Over the past few weeks or so, I have been confronted with situations where a malicious website has locked my browser and declared, in loud spoken words, that my computer was "infected" with a serious virus. The voice also claimed to be Microsoft speaking directly to me with a plan to correct the problem. Of course, I knew it was bogus right away, but when it happened to my sister-in-law, she didn't. Fortunately, she called me before getting herself into trouble.
Both these instances occurred after searching for a familiar website in a search engine using a misspelled word. We have all done it--mistype a search term and then click the first link in the results without looking at it because that is where the "right" link is always located. The criminals count on this common human behavior and exploit it.
These incidents got me thinking about my current choice of web browser. I have been using Chrome as my primary browser for years now, but perhaps it is time to make a change. Microsoft has been working hard on Edge security, so it is time to take another look at their Windows 10 browser.
All modern web browsers attempt to isolate code execution by running applications within a browser initiated and controlled sandbox. The idea is that if anything bad happens it will only affect the sandbox and the rest of the system will be safe. This concept works really well for rendering web pages. But sometimes a website needs to use applications or peripherals outside the sandbox. This is where the trouble begins.
With the release of Windows 10 Creators Update in 2016, the Microsoft Edge browser has implemented a security strategy that significantly reduces available system privileges. In other words, the ability of code operating in the Edge sandbox to access applications and peripherals outside the sandbox is greatly limited and controlled. The standard configuration is to deny by default all requests to access systems outside the sandbox.
I know that sounds like a simple solution, but it is an important step toward better overall browser security. The criminal element will exploit any security vulnerability to gain access, no matter how small, so it is best to restrict access to as many services outside the sandbox as possible.
Of course, this restricted access will not prevent every line of attack--that is not possible. But it will make malicious criminals work harder and spend more resources on gaining illegal access. When it comes to secure web browsers, we are essentially fighting a war of attrition.
I gave the Edge browser a try when it was first released but rejected it because it was noticeably slower loading web pages than Chrome. Now that it has had time to mature, I plan to give Edge another look. There are some annoying quirks in Chrome that crop up from time to time and I want to give a different browser a chance to be my primary choice.
I know Edge won't solve the problem of fake websites trying to extort money from me because my computer is "infected," but I like the fact the Microsoft is putting time and effort into making its Windows 10 browser as safe and secure as possible. Besides, it is good to change things up from time to time--stagnation is not a strategy.
- Windows 10: Explore the new Start menu and other changes in the Creators Update
- Microsoft Edge used to escape VMware Workstation at Pwn2Own 2017
- Windows 10 Creators Update in the homestretch: Here's what's next
- Windows 10: The smart person's guide
- Microsoft: We've got 10 million Insiders testing Windows 10 to keep bugs at bay
What is your current web browser of choice? Have you tried Edge lately? What did you think? Share your advice and opinions with your peers at TechRepublic in the discussion thread below.