The recently released Build 98.0.1108.23 of the Edge browser in the Beta Channel includes new security options designed to protect users against dangerous vulnerabilities, also known as zero-day threats. “This feature is a huge step forward because it lets us mitigate unforeseen active zero days,” noted Microsoft in the release notes.
Protecting the Browser
In a bid to explain the importance of protecting the browser, Justin Fier, Director of Cyber Intelligence & Analytics at cyber defense company Darktrace, told Lifewire in an email that the web browser has become a vital component of our computer usage, with some of us even moving to browser-only environments thanks to the likes of Google’s Chrome OS. He said that because of this increased dependence, browsers have become one of the leading avenues for threat actors to attack and gain access to a user’s digital environment. He believes this has made securing browser activity a priority for software vendors like Microsoft. Trevor Foskett, Senior Director of Solutions Engineering at data encryption specialists Virtru, agrees. “Given how many cloud apps and services we all use every day, the browser has become the primary work interface for most people, and it’s essential to ensure that your browsing data remains secure.” With this in mind, Microsoft has enabled the EnhanceSecurityMode group policy for Windows, macOS, and Linux desktops in the beta release of its browser. When toggled, Microsoft claims the policy will enable certain hardware-enforced protections to increase users’ security on the web. The new policy manifests itself under the Privacy, Search and Services tab in the browser’s Settings, as a security mode that offers two options, Balanced and Strict. The former is the recommended option, which enables security mitigations for sites users don’t frequently visit, while the latter adds the mitigations for all websites.
Usability and Security
Foskett told Lifewire he’s happy Microsoft is enhancing the security of their browser and helping users safeguard private information while making sure the new policies have no adverse impact on important websites. “Usability and security should go hand in hand; I believe the best security solutions minimize friction for the end-user while delivering strong data protection.” The feature is currently available in the beta version of the Edge browser, which means it’s not yet ready for general consumption. The beta channel allows Microsoft to test new features for a couple of weeks before graduating them to the Stable release. Interestingly, Travis Biehn, a principal security consultant with software security specialists Synopsys, noted that even in the beta release, the feature isn’t enabled by default. He told Lifewire over email that the protection feature is currently an opt-in that can only be applied via group policy. Speculating on the reasons for doing so, Biehn said that perhaps in their initial testing, Microsoft discovered the new feature broke parts of the browser for certain websites. “When Microsoft improves the stability of this feature and enables it by default, most end-users will experience no noticeable change—the Edge browser will just be harder for attackers to successfully exploit,” shared Biehn. Fier rounded off by saying that just as the traditional sense of a cyber “perimeter” has disappeared with the explosion of remote and hybrid working, this new emphasis on browser security is a good sign of shifting cybersecurity priorities across the industry. “It’s always encouraging to see the development of browsers taking a proactive approach to the security of end-users,” Ron Bradley, VP at risk-management organization Shared Assessments, told Lifewire over email. “The most important thing to remember is that threat actors don’t sleep, they don’t relent, and it will always be up to you to take every protective measure you can.”
