Microsoft has published a new blog post describing the actions it has taken in developing a more secure web browser. Microsoft Edge, which will ship with Windows 10, is built so that users can "confidently experience the web from Windows". The new browser implements sandboxing, compiler, and memory management techniques to defend end users from "increasingly sophisticated and prevalent attacks".
Combating fake sites/links
Many people are tricked by fake sites, 'phishing' for information. Nearly every day I get asked to 'resolve a case' with my PayPal account (or similar) by clicking a link and confirming my details – probably on a site which looks a lot like the one it is supposed to be. Microsoft has some tools implemented in Edge to help prevent you falling for this kind of trickery. On its blog we are told that you can keep your passwords safe in Microsoft Passport which would not authenticate your details on a dodgy site.
Other technologies that will help protect you from fakery are; Microsoft SmartScreen which performs a 'reputation check' on sites you visit, a Certificate Reputation system, and using new security features based upon the W3C and IETF standards.
As Microsoft Edge is a Universal Windows App "both the outer manager process, and the assorted content processes, all live within app container sandboxes". The app container sandbox is turned on all the time so all browser processes run with less privileges than the user and browser controls.
Windows ASLR (Address Space Layout Randomization) is stronger on 64-bit computers. Attackers should find it much more difficult to inject malicious code into your browser process via a coding bug.
Another common tactic used by those who want to hack or subvert your browsing is via memory corruption. Microsoft says that C/C++ programs are particularly vulnerable to such attacks as they don't offer 'type safety' or buffer overflow protection. If a hacker can corrupt the memory used by a program they can then sometimes gain control of the program. In Microsoft Edge users will benefit from security measures such as MemGC (Memory Garbage Collector) and CFG (Control Flow Guard).
Last but not least, Microsoft's Windows 10 Technical Preview Browser Bug Bounty program is intended to incentivise security researchers to quickly report problems with Edge so that hackers don't get time to exploit problems.
With all the above in consideration Microsoft claims that "Microsoft Edge will be the most secure web browser that Microsoft has ever shipped". If that is true and Edge is indeed proved to be particularly impervious to hacks and hijacking it will be good for both the reputations of the Windows PC and the safety of internet commerce.