Microsoft Is Testing a “Super Duper Secure Mode” for Edge

Microsoft Is Testing a

Microsoft’s Radical Plan for Edge’s “Super Duper Secure Mode”

Microsoft announced its plans on the Microsoft Browser Vulnerability Research website. The software giant explains that, when testing its browser against malicious threats, it identified that one among Edge’s most significant flaws is JavaScript, namely, V8.

Inside of JavaScript may be a feature invented in 2008, called Just-In-Time (JIT) compilation. This enables JavaScript to load pages faster than usual, but the part’s complexity means there are many holes through which hackers can get in and run malicious code.

Developers of high-end browsers manage this issue through many testing and security patches, but Microsoft features a different plan. After all, a hacker can’t abuse V8’s JIT if the browser doesn’t use V8 in the first place.

As such, Microsoft is experimenting with a replacement “Super Duper Secure Mode.” It deliberately features a pretty silly name, because as Microsoft puts it, “we decide to celebrate with this project.”

Right now, you cannot test out the Super Duper Secure Mode on the regular branch of the browser. However, if you download either Edge Canary, Dev, and Beta, you’ll access edge://flags and appearance for its flag.

Once Super Duper Secure Mode is enabled, Microsoft Edge stops running JavaScript JIT. As you would possibly expect, this leads to a negative impact on Edge’s page load speed. However, Microsoft performed tests and noticed that the shortage of JIT didn’t affect page load too drastically, to the purpose where the typical user might not even see the change.

In fact, in other areas of browser performance, Microsoft noted that getting obviate JIT isn’t all bad:

Our tests measured improvements in power showed 15% improvement on average, and our regressions showed around 11% increase in power consumption. Memory is additionally a mixed story with negatively impacted tests showing a 2.3% regression but a more significant gain on the difficulties that showed improvements.

Will Microsoft erase JIT from Edge completely? It’s hard to mention immediately. Suppose the Super Duper Secure Mode proves to feature an entire ton of security without sacrificing an excessive amount of performance. In that case, the corporate may introduce the feature onto the most Edge branch. We’ll need to see how the feature fares within the test branches.

Is Microsoft Edge Ready for Super Duper Security?

JavaScript’s JIT may help pages load faster, but Microsoft is discovering that the drawbacks of keeping it patched and secure may outweigh the advantages. Nevertheless, if you would like to ascertain the consequences first-hand, you’ll download Edge’s beta branch and provide it with a spin.

This isn’t the primary time Microsoft has worked on Edge’s security. Recently, Microsoft patched Edge to require the safety tools that modern processors bring back the table.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store