Slashdot Mirror
Microsoft Is Confident In Security of Edge Browser
jones_supa writes: It's no secret that Internet Explorer has always been criticized for its poor security, so with the Edge web browser (previously known as Spartan), Microsoft is trying to tackle this problem more effectively and make sure that users consider it at least as good as Chrome and Firefox. In a blog post, Microsoft details the security enhancements available in Edge, pointing out that most of the changes it made to the new browser make it much more secure than Internet Explorer. There is more protection against trickery, app containers are used as the sandbox mechanism, and protection against memory corruption is better. Old, insecure plugin interfaces are not supported at all: VML, VBScript, Toolbars, BHOs, and ActiveX are all nuked from the orbit.
They support WebGL which is going to be the next attack vector as well as continuing to support flash with sandboxing that the hackers will tear to shreds in short order.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Which is why you wont use edge, you will use the legacy support version that they are also shipping. They are essentially splitting IE into two browsers, one for locked down, legacy, corporate use, and one for normal users.
Except it's really effectively Trident 8.0 / IE 12. Only, they forked it and removed all the legacy support from it, then left a copy of Trident 7.0 / IE 11 around in case you need legacy support still. So it's not really the first version of anything, and it's not like it's completely from-scratch code.
Morphing Software
Some powerful customer will demand some interface to be supported or else
No, they're shipping IE11 with enterprise compatibility mode to support back to IE8 quirks which will be fine for 99+% of their customers for legacy apps. Trust me, most of their customers are going to be happy to have a standards compliant browser as the default, the only trick will be in the mechanism to kick user over when they try to go to a corporate site that needs classic IE within Edge and keeping that mechanism from being abused by the bad guys.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Write against a vendor locked-in API, get vendor locked-in.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
If only I had mod points. I write .net web apps all the time, and for businesses, and I test in IE *last* because first and foremost, I want it to work in the future, which means for mostly-standards-compliant browsers. Writing IE-specific code is an extremely bad plan. Not all browsers are running on windows desktops or laptops.
"Murphy was an optimist" - O'Toole's commentary on Murphy's Law
I would even suggest that IE is just a minority of browsers surfing the net these days. Every time I use IE, I wonder how anyone considers it useful. Just yesterday, I saw a very interesting rendering bug in IE (I have to use it for testing) on a website. Apart from being slow and clumsy, it is still that buggy.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Some of us have to write .net in the environment provided and using the rules provided. In the case of my major defense company employer, that is VS/SQLServer/.NET/IE only.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Have you ever heard of a company that has specified tools, legacy tools, requirements that are given to you and that you must adhere to? I have, I work for one. They have tons of code and intranet sites written specifically for how IE works.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Im pretty sure you cant control user-side GPOs or IE settings from a HTML header.