Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Is Confident In Security of Edge Browser

Posted by timothy on from the way-out-there-man dept.

jones_supa writes: It's no secret that Internet Explorer has always been criticized for its poor security, so with the Edge web browser (previously known as Spartan), Microsoft is trying to tackle this problem more effectively and make sure that users consider it at least as good as Chrome and Firefox. In a blog post, Microsoft details the security enhancements available in Edge, pointing out that most of the changes it made to the new browser make it much more secure than Internet Explorer. There is more protection against trickery, app containers are used as the sandbox mechanism, and protection against memory corruption is better. Old, insecure plugin interfaces are not supported at all: VML, VBScript, Toolbars, BHOs, and ActiveX are all nuked from the orbit.

10 of 133 comments (clear)

  1. How hard will this break Corp Intranet apps? by disposable60 · · Score: 5, Insightful

    So all those corporate intranet apps that stupidly require IE - how hard will Edge break those?

    --
    You're looking for quotes? See my journal.
    1. Re:How hard will this break Corp Intranet apps? by Shados · · Score: 5, Insightful

      hard enough that IE11 will still be supported for a while in parallel.

      Thats the whole point of Edge. So that Microsoft can have a real browser without leaving the big corps legacy shit behind.

    2. Re:How hard will this break Corp Intranet apps? by peragrin · · Score: 4, Insightful

      Why were you stupid enough to write apps that only ever worked in IE to begin with?

      Don't blame microsoft for your stupidity. We have enough to blame Microsoft for that is legitimately their fault.

      --
      i thought once I was found, but it was only a dream.
    3. Re:How hard will this break Corp Intranet apps? by drakaan · · Score: 4, Informative

      If only I had mod points. I write .net web apps all the time, and for businesses, and I test in IE *last* because first and foremost, I want it to work in the future, which means for mostly-standards-compliant browsers. Writing IE-specific code is an extremely bad plan. Not all browsers are running on windows desktops or laptops.

      --
      "Murphy was an optimist" - O'Toole's commentary on Murphy's Law
  2. Talk the talk, but doesn't walk the walk... by QuietLagoon · · Score: 4, Interesting
    Microsoft always talks big about security, but time shows that it is just talk.

    .
    Remember when Microsoft declared the buffer overflow bugs were eliminated from Windows XP?

    1. Re:Talk the talk, but doesn't walk the walk... by gstoddart · · Score: 4, Insightful

      The problem is that new code is just that ... new and untested.

      So you build something new from scratch and say "wow, we did awesome at teh security". Well, OK, now you release it into the wild and wait for people to abuse it -- that's when you find out how well you've done.

      Any new code is going to have the problem, because it hasn't been field tested or through several iterations.

      It's all well and good for Microsoft to say "nailed it". That doesn't make it true. So I think it's probably safe to assume that unless Microsoft has done something remarkable, there's probably a bunch of places where they haven't fully locked it down.

      --
      Lost at C:>. Found at C.
  3. Secure? by afidel · · Score: 4, Informative

    They support WebGL which is going to be the next attack vector as well as continuing to support flash with sandboxing that the hackers will tear to shreds in short order.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  4. Possibilities by Ol+Olsoc · · Score: 4, Interesting
    Microsoft is always confident.

    But as a long time hater of Redmond products, am I sensing some sort of sea change?

    It's just within the realm of possibilities that the Ballmer days of "When I want your opinion, I'll tell you what it is," are over? In more than just name?

    I intend to give them a chance here, maybe its the same old Microsoft. Maybe not.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  5. Re:The first edition by Ark42 · · Score: 4, Informative

    Except it's really effectively Trident 8.0 / IE 12. Only, they forked it and removed all the legacy support from it, then left a copy of Trident 7.0 / IE 11 around in case you need legacy support still. So it's not really the first version of anything, and it's not like it's completely from-scratch code.

    --
    Morphing Software
  6. Re:This is project proposal V 1.0. by afidel · · Score: 4, Informative

    Some powerful customer will demand some interface to be supported or else

    No, they're shipping IE11 with enterprise compatibility mode to support back to IE8 quirks which will be fine for 99+% of their customers for legacy apps. Trust me, most of their customers are going to be happy to have a standards compliant browser as the default, the only trick will be in the mechanism to kick user over when they try to go to a corporate site that needs classic IE within Edge and keeping that mechanism from being abused by the bad guys.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.