View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Microsoft: Edge will be ‘most secure browser we’ve ever shipped’

Software vendor prepares to overhaul web security.


Microsoft is plotting a fundamental overhaul of web security as it prepares to launch Edge in late July following 19 years of Internet Explorer.

Updates to the web browser will seek to combat common cyberattacks such as phishing and session hijacking, which allow hackers to steal credentials and attack computer systems.

Crispin Cowan, senior program manager at Microsoft Edge, said: "Microsoft Edge is a brand new browser, with new goals and requirements. This has allowed us to include these security enhancements, both brand new security features, and moving older opt-in features to be always-on.

"For this reason, we believe Microsoft Edge will be the most secure web browser that Microsoft has ever shipped. As security is a process, not a destination, we will continue to work on browser security improvements."

To defend against phishing Microsoft plans to make greater use of Passport, a single sign-in service that allows users to log in to websites without entering plain text passwords.

The move follows a surge in sophisticated and plausible phishing attacks targeting services such as Microsoft Outlook through the use of visually identical webpages.

In addition Edge will place a greater emphasis on authentic web certificates, a response to hackers using encrypted connections after users were told to place greater trust in websites that did so.

Content from our partners
The growing cybersecurity threats facing retailers
Cloud-based solutions will be key to rebuilding supply chains after global stress and disruption
How to integrate security into IT operations

"Users have learned to trust sites that use encrypted web traffic," Cowan said. "Unfortunately, that trust can be undermined when malicious sites use improperly obtained or fraudulent certificates to impersonate legitimate sites."

Microsoft has also steeled Edge against attempts by hackers to subvert or hijack it, both through the creation of a safer extension model and the use of an app container sandbox, which will run every Internet page in isolation to protect the rest of a computer.

The company has also added protections against memory corruption, which involves a hacker sending bad input to a program in order to first confuse it and later gain control of it.

In a caveat, Cowan said: "Despite all efforts, there will be security vulnerabilities in Microsoft Edge that we do not yet know about,"

He added that the firm would be creating a bug bounty program for Windows 10 that also covered Edge.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy