Microsoft is slowly leaking details of the new operating system and browser that will arrive on users’ desktops later this year. Last week Windows 10 was in the spotlight. This week its the turn of the Edge browser.
In a blog posting Monday the development team said “we want to fundamentally improve security over existing browsers and enable users to confidently experience the web from Windows. We have designed Microsoft Edge to defend users from increasingly sophisticated and prevalent attacks.”
The blog is an expansion of some of the details outlined last week at the Microsoft Edge conference. The methods include:
—64-bit by default. 64-bit processes in general, and browser processes in particular, get significant security advantages by making Windows ASLR (Address Space Layout Randomization) stronger, says Microsoft.
ASLR makes it harder to inject malicious code in the browser process through a coding bug by randomizing the memory layout of the process, making it hard for attackers to hit precise memory locations. In turn, 64-bit processes make ASLR much more effective by making the address space exponentially larger, making it much more difficult for attackers to find the sensitive memory components they need.
(Here’s a video Microsoft released on the browser)
—Two new defences against memory corruption: MemGC (Memory Garbage Collector) is a memory garbage collection system that seeks to defend the browser from UAF (Use-after-free) vulnerabilities by taking responsibility for freeing memory away from the programmer and instead automating it, only freeing memory when the automation has detected that there are no more references left pointing to a given block of memory.
Another is Control Flow Guard. In memory-corruption the attacker wants to gain control of the CPU program counter, and jump to a code location of the attacker’s choice. CFG (Control Flow Guard) is a Microsoft Visual Studio technology that compiles checks around code that does indirect jumps based on a pointer, restricting these jumps to only jump to function entry points that have had their address taken. This makes attacker take-over of a program much more difficult by severely constraining where a memory corruption attack can jump to, Microsoft says.
—Defences against hacking: First, Microsoft [Nasdaq: MSFT] says it has rewritten the rendering engine for Edge to include a major overhaul of the DOM representation in the browser’s memory, making the code more resistant to “burglar” attacks that attempt to subvert the browser.
Second, there is no support for dangerous extensions that hackers have been taking advantage of, including VML, VB Script, Toolbars, BHOs, or ActiveX. Instead Microsoft is developing a new HTML/JS-based extension model. That will be a concern to developers of applications with those controls, but Microsoft says it will soon offer migration guidance.
The largest change in Edge security, Microsoft says, is that the new browser is a Universal Windows app. “This fundamentally changes the process model, so that both the outer manager process, and the assorted content processes, all live within app container sandboxes.”
There have been sandboxes — called protected mode — since IE7. Edge runs its content processes in app containers, not just as a default, but all the time.
How long will it take for attackers to subvert these changes? They always find a way, although it is my suspicion that stealing credentials will at least for the short term be the preferred strategy. Still, any improvement in the security chain is welcome.