Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Microsoft Edge
9 Microsoft Edge Features Chrome Doesn't Have (...yet)
Message
<blockquote data-quote="ForgottenSeer 92963" data-source="post: 966205"><p>I looked at the integrity levels of Edge with the registry or GPO tweak to enable AppContainer for renderer processes, to understand the benefits of using the strictest form of containment for the renderer process. A typical edge browser would show the following Integrity levels with Process Explorer</p><p></p><p>Edge broker process - medium level (but this process is kept in the basic user sandbox with the de-elevation on startup feature of Edge)</p><p>Network service process - medium level</p><p>GPU service process - low level</p><p>Data Storage service process - untrusted level - used to store and retrieve (temporary) data</p><p>Entity Extraction service process - untrusted level - used to extract entities out of webcontent like passwords, addresses, drm licenses etcetera</p><p>Renderer processes (2 or more depending on your RAM) - appcontainer - used to process webcontent</p><p></p><p>With the renderer process now having the lowest rights container (lowered from untrusted to appcontainer), the service modules are protected from side-by-side infections by the renderer processes (lower IL's can't change higher Integrity Levels). This clearly shows that AppContainer not only makes it harder for malware to escape the renderer processes (because the renderer handles content, javascript running in the renderer process could be injected by malware writers into the webpage you are browsing), but ALSO protects other important service processes in Edge (running as untrusted).</p><p></p><p>For people running Microsoft Defender with no other security programs (than Andy Ful's tools ) this integrity rights level structure also shows the benefits of adding theCode Integrity Guard protection of Edge to ALL Edge processes. By default Microsofts protects the renderer process with Code Integrity Guard, but it is very easy to add all Edge processes using Microsoft Defender's build-in Exploit Protection.</p><p></p><p>[SPOILER="Code Integrity guard enable"]</p><p>[ATTACH=full]262255[/ATTACH]</p><p></p><p>NB. I only use extensions from the Microsoft store. I can imagine that CIG also blocks extensions from the Google Chrome store.</p><p>[/SPOILER]</p></blockquote><p></p>
[QUOTE="ForgottenSeer 92963, post: 966205"] I looked at the integrity levels of Edge with the registry or GPO tweak to enable AppContainer for renderer processes, to understand the benefits of using the strictest form of containment for the renderer process. A typical edge browser would show the following Integrity levels with Process Explorer Edge broker process - medium level (but this process is kept in the basic user sandbox with the de-elevation on startup feature of Edge) Network service process - medium level GPU service process - low level Data Storage service process - untrusted level - used to store and retrieve (temporary) data Entity Extraction service process - untrusted level - used to extract entities out of webcontent like passwords, addresses, drm licenses etcetera Renderer processes (2 or more depending on your RAM) - appcontainer - used to process webcontent With the renderer process now having the lowest rights container (lowered from untrusted to appcontainer), the service modules are protected from side-by-side infections by the renderer processes (lower IL's can't change higher Integrity Levels). This clearly shows that AppContainer not only makes it harder for malware to escape the renderer processes (because the renderer handles content, javascript running in the renderer process could be injected by malware writers into the webpage you are browsing), but ALSO protects other important service processes in Edge (running as untrusted). For people running Microsoft Defender with no other security programs (than Andy Ful's tools ) this integrity rights level structure also shows the benefits of adding theCode Integrity Guard protection of Edge to ALL Edge processes. By default Microsofts protects the renderer process with Code Integrity Guard, but it is very easy to add all Edge processes using Microsoft Defender's build-in Exploit Protection. [SPOILER="Code Integrity guard enable"] [ATTACH type="full" alt="1638028029143.png"]262255[/ATTACH] NB. I only use extensions from the Microsoft store. I can imagine that CIG also blocks extensions from the Google Chrome store. [/SPOILER] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
