Microsoft’s Edge Vulnerability Team is experimenting with a new “Super Duper Secure Mode” that goes against standard browser practices to significantly boost web security. And while this new “Secure Mode” may sound like a feature for overly-concerned IT departments, it could one day become the default setting for all Edge users. So how does it work?
Not only that, but the JIT compiler prevents browser developers from enabling powerful security protocols like Intel’s Controlflow-Enforcement Technology (CET) and Microsoft’s Arbitrary Code Guard (ACG). The benefits of disabling JIT are stunning—according to the Edge Vulnerability Team, doing so makes all browser vulnerabilities more difficult for hackers to exploit.
This reduction in attack surface kills half of the bugs we see in exploits and every remaining bug becomes more difficult to exploit. To put it another way, we lower costs for users but increase costs for attackers.
The Edge Vulnerability Team’s tests confirm that “Super Duper Secure Mode” often has a negative impact on browsing speed, especially page load times. But to be fair, a 17% average regression in load times isn’t all that bad. And in some cases, disabling JIT actually had a positive impact on memory and power usage.
Microsoft’s “Super Duper Secure Mode” clearly needs to overcome some technical hurdles, but the Edge team is probably up to the task. In time, the “Super Duper Secure Mode” could become the default for all users, as its security benefits are just too hard to ignore. Not to mention, it could reduce the frequency of security updates, which are annoying to both individuals and businesses.
But “Super Duper Secure Mode” is just an experimental feature, for now. Those who want to test it must download the latest Microsoft Edge preview release (Beta, Dev, or Canary) and type edge://flags/#edge-enable-super-duper-secure-mode in their address bar.