Microsoft Is Confident In Security of Edge Browser

jones_supa writes: It's no secret that Internet Explorer has always been criticized for its poor security, so with the Edge web browser (previously known as Spartan), Microsoft is trying to tackle this problem more effectively and make sure that users consider it at least as good as Chrome and Firefox. In a blog post, Microsoft details the security enhancements available in Edge, pointing out that most of the changes it made to the new browser make it much more secure than Internet Explorer. There is more protection against trickery, app containers are used as the sandbox mechanism, and protection against memory corruption is better. Old, insecure plugin interfaces are not supported at all: VML, VBScript, Toolbars, BHOs, and ActiveX are all nuked from the orbit.

How hard will this break Corp Intranet apps?

[disposable60]

So all those corporate intranet apps that stupidly require IE - how hard will Edge break those?

Re:How hard will this break Corp Intranet apps?

[Shados]

hard enough that IE11 will still be supported for a while in parallel.

Thats the whole point of Edge. So that Microsoft can have a real browser without leaving the big corps legacy shit behind.

Re:How hard will this break Corp Intranet apps?

[peragrin]

Why were you stupid enough to write apps that only ever worked in IE to begin with?

Don't blame microsoft for your stupidity. We have enough to blame Microsoft for that is legitimately their fault.

Re: How hard will this break Corp Intranet apps?

Very. It's why they're including internet explorer as a separate application. Edge isn't intended to run IE specific applications.

I'd say it's pretty clear that the only real thing Microsoft is confident in, is that users will actually USE the Edge solution.

That's a cute assumption you've got there. Good luck with that.

This is project proposal V 1.0.

[140Mandak262Jamuna]

A great news to many is that old unsecure plugin interfaces are not supported at all: VML, VBScript, Toolbars, BHOs, and ActiveX are all nuked from the orbit

This looks like what the dev team presented to the upper management about what it wants to do. It will undergo several iterations. Some powerful customer will demand some interface to be supported or else... Some managers will insist on some form of backward compatibility mode. Some bing! advertisement people would ask for "special" interfaces to their team to let them "leverage" & "synergy" and other buzzword bingo stuff. There will be compromises. Some managers will insist with straight face, "yes, yes, this scripting interface is supported, but we say very clearly in the documentation it is not to be used for fresh code and it is to be used only for backward compatibility reasons, so it is not a security threat".

Finally they will be wondering why security was compromised, and blame it on the open source zealots and prejudice among the uninformed and marketing by competitors and assure themselves "it is not our fault, we did not do anything wrong".

Re:Talk the talk, but doesn't walk the walk...

[gstoddart]

The problem is that new code is just that ... new and untested.

So you build something new from scratch and say "wow, we did awesome at teh security". Well, OK, now you release it into the wild and wait for people to abuse it -- that's when you find out how well you've done.

Any new code is going to have the problem, because it hasn't been field tested or through several iterations.

It's all well and good for Microsoft to say "nailed it". That doesn't make it true. So I think it's probably safe to assume that unless Microsoft has done something remarkable, there's probably a bunch of places where they haven't fully locked it down.

Re:Possibilities

[phantomfive]

I intend to give them a chance here, maybe its the same old Microsoft. Maybe not.

At best, Microsoft is a corporation, whose entire purpose is to make money. What sort of chance is worth giving them?