Microsoft hopes to make Edge the most secure browser and reports the browser contains significantly less vulnerabilities than Chrome and Firefox on Windows. To make the browser even more secure the company will add a new security measure that should provide "unprecedented protection".
While the company stresses that no browser is free of vulnerabilities, it also reports that there are no known zero-day attacks on Edge. That in contrary to Internet Explorer for which regularly zero-day exploits were released.
However, Microsoft increasingly finds that organisations become victims of targeted attacks, where attackers are crafting specialized attacks against a particular business, attempting to take control of corporate networks and data.
To also protect against these attacks, Microsoft introduced Windows Defender Application Guard for Windows 10 Enterprise earlier this week. This measure, that should provide "unprecedented protection" uses container technology to run Edge when an user visits an unknown or untrusted website.
Microsoft explains, "Application Guard creates a new instance of Windows at the hardware layer, with an entirely separate copy of the kernel and the minimum Windows Platform Services required to run Microsoft Edge. The underlying hardware enforces that this separate copy of Windows has no access to the user’s normal operating environment."
The separate copy made by Application Guard has no access to local storage, installed applications, network endpoints, credentials and other resources that might be of interest to an attacker. When the user closes Edge, the copy made by Application Guard is automatically removed.
Even when an attacker successfully performs an attack against Edge, there is no threat, because he is unable to break out the container, according Microsoft. And because the container is removed when the user closes Edge, there is no permanent access to the system.
To make sure users don't notice any performance hog, Microsoft uses its own Hyper-V virtualisation platform and loads the minimum Windows Platform Services required to run Edge.
Application Guard will first become available to Insiders the coming months, later it should become available on a larger scale.
