Serious Discussion Microsoft Edge Stable (Chromium) Now Available for Download

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Just updated to version 80.0.361.48.
4 days later, good or bad?

Indecisive: V80 contained many high-risk fixes, so was a major update.

Imagine a browser being an user interface with a 'master controller' launching other parts of which the renderer is the most important module. The renderer in its turn processes HTML (the content), CSS (the layout in which content is displayed) and runs the V8 javascript engine (processing the javascript which adds functionality).

On the upside (in favor of Edge-chrmium/Microsoft)
In terms of maintenance Opera seems to have the smartest architecture*, so Opera should be able to follow Chrome faster than other chromium based browsers like Brave or Edge-chromium. Microsoft seemed to beat both (Opera and Brave) in terms of adopting this major V80 release

*) When comparing Chrome with Opera, you will notice that all the site-permissions are identical and that Opera has an occasional extra flags which they clearly mark as Opera specific, e.g. one general settings for DNS over HTTPS and a Opera-DOH. Opera has neatly limited itself to changes in the GUI and providing bolt-on VPN functionality or modular extra ad-blocker functionality. The build-in ad-blocker seems to use the rule engine of an existing extension, but has its own API and in memory data structure (where rules are stored), which seems to be a simpler version of the current Chrome API (play with advanced ABP-rules and you will notice some things, usually advanced features don't work).

On the downside (against Edge-chromium/Microsoft)
When you clone a browser you normally would not touch the renderer and the master controller. When you compare the site-permissions of Edge-chromium with Chrome, you will notice some differences. The same applies for the flags. This indicated that Microsoft did not restrict the changes to the just the GUI or bold-on functionality, but also altered core-functionality.

When you change programs it is smart to restrict these changes to events and API. This makes it easy to add or change functionality, because API's and events are clear interaction/connection points. The edge://about flag "de-elevate on launch" is such an example of an easy to locate and isolate (program) event/trigger. The same applies for instance to extra functionality "Block unwanted programs" which is clearly related to the "download" trigger/event. The reassuring conclusion seems to be Microsoft made their "core functionality" alterations smartly.

For comparison a one man band (Marmaduke at Woolyss) managed in his spare time to de-google Chromium and add some Chrome functionality (existing modules) into Chromium in just 1.5 day. For Microsoft with its huge development team taking more than three days to implement those changes, shows that they may have been changing to much basic functionality code under estimating the effort of regression testing.

Future will tell
 
Last edited:

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Chrome vs Edge 2-2 on security & privacy, a draw when you ask me slight advantage on points for Edge-chromium

All things being equal except ....

Chrome vs Edge on security

Chrome
+ site permission option to block file access
+ block unsecure downloads EDIT
+ Google safe browsing

Edge
+ edge flag to de-elevate on start
+ block PUP's downloads
+ Edge Smartscreen

Chrome vs Edge 2-2 on privacy

Chrome
- google ID ? true or fairy tale?

Edge
- Smartscreen full URL check
 
Last edited:

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
I tend to trust MS more than Google, Edge regardless of updates is my favourite browser by a fair margin - Opera, nice browser, though what their devs do & what I want are going in opposite directions, I dislike the GUI & that matters to me, as I have to look at it a lot :p
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,701
I tend to trust MS more than Google, Edge regardless of updates

Same for me.

@Lenny_Linux I just don't see any advantage to Chrome at all. Smartscreen over GSB any day. SS full URL doesn't make any difference as they aren't collecting the data. De-elevate at launch is on by default and has been for some time. Bottom line: Google's driving force is data collection whereas it's only part of what M$ does.
 
  • Like
Reactions: Protomartyr

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@Bryan320, @oldschool, @Cortex

Putting your eggs in several baskets (don't know whether this dutch saying translates well) helps to prevent all your data being gathered by the one of the big data sellers (FAANG/MAAAF).

The delay in updates of Edge-chromium can be compensated with Windows Defender Exploit Protection. WDEP also works when you use a third-party anti-virus. Enabling Code Integrity Guard (of WDEP) only works well, when the 3p-AV does not hook the browser (because Code Integrity Guard will block this DLL). Kaspersky Free Cloud for instance does not hook the browser.

When you add WDEP features for MsEdge.exe (you can add more as @Umbra posted)
- block low integrity images
- block remote images
- enable code integrity guard
- disable extension points
- enable validate image dependency integrity
 
Feb 8, 2020
46
@Bryan320, @oldschool, @Cortex

Putting your eggs in several baskets (don't know whether this dutch saying translates well) helps to prevent all your data being gathered by the one of the big data sellers (FAANG/MAAAF).

The delay in updates of Edge-chromium can be compensated with Windows Defender Exploit Protection. WDEP also works when you use a third-party anti-virus. Enabling Code Integrity Guard (of WDEP) only works well, when the 3p-AV does not hook the browser (because Code Integrity Guard will block this DLL). Kaspersky Free Cloud for instance does not hook the browser.

When you add WDEP features for MsEdge.exe (you can add more as @Umbra posted)
- block low integrity images
- block remote images
- enable code integrity guard
- disable extension points
- enable validate image dependency integrity

The data collected from localhost is the least of your concerns.

Your most valuable data is already out there sitting on government, medical and retail organization services. And all those servers are being hacked.
 
  • Like
Reactions: codswollip

polishpatriot

Level 2
Feb 4, 2020
86
Your data maybe, my data certainly isn't.

You were born, right ? You have a birth certificate ? Then your personal data resides on some government owned or subcontracted server. And that is just the start.

Please dont' try your nonsense with me. I think you deliberately come here and post provocative stuff. I've seen your posts. And I've seen your statements about your so-called "security." Oh, please.
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
I edited my Chrome vs Edge privacy & security post

I had submitted to Microsoft that the Site Permission "ask / block file edit" was missing.

Last Thursday I received a mail (but my ISP decided it was SPAM, that is why I had not noticed it) that they combined this Site Permission with the Downloads setting.

When you disable the "Ask where to save each file before downloading" Chromium-edge sets the "file editing" site permission to deny automatically. So the site-permission setting (in the user interface) is omitted, not the protection


You can check it your self by trying to save a website page or a settings file of an extension outside your downloads folder. You get an "File not found" error (because Edge does not grants file write permission to that folder).

(y)(y)(y)
 
Last edited:

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
:LOL::LOL:

But there is no remedy for this.
Unless you live like a castaway on a deserted island.

Instead, limiting the privacy of your online activity is possible and desirable.
I'm going to lunch which is better ......
Good day.
 

polishpatriot

Level 2
Feb 4, 2020
86
:LOL::LOL:

But there is no remedy for this.
Unless you live like a castaway on a deserted island.

Instead, limiting the privacy of your online activity is possible and desirable.
I'm going to lunch which is better ......
Good day.

That's the whole point. Putting a lot of effort into securing localhost is a waste of time. Your most valuable data is already out there. Hackers are not wasting their time to breach your localhost. They are focused on stealing your data residing on third party systems.

An infected localhost is the least of your problems. Because of the way IT works, there are much more serious problems out there threatening your privacy, your anonymity and especially your financial accounts.

@Sampei Nihira 's valuable personal data is distributed across the entire world... residing on 3rd party servers... and someone out there is in the process of stealing it... and there is nothing that @Sampei Nihira can do to stop it.
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
The data collected from localhost is the least of your concerns.

Your most valuable data is already out there sitting on government, medical and retail organization services. And all those servers are being hacked.
Medical: In Netherlands you give permission to share your data on a case by case basis

Retail: I am not participating with any customer loyalty program. I use two browsers (Opera and Edge) and two OS-ses, In two months time I will have a bachelor in digital marketing and I am working part-time already, so for my personal data I try to make it as hard as possible to construct a detailed profile out of the big data trail I leave behind while surfing.

Not recovered from 0-2 defeat against Burnley FC are you? o_O

That's the whole point. Putting a lot of effort into securing localhost is a waste of time. Your most valuable data is already out there. Hackers are not wasting their time to breach your localhost. They are focused on stealing your data residing on third party systems.

It is the same with money, because banks get robbed you don't have to watch or protect your money either. Resistance is futile. :ROFLMAO:
 

polishpatriot

Level 2
Feb 4, 2020
86
It is the same with money, because banks get robbed you don't have to watch or protect your money either. Resistance is futile. :ROFLMAO:

That's why I say that these sites aren't really about security. They'e about a group of people that just want to play with softs. The most dangerous threat is not against one's local devices. It is the threat against their data out in the ether. So expending lots of effort to lock down a local host really is wasted effort for most people. Installing a decent anti-virus or internet security suite is sufficient. Learning how to manage one's money and financial accounts so that they don't get wiped-out by an attack - now that is much more important than obsessing about and building the PC fortress. What I am saying is irrefutable fact.
 
F

ForgottenSeer 823865

Learning how to manage one's money and financial accounts so that they don't get wiped-out by an attack - now that is much more important than obsessing about and building the PC fortress. What I am saying is irrefutable fact.
golden rule.

Most friends i had having issues with hacking are now living peacefully since i gave them a checklist on how to have proper security habits.
no need KIS, ESET or any anti-exe that lock the system when online...
WD + safe habit is what they run, not heard any issues anymore from them.
As an old sage said: "knowledge is power, the best tool will fail in the hand of the non-initiate"
 

Marko :)

Level 24
Verified
Top Poster
Well-known
Aug 12, 2015
1,315
Chrome vs Edge 2-2 on security & privacy, a draw when you ask me slight advantage on points for Edge-chromium

All things being equal except ....

Chrome vs Edge on security

Chrome
+ site permission option to block file access
+ block unsecure downloads EDIT
+ Google safe browsing

Edge
+ edge flag to de-elevate on start
+ block PUP's downloads
+ Edge Smartscreen

Chrome vs Edge 2-2 on privacy

Chrome
- google ID ? true or fairy tale?

Edge
- Smartscreen full URL check
Chrome does block malicious downloads. In fact, it has malware scanner integrated too.

What do you mean by "Google ID"? Google SafeBrowsing works by downloading a list containing malware URLs and Chrome matches URLs locally, on device. It doesn't send any data to Google about visited websites. Part of URL and hashed is sent to Google only when malicious URL is detected; even then, Google has no way of knowing what website did you visit.

If you don't sign in to Chrome and turn off everything related to Google's services, it won't send any data. Here is Chrome's privacy policy; it's well written and it's easy to understand.
 
Last edited:
  • HaHa
Reactions: ForgottenSeer 85179

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top