Test “Super Safe Mode” in Microsoft Edge Ahead of Time

Microsoft is testing “Super Duper Secure Mode” (or SDSM) for the Edge browser, which aims to curse all browser security: Javascript. Specifically, enabling SDSM mode disables the Just-In-Time (JIT) Javascript compilers that websites use to optimize the Javascript code that runs on the page. JITs improve page loading speed and browser performance, but hackers have been known to exploit them. Therefore, the Microsoft Edge vulnerability research team decided to disable JIT entirely and found that it eliminated almost half of the bugs that needed fixing. By disabling JIT, several other security features can be enabled, including Control Flow Guard (CFG), Controlflow-Enforcement Technology (CET), and Arbitrary Code Guard (ACG), each of which adds even more protective layers to retain users (and their data ) in safety.

But the situation is getting better: with fewer bugs, users won’t have to install security updates or emergency patches almost as often.

So if disabling Javascript compilers improves security so much, why are they enabled at all? The short answer is performance: while JITs are vulnerable, they are widespread due to their perceived advantage for viewing speed.

Microsoft is testing the impact of disabling JIT on user experience, and its initial results do show random bumps on page load, memory usage, and device power consumption, although it actually improved browser startup times.

Since SDSM is currently in the testing phase, it is possible that those who try it will experience other bugs and performance issues, but Microsoft is looking to improve stability and improve the additional protection mode in the coming months.

Oh, and the research team says they might drop the name, but I kind of hope they keep it.

How to enable Super Duper Secure mode in Microsoft Edge now

If you’d like to try Microsoft edge’s Super Duper Secure Mode, download one of the EdgeInsiderbuildsfor Windows and enable it in the experimental flags menu. It is available in Beta, Dev and Canary versions and will move to stable in the future (Microsoft also plans to bring it to Mac and Android at some point). Thereafter:

  1. Launch your browser then navigate to edge: // flags
  2. Use the search bar to find “Super Duper Secure Mode”.
  3. Enable the flag, then restart your browser when prompted.
  4. After restarting, Edge will enter Super Duper Secure mode.

[ OnMSFT ]

More…

Leave a Reply