Re: MS is secure?
The question you should be asking is why is Google Safe Browsing used by Chrome and FF worse than MS' version.
Microsoft may have taken the decision to ditch the Edge's browser engine for Google's Chromium too soon. According to the Security Council of Certificate Authorities (CASC), the current Edge browser is in fact the fastest and more secure browser on the market when it comes to identifying and blocking dodgy websites. The CASC …
This post has been deleted by its author
>You still have nothing to lock down JavaScript.
Just need to run the latest version:
uBlock Origin gets option to block all JavaScript execution by default
Mind you, one of the reasons why I liked Agnitum Outpost (support finished in March 2017), was it gave reasonably fine grain control over content with both global and per website rules; unfortunately, easy access (ie. taskbar icon) to the controls was only available through the IE add-on, which wasn't developed beyond IE6/8...
So I expect the uBO global JavaScript lock to be enhanced so that it can be set on a per website.
The supplementary question is why has MS SmartScreen (used by IE/Edge) consistently performed better than Google’s Safe Browsing API (used by Chrome, Firefox, Safari, Opera, Vivaldi as well by other Google services such as Gmail) in the NSS Lab tests for some years now. Given both services are effectively cloud-based blacklists of dodgy URLs and files, would seem to indicate differences in the way these lists are maintained and updated.
It would be interesting if NSS Labs also did a comparative test using some of the safe browsing add-ins from the established AV vendors and third-parties which also check URLs against cloud-based blacklists.
But if you believe in security in depth, you will also be using services such as Cyren's GlobalView.
>I still don't see how detecting phishing sites is seen purely as a function of the browser.
Agreed, however, the need for better in-browser security is now obvious. The only debate is whether the security should be baked in or provided by third-party add-ons. Yandex spotted this need a few years back and bought out Agnitum so that security could be built into the Yandex browser.
Given the Agnitum ImproveNet, it would be interesting to see the Yandex browser included in the NSS Lab tests.
A separate module, hopefully not super-glued into the previous architecture. I have my doubts though.
Would the architects have ever thought they'd change out Microsoft's renderer for Chromium's? Would they have spent the time to make that possible? *THAT* is where we can well imagine past/present/future fits of HAHAHahahahahaha....
Cookies
And when the hell are the EU going to step in and sort the fucking mess their cookie legislation has caused? Huge numbers of pages when visited put a damned great splash screen over their whole content demanding you accept all cookies because they are all essential to the experience.
The EU law should insist that the webpage displays all content regardless of cookies and you should have to opt in to cookies from an option taking up less than 1% of the screen real estate.
The EU didn't mandate that the user experience was fucked up. Plenty of sites manage to pop up a little opt in dialogue. The EU legislation says that sites aren't allowed to track you without your consent.
The sites that behave badly are trying to get people to complain about the legislation because they want to be able to track you without your active consent.
Seems to be working.
I prefer a solution along the lines of "treat all cookies as session cookies" because it is a setting the user can control by selecting a functional browser rather than relying on the state to hunt down and fine people who continue to track users who tick a "do not track" box on an html form.
There is still an advantage to the EU version. If the "I agree to cookies even though I do not want them" button covers the entire screen then I take it as a signed statement from the site management that they are a bunch of arse holes. I simply close the tab and try the next link down on the search results.
"Security and privacy are different things"
Quite right; but ignorance is bliss, and the experience must be blissful. As a previous poster indicated, they don't understand trusted roots and signing. Of course not--that's all in the cloud, isn't it? [1]
As Microsoft (and other USAian tech companies) _introduced_ viruses I don't see why they should be allowed to state that things like 'safescreen' are for our benefit. They only exist because of shit decisions in the first place.
Can I think of something better? Sure, but it ain't gonna be eye-candy. And that's why I won't compete.
[1] Surely a 'safe' browser should inform you every time the list of roots changes?
Microsoft switch to Chromium guts doesn’t negate their efforts to stop phishing.
It’s more like swapping out your cars engine, but keeping your premium tires.
The Edge browser of the future will still look for ways to differentiate itself. It won’t be Chromium with an Edge sticker slapped on it...
Technically speaking, it's only correct twice a day if you only look at it twice a day when the current time is exactly equal to the time the clock is displaying. If you look at it at any other time then it's wrong for each of those times.
Additionally, if you only look at it when it is correct you clearly know what time it is already, so why are you wasting time looking at a broken clock?
Finally, is it beer-o-clock yet? :)
Quite a few points diference on phishy flagging so maybe all the Windows data slurp has some use in helping them spot phishing sites better
My main concern with browsers is ability to install addons to protect my privacy / increase my security as malware laden ads my main concern as they can occur on "legit" sites.
Most browsers seem to be making it harder and harder to do basics e.g. granular cookie & JS permissions without having to use an addon / tinker with "here be dragons" config files.
A useful study would be what browser is best with appropriate "lockdown" tools added.
It's arguable that certificate authorities themselves are responsible for the move to auto-generated certificates. These don't say anything about person that generated them but then they don't have to, they provide a validated public key for encryption.
But years of high prices and synthetic restrictions (one certificate per ip address) didn't stop the fraudsters or, worse, traffic hijacking.
This post has been deleted by its author
"To be honest I cant see how anyone can claim edge is fastest"
Because it is faster at pretty much any aspect of browsing - I can launch a page on both Chrome and Edge and Edge is noticeably quicker. Especially for loading script heavy sites for of shiteware like the Daily Telegraph. The web benchmarks generally show this too.
Windows Phone also had various security reviews by whitehats that stated that it was more secure by design and implementation than Android and IOS.
Seeing as the design wasn't available in detail, it's difficult to see how this could be reasonably assessed. Some versions (and there were enormous technical differences between them) did, however, appear to fare well in tests.
If it’s correct that Edge does well on security then it might do well when it adopts the chromium engine. Edge has been amazingly poor in the rendering stakes. If the security is still going to introduce unacceptable waiting for web pages nobody will use it.
I do not care that it is the fastest. I do not care if it is the safest. If I cannot understand how to use it, then nothing else matters. The UI in Edge is illogical and confusing. To me, this is like a car dealer telling you how safe the vehicle is while you are trying to figure out how to drive the car. I would be more than happy to use Edge if, and only if, the user interface was logical and easy to understand. But it is not. And given how Windows 8 then 10 was designed and how Office was designed, I seriously doubt Microsoft will create a browser that has a proper UI.
RE: "The UI in Edge is illogical and confusing. "
I don't see how. It all seems to make total sense to me. But then 99% of the time I use "Back", address entry, close tab and new tab. What's illogical or confusing. I generally want to know. Speed is an issue to me.
But more importantly....
Backspace to go back a page works without an addon.
"I do not care that it is the fastest. I do not care if it is the safest. If I cannot understand how to use it, then nothing else matters."
I don't find Edge confusing, just very unpleasant and hard to use (I feel similarly about Chrome, but to a lesser degree). But otherwise I agree -- if a browser is unpleasant or hard to use, then its speed or security isn't important because I won't be using it anyway.
We get a lot of phishing emails come through at work that go in the junk folder. Now and then I'll check at 365 end and grab a few, stick them in a VM and click the links.99% of the time Chrome and Firefox warn the sites are phishing sites. Pretty much every time IE and Edge give no.such warning and the site loads allowing you to be easily phished. So its far from being secure.
Nothing of what has been brought forward in this article in terms of Edge being better than the rest is affected by the change in redenring engine. Did I miss anything, el Reg ?
In my experience, Edge is noticeably slower than any browser I have used, except IE 6 ... YMMV.
.deb
packages