The Microsoft Edge browser is testing a “Super-Duper Secure Mode.”

Spread the love

If you’re willing to give up a little performance, you can strengthen Edge security.

Microsoft’s Edge vulnerability researchers are interested in testing an unusual idea that could improve the security of Chromium-based browsers for those willing to give up a little performance. It’s dubbed “Super-Duper Secure Mode” and is currently a fun experiment, but if there’s enough user interest, it could become a real feature.

Microsoft finally landed a browser that many people are willing to use and switch to after migrating the Edge browser to the Chromium engine. Since the first developer and canary builds of Windows 10 arrived, I have had no major issues with Edge. Microsoft has since added a slew of new features, including sleeping tabs, a password generator, vertical tabs, and more.

Google stopped warning people about Edge’s alleged security risks last year, and the two companies have since committed to working together to address the most pressing issues in cross-browser compatibility for the modern web.

Edge doesn’t have perfect security, but like most browsers it does have some features that keep you as protected as you can be without becoming a headache. Microsoft’s browser, for example, allows you to automatically block “potentially unwanted app” downloads, but the company is now testing a more aggressive security feature called “Super Duper Secure Mode.”

READ ALSO:  TSMC's 3nm N3 process node will enter volume production in the second half of 2022

According to Microsoft’s Edge Vulnerability Research team, the new mode is based on an unusual idea, but it is ultimately intended to make it more expensive for malicious actors to exploit any flaws they may discover. Researchers discovered that 45 percent of the bugs in the V8 Javascript engine used in Chromium-based browsers such as Edge, Chrome, Opera, Brave, and Vivaldi were related to the JavaScript Just-In-Time (JIT) compilation pipeline, which is used to improve web browser performance.

The idea behind Edge’s SDSM is that JIT provides a large attack surface that requires constant patching work to keep secure, so it may be worth testing to see if turning JIT off improves security without a significant performance penalty. It’s not just about removing nearly half of the bugs in the V8 JavaScript engine; disabling JIT enables security features such as Intel’s Controlflow-Enforcement Technology (CET) or Microsoft’s Arbitrary Code Guard (ACG) exploit mitigation feature in Windows 10.

The researchers discovered that turning off JIT resulted in improvements in some cases and slightly lower performance in others after running some automated tests for power, startup, memory usage, and page load times. Memory usage does not change significantly, while startup times improve by about 9%. In terms of page load times, the worst case scenario observed is that they are nearly 17 percent slower, while the best case scenario actually improves by up to 9.5 percent. Power usage follows a similar pattern, with some tests revealing a 11.4 percent increase with JIT turned off and others revealing a 15% improvement in power efficiency.

READ ALSO:  Advertisers are running from Facebook. What's next?

Turning off JIT in synthetic benchmarks like Speedometer 2.0 resulted in a 58 percent worse result than turning it on. However, the difference in performance was much less noticeable in actual use, which is far more important to users than a specific number obtained in a benchmark.

SSDM is currently an experimental feature, but if you want to test it for yourself, you can do so by enrolling in the Edge Insider programme. To enable the feature, go to edge:/flags and enable the one labelled “edge-enable-super-duper-secure-mode” regardless of whether you’re in the Canary, Dev, or Beta ring. It’s also worth noting that Web Assembly (WASM) does not work in this mode, so use caution.

 

 275 

Leave a Reply