Security features in Microsoft Edge browser

Few weeks ago, Microsoft has released new browser called Microsoft Edge which comes with Windows 10, which is meant to replace traditional Internet Explorer. It contains lot of new security features and here let us have a look at some important security features.


Security features in Microsoft Edge browser

Internet is filled with lot of malicious content and malicious adverts to pounce on the browsers. There are some innocent websites with malicious content which download when you visit the sites. A good browser should be capable of protecting you from the malicious content and other security threats. JavaScript and ActiveX controls are the most vulnerable which render the dynamic content on the websites. In addition to this, the extensions for the browsers maintain nominal safety standards because they don’t undergo vigorous software testing as the other software do.

Microsoft claimed that Edge offers more security features than Internet Explorer and here is the list of some.

Edge login process

Irrespective of the device you are using, Microsoft will use device certificates to provide you the proper login process. Microsoft Passport service which comes with Windows 10 OS make sure that you are not logging into vulnerable websites, which make sure that there is a certificate to log into your websites. If you visit any malicious website, then it will explain plain text credentials. But since Microsoft Passport doesn’t use asymmetric keys, it will not analyze the key and don’t get any information about your login credentials.

Sandboxing Edge App

As an added security measure, Microsoft Edge will always run in partial sandbox, which prevent the attackers from gaining control of all your PC resources. It will be hard for the malware attackers to gain access to browser, because it will be using only signed extensions. Even if they gain access to Edge browser, they will be sandboxed such that they can’t enter your PC.

Microsoft Softscreen

Microsoft Softscreen was first introduced with Internet Explorer 8 version and this will be an essential component in both Windows Shell and Edge. It protects the users from malicious sites by performing reputation check on the sites that you visit. If the website is safe, then SmartScreen will let you proceed and if anything looks fishy, you will get a warning. As SmartScreen is integrated into Windows 10 Shell, Edge and other applications can use this for screening the websites before users can access them. Some apps on your Windows device try to connect to other websites without using the browser, SmartScreen in Windows 10 shell doesn’t allow the users to connect to malicious websites.

No ActiveX and other controls

Microsoft Edge doesn’t use any script except JavaScript when browsing. ActiveX controls, VB Scripts, VML, Toolbars and more will be disabled when you are browsing the internet. This clearly says two things. First, developers should move to HTML5 for allowing Edge render their sites properly because most of the websites depend on ActiveX controls. Secondly, Secondly, when accessing such sites, if you feel safe with the site, you can use IE which will be still present in Windows 10. Web wold be a safer place in coming years if the developers move from regular code to HTML5 and other latest coding languages.

Microsoft has said that they are working on a model which will help the users to access the websites which are still to migrate to HTML5. In simple words, Edge may be capable of rendering the websites which use ActiveX controls but without using any of those scripts.

Web Standards in Microsoft Edge

Microsoft Edge uses the completely new rendering engine called as EdgeHTML, which is more focused on security and rendering such that developers can come with better websites without need to worry about interoperabilty. Edge supports W3C standard for Content Security Policy which helps developers to protect their sites from cross scripting attacks. Edge also employs the HTTP Script Transport Security to make sure that the connections to the e-commerce sites are safe and reliable.


Project Spartan team, which is working on Microsoft Edge has answered questions regarding the extensions. They made clear that unlike Internet Explorer, Edge supports extensions and they will tested perfectly before making it available to the users. They also made clear that they doesn’t allow the extensions based on the manipulative coding languages like Java and Silverlight.

Defending against memory corruption

It is easy for the malicious attacker to send the scripts to a program which might result in buffer overflows and while browser deals with this, to take control of the computer where browser is working. Microsoft Edge has given thought to this and makes browser secure by preventing buffer overflow using different techniques.

Microsoft in the regard of Edge said that, security is not a destination it is a journey, so it will be keep on adding security measures and they will have bug bounty programs that check out the bugs in Edge browser from time to time.

You may also like...