Microsoft aims to get tough on security with its Edge browser

The software giant is building tighter security into its browser designed specifically for the upcoming Windows 10.

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
3 min read

Microsoft is beefing up browser security with Edge. Nate Ralph/CNET

Microsoft is trying to make users feel more safe and secure with its new Edge Web browser.

Designed specifically for Windows 10, Edge is Microsoft's attempt to move past the legacy of Internet Explorer and offer a more cutting-edge browser that's faster, simpler and more flexible. Borrowing a page from rival browsers, Edge will offer a customized home page with links and thumbnails for frequently visited websites, access to Web-based apps and support for Chrome and Firefox extensions via a few tweaks.

But the Internet often feels like a dangerous place with malicious emails and websites, hackers, phishers and other threats to your private information. Internet Explorer has been dinged for security holes that have left it vulnerable to hackers. As such, Microsoft is placing greater emphasis on security with its new browser, as detailed in a blog post Monday by the Microsoft Edge Team.

Edge will not replace Internet Explorer in Windows 10, the next version of Microsoft's operating system, which is due to start rolling out the middle of this year. IE 11 will still be there for compatibility and other reasons. But Microsoft has stated that Edge will be the default browser in all versions of Windows 10.

Just how will Edge strive to be more safe and secure? Here are a few methods, according to the team.

One way that cybercriminals try to steal your password is by steering you to a fake website -- one that looks like a legitimate password-protected site that you normally use but is actually a malicious site designed to grab your log-in credentials. To try to combat these phishing expeditions, Microsoft Edge will remove the need to enter plain text passwords and will instead employ its Passport technology as a single-sign-in service to authenticate you.

Edge will use a new rendering engine called Microsoft EdgeHTML. The new engine is based on more modern Web standards, some of which Web developers can use to better defend their sites against cyberattacks. Edge will also tap into Microsoft's SmartScreen features, introduced in Internet Explorer 8. SmartScreen attempts to check the "reputation" of websites and software downloads to make sure they're legitimate.

Internet Explorer has been susceptible to attacks that exploit vulnerabilities in certain extensions, such as ActiveX and VB Script. Edge will remove those vulnerabilities by cutting off support for such extensions. Instead, Microsoft will use HTML5 for Edge and and is working on a extension-based model that will take advantage of HTML and JavaScript.

Watch this: Microsoft announces Microsoft Edge browser

By making Internet Explorer part of Windows, Microsoft left the browser open to security holes in the operating system. Microsoft Edge is a standalone app that can be more easily updated. And it runs in "sandbox" mode, meaning it runs in its own isolated, protected space. That makes it harder for, say, malware to infect other programs running on the same computer. And with Edge, every single Web page will be opened in its own sandbox, or "app container."

"Microsoft Edge is rebooting our browser extension model, allowing it to run its content processes in app containers, not just as a default, but all the time," the Edge team said. "Thus every Internet page that Microsoft Edge visits will be rendered inside an app container, the latest and most secure client-side app sandbox in Windows."

Finally, Microsoft knows that it needs help in tracking down security holes. As such, the company will offer a Windows 10 Technical Preview Browser Bug Bounty program. Those who find certain types of bugs in the new browser can report them to Microsoft in return for payment.

One key advantage to Edge is that it's been built from the ground floor up, unlike Internet Explorer, which Microsoft has simply updated over the years. That means the new browser can start fresh, free of the baggage that often burdened IE.

"Microsoft Edge is a brand new browser, with new goals and requirements," the team said. "This has allowed us to include these security enhancements, both brand new security features, and moving older opt-in features to be always-on. For this reason, we believe Microsoft Edge will be the most secure Web browser that Microsoft has ever shipped."