CrAKeN Posted March 24, 2017 Share Posted March 24, 2017 Microsoft Edge got hacked no less than 5 times at Pwn2Own earlier this month, but this doesn’t necessarily mean that it’s not a secure app, only that most teams at the event decided to focus all their efforts on the new default Windows 10 browser. To prove that Edge is a truly secure browser, Microsoft today detailed the sandbox implementation, explaining that this feature evolved over time after previously being introduced in Internet Explorer in a similar form. Internet Explorer 7 was the very first browser to come with a sandbox, which at that point was called Protected Mode, while Windows 8 introduced app container, a feature that Internet Explorer 11 used to create the Enhanced Protected Mode, also known as EPM. Coming in Creators Update Microsoft Edge, which removed support for ActiveX entirely, pushes this feature to a completely new level, with the company saying that it’s able to run entirely inside app container sandboxes at all times. This means that the browser is capable of limiting the impact of an attack at any given time by limiting the code a cybercriminal can use to search vulnerabilities and the privileges they could get. “What we just did here was to create a tuned sandbox for the Microsoft Edge content process, with a much tighter fit to the functional needs of the software than a normal app container provides. That is a lot of work, which is why this is not how the UWP platform works. But because web browsers are among some of the most threatened software there is, it is worth it in this case,” Microsoft explains. Microsoft says that by investing in the sandbox technology in Edge browser, the company was able to reduce access to MUTEXes by 100 percent, which means that attackers can no longer inject code capable of locking up a resource and crashing the browser. Furthermore, this allowed for a 90 percent reduction in access to WinRT and DCOM APIs, as well as a 40 percent reduction in access to devices. All these security improvements will become available for everyone on Windows 10 with the debut of the Creators Update next month, alongside other new features such as tab previews. Source Link to comment Share on other sites More sharing options...
oliverjia Posted March 24, 2017 Share Posted March 24, 2017 Microsoft also bragged about the security of Edge when it was first out ~2 years ago, saying that it's safer than Chrome. FYI, chrome was not hacked even once in this years Pwn2own contest. Security of Edge may be improved, but given the track record of Window Security, I will not be surprised if Edge was hacked 5 more times in next years' Pwn2own. Link to comment Share on other sites More sharing options...
Karlston Posted March 24, 2017 Share Posted March 24, 2017 The expression "flogging a dead horse" springs to mind... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.