Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Microsoft Edge
9 Microsoft Edge Features Chrome Doesn't Have (...yet)
Message
<blockquote data-quote="ForgottenSeer 92963" data-source="post: 966029"><p>Here are 5 security features which Chrome does not have</p><p></p><p>1. De-elevation on start of broker process</p><p>What it does: when you run Edge as Admin, the broker process de-elevates from high to medium level integrity rights.</p><p>Why this matters: Medium Ievel Integrity rights processes have no write access to UAC protected folders (Windows, Program Files and most Program Data folders). This comes (security wise for Edge only) closer to running as a standard user than UAC.</p><p></p><p>2. Code Integrity Guard of renderer process</p><p>What it does: this allows only Microsoft signed DLL's to be loaded into the renderer process.</p><p>Why this matters: DLL's are dynamic load libraries. These DLL's can be injected in the renderer processes of your browser. Malware can not misuse this mechanisme to take control over the renderer process and ultimately over your PC (through a staged attack).</p><p></p><p>3. AppContainer for renderer process</p><p>This new feature will come to you automatically in next versions, early birds can enable this in registry or group policy.</p><p>What it does: it lowers the integrity rights of the renderer process from Untrusted to AppContainer. AppContainer is the build-in rights sandbox of the Windows OS (<a href="https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation" target="_blank">explanation</a>). It isolates the renderer from unneeded resources and other application. No access means no opportunities for malware to misuse bugs and exploits in the chromium renderer process (the process which does the heavy work showing web content correctly on your screen).</p><p>Why it matters: It makes it harder for malware to escape the Chrome sandbox (the sandbox of Chromium based browsers)</p><p></p><p>4. Super duper secure mode/new security mitigations option</p><p>Can be set through flags and settings (the latter has a smart balanced option).</p><p>What it does: it disables the Just In Tim (JIT) javascript compiler. Compiled code is code which the CPU can process. It looks like a string of zeroes and ones. It is much harder to 'read' compiled code then plain javascript sourcecode.</p><p>Why it matters: Some windows protection mechanisms can't read/handle compiled code. Without JIT enabled Windows can apply more checks and balances (like CET and ACG), simply because it can read the javascript sourcecode. These cross checks make it harder for malware to sneak through (professionals I know, this is a layman's explanation, feel free to add comments when you have a better way to explain it).</p><p>Downside: Compiled code is faster than interpreted code. In the past this differences was huge. With modern Javascript engines these differences are minimal for most common web applications. Only a few javascript intensive applications might rely on pre-compiled code. So fair chance you won't notice it. When you enable this feature, choose 'balanced mode' to be prevent issues.</p><p></p><p>5. Automatic HTTPS</p><p>Can be set through flags and settings (will become default in the near future since most websites are encrypted HTTPS).</p><p>What it does: Tries to switch from unencrpted HTTP traffic through encrypted HTTPS (sort of same as HTTPS everywhere extension)</p><p>Why it matters: Encrypted data is gibberish, so your ISP and anyone else on your way to the world wide web does not understand what goes over the line/air.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 92963, post: 966029"] Here are 5 security features which Chrome does not have 1. De-elevation on start of broker process What it does: when you run Edge as Admin, the broker process de-elevates from high to medium level integrity rights. Why this matters: Medium Ievel Integrity rights processes have no write access to UAC protected folders (Windows, Program Files and most Program Data folders). This comes (security wise for Edge only) closer to running as a standard user than UAC. 2. Code Integrity Guard of renderer process What it does: this allows only Microsoft signed DLL's to be loaded into the renderer process. Why this matters: DLL's are dynamic load libraries. These DLL's can be injected in the renderer processes of your browser. Malware can not misuse this mechanisme to take control over the renderer process and ultimately over your PC (through a staged attack). 3. AppContainer for renderer process This new feature will come to you automatically in next versions, early birds can enable this in registry or group policy. What it does: it lowers the integrity rights of the renderer process from Untrusted to AppContainer. AppContainer is the build-in rights sandbox of the Windows OS ([URL='https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation']explanation[/URL]). It isolates the renderer from unneeded resources and other application. No access means no opportunities for malware to misuse bugs and exploits in the chromium renderer process (the process which does the heavy work showing web content correctly on your screen). Why it matters: It makes it harder for malware to escape the Chrome sandbox (the sandbox of Chromium based browsers) 4. Super duper secure mode/new security mitigations option Can be set through flags and settings (the latter has a smart balanced option). What it does: it disables the Just In Tim (JIT) javascript compiler. Compiled code is code which the CPU can process. It looks like a string of zeroes and ones. It is much harder to 'read' compiled code then plain javascript sourcecode. Why it matters: Some windows protection mechanisms can't read/handle compiled code. Without JIT enabled Windows can apply more checks and balances (like CET and ACG), simply because it can read the javascript sourcecode. These cross checks make it harder for malware to sneak through (professionals I know, this is a layman's explanation, feel free to add comments when you have a better way to explain it). Downside: Compiled code is faster than interpreted code. In the past this differences was huge. With modern Javascript engines these differences are minimal for most common web applications. Only a few javascript intensive applications might rely on pre-compiled code. So fair chance you won't notice it. When you enable this feature, choose 'balanced mode' to be prevent issues. 5. Automatic HTTPS Can be set through flags and settings (will become default in the near future since most websites are encrypted HTTPS). What it does: Tries to switch from unencrpted HTTP traffic through encrypted HTTPS (sort of same as HTTPS everywhere extension) Why it matters: Encrypted data is gibberish, so your ISP and anyone else on your way to the world wide web does not understand what goes over the line/air. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
