model by allowing its content processes to run in app containers all the time, not just as default. This means that every Web page visited in Edge will be processed in an app container, which the team claims is "the latest and most secure client-side app sandbox in Windows."

Many hackers steal their victims' information by encouraging them to enter their usernames and passwords on the malicious duplicate of a trusted website. To protect against this strategy, Windows 10 will leverage Microsoft Passport technology. Instead of entering plain-text passwords, users will undergo a one-time authentication that unlocks their device and provides access to their accounts.

To further protect against phishing, Microsoft SmartScreen, which was introduced in Internet Explorer 8, will be used throughout Microsoft Edge and Windows 10 Shell to perform reputation checks on websites and block malicious pages.

As we learned back in March, Edge will feature a new rendering engine, Microsoft EdgeHTML. The technology allows Web developers to build a single site that supports all modern browsers, which opens more time to focus on security. EdgeHTML also protects against "con man" breaches with support for HTTP Strict Transport Security, which ensures safe connections to critical sites such as those for online banking.

Microsoft is migrating to a more secure extension model for Edge by leveraging the extensive capabilities in HTML5 and doing away with support for other extensions, including Toolbars, VML, ActiveX, VB Script, and BHOs. It's working on a more modern extension model rooted in HTML and JavaScript.

These are just a few of many security measures that Microsoft is working into its Edge browser.

Despite the advancements it has made so far, the team has acknowledged that there will be security holes missed. In an effort to catch these, Microsoft has launched a Windows 10 Technical Preview Bug Bounty Program. Through the program, security researchers can test and report vulnerabilities before Edge reaches the public.

The news pertaining to Microsoft Edge security is the latest in a long series of announcements pertaining to Windows 10. In other security news, we learned last week that Microsoft's Patch Tuesday is on its way out. The event will be replaced with Windows Update for Business in Windows 10.

[Did you miss any of the InformationWeek conference in Las Vegas last month? Don't worry: We have you covered. Check out what our speakers had to say and see tweets from the show. Let's keep the conversation going.]



Editor's Choice
James M. Connolly, Contributing Editor and Writer
Carrie Pallardy, Contributing Reporter
Roger Burkhardt, Capital Markets Chief Technology Officer, Broadridge Financial Solutions
Shane Snider, Senior Writer, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
John Edwards, Technology Journalist & Author