浏览器是与Internet(Internet)其余部分的主要连接源。任何(Any)漏洞如果被发现,都会极大地破坏其效用。因此,浏览器开发人员更关注其安全功能。在网站上呈现动态内容所需的JavaScript和ActiveX控件等控件比任何其他内容更容易受到恶意攻击。Microsoft Edge Chromium承诺在所有这些方面提供更好的安全性和名义上的安全标准。
Microsoft Edge浏览器中的安全功能
新浏览器继续使用相同的Microsoft Edge名称,但为用户提供更好的安全性:
- 微软智能屏幕
- Microsoft Edge中的跟踪预防
- 沙盒化边缘
- 管理 Edge Chromium 扩展
- 不支持ActiveX控件和BHO(BHOs)
进一步阅读详细说明。
1]微软智能屏幕
虽然Chrome和大多数基于 Chromium 的浏览器使用 Google 的安全浏览(Safe Browsing)安全功能来确保安全,但Microsoft Edge依赖于 Microsoft 的Windows Defender SmartScreen安全功能
SmartScreen在保护(SmartScreen)Edge用户免受网络钓鱼攻击方面发挥着重要作用。如何?它对网站、用户尝试访问或打开的网站执行信誉检查。如果网站没有被标记,SmartScreen会让访问者连接到它,但是,如果它发现任何可疑的东西,就会闪现警告消息。此外,SmartScreen集成到Windows 10 shell 中也是有原因的。一些应用程序尝试绕过浏览器路由自行连接到网站。 Windows 10 Shell中的SmartScreen可防止Edge 和其他应用程序采用这种危险的路线。它确保在用户可以访问之前筛选这些网站和应用程序。
如果需要,可以通过设置轻松禁用Microsoft SmartScreen 。
2] Microsoft Edge(Microsoft Edge)中的跟踪预防
许多网站依靠跟踪器来收集和存储有关您的浏览行为的数据。一些跟踪器甚至跨多个站点收集有关您的数据。新的Microsoft Edge可让您检测和阻止此类已知跟踪器。事实上,浏览器允许您配置应该阻止哪些跟踪器。默认情况下,提供 3 个级别的跟踪预防。所有这些都可以阻止有害的跟踪器。
- 基本 -阻止(Blocks)检测为加密或指纹识别的跟踪器。启用了旨在个性化内容和广告的跟踪器。
- 平衡 -(Balanced –)默认选择,因此推荐配置!它主要保护您免受潜在有害的跟踪器和来自您未访问过的站点的跟踪器的侵害。
- 严格(Strict)- 此选项阻止大多数跟踪器并干扰某些网站的打开,可能导致它们的行为不符合预期。例如,视频可能无法播放,或者您可能无法登录。
阅读(Read):如何在 Microsoft Edge 中使用 Super Duper 安全模式(Super Duper Secure Mode in Microsoft Edge)。
3] 沙盒化边缘
沙盒(Sandbox)的概念就像一个“围墙花园”,即服务受到限制的受限范围。浏览器(Browser)沙盒通过防止网站托管恶意代码来帮助您保护您的计算机免受浏览的副作用。因此,如果一个网站有意或无意地下载了任何恶意代码,它就会被下载到计算机的沙箱部分。当沙箱关闭时,其中的所有内容都会自动擦除(包括恶意代码),就像一张白纸一样。大多数主流浏览器都带有自己的沙箱(browsers come with their own sandboxes),以确保您的计算机更安全。Edge也支持这个!
当您启动Windows 10 Sandbox时,您将获得一个只有回收站(Recycle Bin)和Edge快捷方式的新桌面。它显示开始菜单(Start Menu)和其他图标,但它们在这个沙盒操作系统中并不能真正工作。您可以在主Windows 10而不是沙盒Windows 10中打开它们。
在这里,您可以从这个沙盒化的 Windows 10 环境中启动Edge,以便以最大的安全性进行浏览。当您禁用此环境时,没有人可以追踪您在Internet上的活动。您的ISP可能会创建一份您所做操作的日志,但没有人可以访问您在沙盒中使用Edge执行的活动。(Edge)与其他数据一样,如果任何网站将恶意软件下载到您的系统,当您关闭沙箱时,该恶意软件也会消失。
阅读(Read):如何在 Microsoft Edge 中配置跟踪和隐私设置(configure Tracking & Privacy Settings in Microsoft Edge)。
4] 管理Edge Chromium扩展
由于 Chromium 版本的Edge 允许 Chrome 扩展(Edge allows Chrome extensions),因此在将系统连接到网络时保护系统变得至关重要。确保这一点的最简单方法是管理它们。新的Edge浏览器包含设置ExtensionInstallAllowlist,可以通过组策略(Group Policy)启用或添加到注册表(Registry)设置以设置您在公司中批准的那些扩展。
检查并了解应该允许哪些浏览器扩展,哪些不允许,将帮助您确保网络安全。因此,请提前计划审查和批准允许的扩展。(Plan)
5] 不支持ActiveX控件和BHO(BHOs)
最后,Microsoft Edge不支持ActiveX控件和Silverlight或Java等BHO(BHOs)。不过,如果您希望运行使用ActiveX控件、与 x-ua 兼容的标题或旧文档模式的 Web 应用程序,有一个简单的解决方法。您需要在IE11中运行它们。IE11提供额外的安全性、可管理性、性能、向后兼容性和标准支持。
相关阅读(Related read):Edge 浏览器中的隐私和安全设置。(Privacy and Security Settings in Edge browser.)
帖子于(Post)2020 年 1 月(Jan 2020)更新以涵盖Edge(Chromium)。
Security features in Microsoft Edge browser for Windows 10
A browser is the source of primary сonnection to the rest of the Internet. Αny vulnеrability, if discоvered, can greatly undermine its utility. As ѕuch, browser develoрers focus more on its security features. Controls like JavаSсript and ActiveX controls required for rendering dynаmic content on websites are morе susceptible to maliсious attacks than any other content. Microsoft Edge Chromium promises to offer better security and nominal safety standards on all these fronts.
Security features in Microsoft Edge browser
The new browser continues to carry the same Microsoft Edge name but offers better security for users:
- Microsoft SmartScreen
- Tracking prevention in Microsoft Edge
- Sandboxing the Edge
- Managing Edge Chromium extensions
- No support for ActiveX controls and BHOs
Read further for the detailed description.
1] Microsoft SmartScreen
While Chrome and most Chromium-based browsers use Google’s Safe Browsing security feature for security, Microsoft Edge relies on Microsoft’s Windows Defender SmartScreen security feature instead
SmartScreen plays an important role in protecting Edge users from phishing attacks. How? It performs a reputation check for the websites, users are trying to visit or open. If the website is not flagged, SmartScreen lets visitors connect to it but, if it finds anything suspicious, a warning message is flashed. Also, SmartScreen is integrated into Windows 10 shell for a reason. Some apps try to connect to websites on their own, bypassing the browser route. SmartScreen in Windows 10 Shell prevents Edge and other apps from adopting such a treacherous route. It ensures these websites and apps are screened before users can have access to it.
If required, Microsoft SmartScreen can be disabled easily via settings.
2] Tracking prevention in Microsoft Edge
Many websites rely on trackers to gather and store data about your browsing behavior. Some trackers even collect data about you across multiple sites. The new Microsoft Edge lets you detect and block such known trackers. In fact, the browser lets you configure which trackers should be blocked. By default, there are 3 levels of tracking prevention offered. All of them can block harmful trackers.
- Basic – Blocks trackers detected as cryptomining or fingerprinting. Trackers that intend to personalize content and ads are enabled.
- Balanced – Selected by default and so recommended configuration! It mainly protects you from potentially harmful trackers and trackers from sites you haven’t visited.
- Strict – This option blocks the most trackers and interferes with the opening of some websites, likely causing them to not behave as expected. For example, a video might not play, or you might not be able to sign in.
Read: How to use Super Duper Secure Mode in Microsoft Edge.
3] Sandboxing the Edge
The concept of Sandbox is like a ‘WALLED GARDEN’ i.e. a restricted range to which service gets limited. Browser sandboxing helps you protect your computer from the side-effects of browsing by preventing websites from hosting malicious code. So, if a website knowingly or unknowingly downloads any malicious code, it gets downloaded to the sandbox part of the computer. When the sandbox is closed, everything inside it is automatically wiped off and erased (including the malicious code) like a clean slate. Most mainstream browsers come with their own sandboxes to keep your computer safer. Edge too supports this!
When you start the Windows 10 Sandbox, you will get a new Desktop with only Recycle Bin and Edge shortcut. It shows Start Menu and other icons, but they don’t really work in this sandboxed operating system. You can open them in the main Windows 10 instead of sandboxed Windows 10.
Here, you can start Edge from this sandboxed Windows 10 environment for browsing with maximum security. When you disable this environment, no one can trace your activity on the Internet. Your ISP may create a log of what you did but no one can have access to the activities you performed using Edge in the sandbox. As with other data, if any website downloads malware to your system, the malware too would vanish when you close the sandbox.
Read: How to configure Tracking & Privacy Settings in Microsoft Edge.
4] Managing Edge Chromium extensions
Because the Chromium version of Edge allows Chrome extensions, it becomes essential to protect systems when you connect them to a network. The simplest way to ensure this is to manage them. The new Edge browser includes the setting ExtensionInstallAllowlist, which can be enabled through Group Policy or added to the Registry setting to set those extensions you approve in your firm.
Checking and understanding which browser extensions should be allowed and which not, will help you keep your network safe and secure. So, Plan ahead to vet and approve allowed extensions.
5] No support for ActiveX controls and BHOs
Lastly, Microsoft Edge doesn’t support ActiveX controls and BHOs like Silverlight or Java. Still, if you wish to run web apps that use ActiveX controls, x-ua-compatible headers, or legacy document modes, there’s a simple workaround. You’ll need to run them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and standards support.
Related read: Privacy and Security Settings in Edge browser.
Post updated in Jan 2020 to cover Edge (Chromium).