May 15, 2015

Microsoft Edge: The new (and secure) way to browse the Internet

Laurent Slutzky


Do you remember how exciting it was when Internet Explorer was released back in 1995? I do, and it’s certainly amusing to think how excited we were for the “Microsoft browser.”

I also remember when Microsoft’s Internet Explorer became the dominant browser in the late 1990s. Back then, it seemed as though Microsoft’s dominance of the computing world would extend beyond just computer software and to the then (and still) rapidly growing Internet. However, Internet Explorer turned out to be a less-than-ideal solution, as it was slow, buggy, prone to malware, and didn’t have many of the features many users wanted. Most importantly, security vulnerabilities were a major problem for Microsoft’s internet browser. Nevertheless, in 2002, Internet Explorer still had over 80% of the browser market — a dominating percentage.

However, with the launch of Mozilla’s Firefox and, most importantly, the now-dominant Google Chrome browsers, Internet Explorer was gradually relegated to retired couples who think “Chrome” is something on the trim of their cars, along with corporate users who are required by their IT departments to use Internet Explorer for reasons known only to them.

Today’s internet browser statistics tell a very different story than 2002. Google Chrome has close to 64% of the market (and growing), while Mozilla Firefox has around 22% of the market. Microsoft’s ill-fated Internet Explorer (which has become a meme with quite negative characteristics in recent years) is barely clinging on to 8% of the browser market.

Microsoft has been going through some major changes over the past several quarters, led by the forward-thinking new CEO Satya Nadella. Those of you who know me (or have read any of my previous blog posts) know that I am a big fan of Satya Nadella, and think that he is doing a fantastic job of driving Microsoft into its own Renaissance. The question then is this—what is Nadella’s plan for internet browsing?

For months now, there have been rumors and speculation about “Project Spartan,” the code name for Microsoft’s yet-to-be-unveiled new internet browser. As with most speculation, rumors were based partially on hopes, partially on leaks (controlled and otherwise), and partially on flat-out guessing. While I like speculating as much as the next guy, I’m much happier to find out the hard facts about the new internet browser, which is called “Microsoft Edge.”

Microsoft has announced that Edge will be the “default” browser for Windows 10, but that Internet Explorer 11 will continue to be supported for the aforementioned retirees and corporate users (i.e. for compatibility purposes). Edge is designed to be a far more streamlined browsing experience and is directly targeting Chrome and Firefox as its competitors. However, while the aesthetics and overall browsing experience are certainly important toward any attempt at a resurgence in the browsing market, today I’d like to focus primarily on the security features that Microsoft is bringing to the table with Edge, as I believe security was the biggest glaring weakness of Internet Explorer and is potentially the greatest advantage in the new Microsoft Edge.

Microsoft SmartScreen – Microsoft SmartScreen is a feature that will help ensure that the websites you visit are “legitimate.” With an increasing number of malicious websites out there, the ability to safely screen the good ones from the bad is increasingly important, and SmartScreen (which was initially released with Internet Explorer 8) has been revamped to screen websites far more effectively.

Integrated “Sandbox” mode – One of the greatest risks when browsing the Internet is visiting a website or downloading a program (intentionally or unintentionally) that makes changes to your computer without your knowledge or consent. By utilizing Sandbox mode, all websites and programs launched within the browser are denied the permissions necessary to make malicious changes.

Fully 64-bit browser – Put simply, 64-bit browsing makes it far more difficult for hackers to add their malicious code. This is due in large part to Microsoft’s ASLR (Address Space Layout Randomization), which effectively randomizes potentially vulnerable memory components.

And, of course, a bounty for discovered bugs and other vulnerabilities – Microsoft is offering bounties for anyone who is able to find bugs and vulnerabilities in their new browser. This means that there will likely be teams (or solopreneurs) who will spend countless hours scouring Microsoft Edge for vulnerabilities — not so they can exploit them, but so they can earn a bounty (and possibly even a job at Microsoft).

I plan on speaking much more about Microsoft Edge as information becomes available, but for now I think it is safe to say that the era of Internet Explorer — as well as all the implications that go along with it — will soon be over.