Microsoft Edge browser is getting a "Super-Duper Secure Mode" experiment

nanoguy

Posts: 972   +14
Staff member
Why it matters: Microsoft's Edge vulnerability researchers are interested in testing a rather unconventional idea that could improve the security of Chromium-based browsers for people that are willing to sacrifice a bit of performance. It's been called "Super-Duper Secure Mode" and is mostly a fun experiment at this point, but it could turn into a real feature if there's enough user interest.

After moving the Edge browser to the Chromium engine, Microsoft finally landed a browser that many people are willing to use and switch to permanently. My personal experience has been that Edge runs without any major headaches ever since the first developer and canary builds arrived for Windows 10. Since then, Microsoft has been adding a slew of features such as sleeping tabs, a password generator, vertical tabs, and more.

Google last year stopped warning people about supposed security risks of Edge, and the two companies have since committed to working together in fixing the biggest pain points in cross-browser compatibility for the modern web.

Edge doesn't have perfect security, but like most browsers it does have some features that keep you as protected as you can be without becoming a headache. For instance, Microsoft's browser lets you automatically block "potentially unwanted app" downloads, but the company is now testing a more aggressive security feature called "Super Duper Secure Mode."

According to Microsoft's Edge Vulnerability Research team, the new mode is based on an unconventional idea but is ultimately designed to make it more costly for malicious actors to exploit any flaws they may find. What researchers found is that 45 percent of the bugs in the V8 Javascript engine used in Chromium-based browsers like Edge, Chrome, Opera, Brave, and Vivaldi were related to the Just-In-Time (JIT) compilation pipeline for JavaScript that is used to improve web browser performance.

The idea behind Edge's SDSM is that JIT offers a large attack surface that requires constant patching work to keep secure, so it might be worth testing if turning JIT off might improve security without a big sacrifice in terms of performance. And it's not just about removing almost half the bugs in the V8 JavaScript engine, as disabling JIT makes it possible to enable security features like Intel's Controlflow-Enforcement Technology (CET), or Microsoft's Arbitrary Code Guard (ACG) exploit mitigation feature in Windows 10.

After running some automated tests for power, startup, memory usage and page load times, the researchers found that turning off JIT led to improvements in some cases and slightly lower performance in others. Memory usage doesn't change that much, while startup times improve around 9 percent. As for page load times, the worst case observed is that they're almost 17 percent slower while in best case scenarios they actually improve up to 9.5 percent. Power usage is a similar story, with some tests showing an 11.4 percent increase with JIT turned off and some tests showing a 15 percent improvement in power efficiency.

In synthetic benchmarks like Speedometer 2.0, turning JIT off led to a result that was 58 percent worse than with JIT turned on. However, the difference in performance was much less noticeable in actual use, which matters a lot more for users than a specific number achieved in a benchmark.

SSDM is an experimental feature for now, but if you're willing to test it yourself you can do so by enrolling in the Edge Insider program. It doesn't matter whether you're in the Canary, Dev, or Beta ring, to enable the feature go to edge://flags and turn on the one named "edge-enable-super-duper-secure-mode." It's also worth noting Web Assembly (WASM) doesn't work in this mode, so proceed with caution.

Permalink to story.

 

duckofdeath

Posts: 448   +586
It's an obvious evolution to mitigate the escalation of criminals on the internet these days.

A disclaimer on this is probably needed, it only applies if you don't own a potato PC: "However, the difference in performance was much less noticeable in actual use, which matters a lot more for users than a specific number achieved in a benchmark."
 

Bawlsdeep

Posts: 141   +153
A more secure web-browsing mode is to never use MS Edge.

How so? It's built on Chromium which is the same foundation as Google Chrome.
Chrome and Edge sits on like 80% marketshare, and rising for every quarter...

Firefox is falling behind more and more.

Last time I looked at browser marketshare, even Safari were beating Firefox. I have Firefox installed at work (I have all browsers) and it's the slowest of all.

Since Edge v2.0 came out - based on Chromium - even Google Chrome got faster.

Firefox gets slower and slower depending on number of open tabs. With Chrome I can have 50+ open and still it performs as fast as 1 open tab.

Opera dying too tho.

Most sites today are built with Chromium in mind and tested / optimized for this.
 
Last edited:

trparky

Posts: 957   +1,023
How so? It's built on Chromium which is the same foundation as Google Chrome.
Ignorance and general @ssholery, that's how. They have to board the Microsoft hate train because it's cool to do so.

If anything, Microsoft is contributing to Chromium and making it better for all users. Isn't this the point of Open Source? Yes, it is. But no, people are still going to hate on them because... Microsoft. Some people need no more reason than that.
 

Bawlsdeep

Posts: 141   +153
Ignorance and general @ssholery, that's how. They have to board the Microsoft hate train because it's cool to do so.

If anything, Microsoft is contributing to Chromium and making it better for all users. Isn't this the point of Open Source? Yes, it is. But no, people are still going to hate on them because... Microsoft. Some people need no more reason than that.

Yep, Windows has gotten optimizations for Chromium built in, so Edge v2 and Chrome runs faster and more efficient. This might be the reason why Firefox is falling behind more and more.

Alot of webpages which formerly was optimized for Firefox, now is optimized for Chrome and Edge. People are simply slowly leaving Firefox for many reasons.
 

Theinsanegamer

Posts: 2,720   +4,256
Ignorance and general @ssholery, that's how. They have to board the Microsoft hate train because it's cool to do so.

If anything, Microsoft is contributing to Chromium and making it better for all users. Isn't this the point of Open Source? Yes, it is. But no, people are still going to hate on them because... Microsoft. Some people need no more reason than that.
$0.05 have been desposited into your bank account for making this post. Thank you -MS

Few like MS because MS has a very long history of abusing its positing to hurt competition, harvest massive amounts of data on users, implement changes that hurt the end user, and generally muk up anything they are involved in. If you see those people as "h@ters" or @ssholes" you're simply marginalizing others opinions via ad hominem, it reveals alot about you and your opinions.
 

DaveBG

Posts: 573   +255
Worst browser ever... Good that there is a way to remove it using no other tools or scripts:
 

captaincranky

Posts: 17,379   +6,130
Firefox had/has an extension called, "NoScript", Unfortunately, it was so secure, many pages were impossible to fully load.

Newegg was especially annoying to deal with, since they have a separate script for each function of the page..

You want reviews? OK, permission required.
You want Q & A? Right, that's a another different script, and so on and so forth.
 

lazer

Posts: 393   +119
I hate M$, try not to use edge or IE, they are a second rate tech company and a first rate merchandising company.
 

HyperPete

Posts: 109   +57
Yep, Windows has gotten optimizations for Chromium built in, so Edge v2 and Chrome runs faster and more efficient. This might be the reason why Firefox is falling behind more and more.

Alot of webpages which formerly was optimized for Firefox, now is optimized for Chrome and Edge. People are simply slowly leaving Firefox for many reasons.
This is also what led to the demise of Netscape. When Phoenix arrived it was designed to be stripped down and fast. I guess the same mindset that killed Netscape is present in the development of Firefox.
I switched to Vivaldi when it was still pre-release (I think it was around the .4x build) and it has been my default browser ever since.
I do use Brave now and then when I desire private browsing. (Also ipvanish.)

Worst browser ever... Good that there is a way to remove it using no other tools or scripts:

Unfortunately, removing edge can (will?) "break" Windows Update. I have not tried it with that reg key, but without it, package updates fail. When it happened to me, I had to search for the error code online to find that this was the cause. I had to go back and recreate the folder structure for my updates to install again.
 
Last edited: