back to article The fastest, most secure browser? Microsoft Edge apparently

Microsoft may have taken the decision to ditch the Edge's browser engine for Google's Chromium too soon. According to the Security Council of Certificate Authorities (CASC), the current Edge browser is in fact the fastest and more secure browser on the market when it comes to identifying and blocking dodgy websites. The CASC …

  1. This post has been deleted by its author

    1. Dan 55 Silver badge

      Re: MS is secure?

      The question you should be asking is why is Google Safe Browsing used by Chrome and FF worse than MS' version.

      1. Anonymous Coward
        Anonymous Coward

        Re: MS is secure?

        "why is Google Safe Browsing used by Chrome and FF worse than MS' version"

        They don't steal your private data and use it for other purposes... *as much*

      2. Anonymous Coward
        Anonymous Coward

        Re: MS is secure?

        Edge has always managed to be noticeably faster than Slurp's Chrome whilst at the same time using fewer resources. Now that U-Block Origin and Ghostery are available as addins, Edge is my primary browser.

        1. Pascal Monett Silver badge

          Re: "Now that U-Block Origin and Ghostery are available as addins, Edge is my primary browser"

          You still have nothing to lock down JavaScript. You need to look into that.

          1. Roland6 Silver badge

            Re: "Now that U-Block Origin and Ghostery are available as addins, Edge is my primary browser"

            >You still have nothing to lock down JavaScript.

            Just need to run the latest version:

            uBlock Origin gets option to block all JavaScript execution by default

            Mind you, one of the reasons why I liked Agnitum Outpost (support finished in March 2017), was it gave reasonably fine grain control over content with both global and per website rules; unfortunately, easy access (ie. taskbar icon) to the controls was only available through the IE add-on, which wasn't developed beyond IE6/8...

            So I expect the uBO global JavaScript lock to be enhanced so that it can be set on a per website.

      3. Roland6 Silver badge

        Re: MS is secure?

        The supplementary question is why has MS SmartScreen (used by IE/Edge) consistently performed better than Google’s Safe Browsing API (used by Chrome, Firefox, Safari, Opera, Vivaldi as well by other Google services such as Gmail) in the NSS Lab tests for some years now. Given both services are effectively cloud-based blacklists of dodgy URLs and files, would seem to indicate differences in the way these lists are maintained and updated.

        It would be interesting if NSS Labs also did a comparative test using some of the safe browsing add-ins from the established AV vendors and third-parties which also check URLs against cloud-based blacklists.

        But if you believe in security in depth, you will also be using services such as Cyren's GlobalView.

  2. Anonymous Coward
    Anonymous Coward

    I feel the good in you

    Specifically, Edge does some things very well.

    In general, not so much.

    1. tfewster
      Meh

      Re: I feel the good in you

      Agreed, as long as Microsoft focus on something, they can do it very well. Such as integrating Office app functions, and creating a consistent layered UI to hardware model in the 90s.

      When they lose focus, they become -->

      1. Tigra 07
        Facepalm

        Re: tfewster

        "Agreed, as long as Microsoft focus on something, they can do it very well"

        Maybe Edge still gets quality control from Microsoft? Windows 10 certainly doesn't.

        1. AMBxx Silver badge

          Re: tfewster

          I still don't see how detecting phishing sites is seen purely as a function of the browser. No end of 3rd party products do the same thing. Even my router has a paid for option that blocks stuff.

          1. Roland6 Silver badge

            Re: tfewster

            >I still don't see how detecting phishing sites is seen purely as a function of the browser.

            Agreed, however, the need for better in-browser security is now obvious. The only debate is whether the security should be baked in or provided by third-party add-ons. Yandex spotted this need a few years back and bought out Agnitum so that security could be built into the Yandex browser.

            Given the Agnitum ImproveNet, it would be interesting to see the Yandex browser included in the NSS Lab tests.

    2. big_D Silver badge

      Re: I feel the good in you

      And it is the rendering engine side of things that is being replaced. The UI and things like the secure site validation.

    3. Anonymous Coward
      Anonymous Coward

      Re: I feel the good in you

      Edge has to be best at blocking the clingy sites; It's the primary attack surface.

  3. arctic_haze

    An article not too well researched

    Even if that is true, changing the browser engine will not change Edge's ability to block dodgy sites because it is obviously a separate module.

    1. Notas Badoff
      Joke

      Re: An architecture not too well ...

      A separate module, hopefully not super-glued into the previous architecture. I have my doubts though.

      Would the architects have ever thought they'd change out Microsoft's renderer for Chromium's? Would they have spent the time to make that possible? *THAT* is where we can well imagine past/present/future fits of HAHAHahahahahaha....

  4. sanmigueelbeer

    *cough*bullshit*cough

  5. Version 1.0 Silver badge
    Thumb Down

    JAB

    Just Another Browser ... I don't see a lot of difference between any of them, they all try and sell you on "Use Me!" and they all pass information around your back when you are not looking - "Hey little luser, want a cookie?"

    1. sabroni Silver badge
      Thumb Up

      Re: JAB

      Whenever I don't understand something I always make sure to post on the internet to make it clear that everyone knows I have no idea what I'm talking about.

    2. Dave 15

      Re: JAB

      Cookies

      And when the hell are the EU going to step in and sort the fucking mess their cookie legislation has caused? Huge numbers of pages when visited put a damned great splash screen over their whole content demanding you accept all cookies because they are all essential to the experience.

      The EU law should insist that the webpage displays all content regardless of cookies and you should have to opt in to cookies from an option taking up less than 1% of the screen real estate.

      1. caffeine addict

        Re: JAB

        less than 1% of the screen real estate.

        That'll be fun on a mobile device. On an iPhone 8 it would be less than 14 pixels high...

        1. Fungus Bob

          Re: JAB

          "On an iPhone 8 it would be less than 14 pixels high..."

          I don't have a problem with that...

      2. sabroni Silver badge
        Facepalm

        Re: JAB

        The EU didn't mandate that the user experience was fucked up. Plenty of sites manage to pop up a little opt in dialogue. The EU legislation says that sites aren't allowed to track you without your consent.

        The sites that behave badly are trying to get people to complain about the legislation because they want to be able to track you without your active consent.

        Seems to be working.

      3. Flocke Kroes Silver badge

        Re: Cookie permission screen

        I prefer a solution along the lines of "treat all cookies as session cookies" because it is a setting the user can control by selecting a functional browser rather than relying on the state to hunt down and fine people who continue to track users who tick a "do not track" box on an html form.

        There is still an advantage to the EU version. If the "I agree to cookies even though I do not want them" button covers the entire screen then I take it as a signed statement from the site management that they are a bunch of arse holes. I simply close the tab and try the next link down on the search results.

  6. JohnFen

    Does it phone home?

    If it does, then "secure" is an iffy description to apply to it.

    1. sabroni Silver badge

      Re: Does it phone home?

      When talking about whether it warns you about phishing sites? When the list of valid certificates is held outside the browser?

      It's going to have to call somewhere.

    2. localzuk Silver badge

      Re: Does it phone home?

      Conflating security with privacy is not exactly accurate.

      1. JohnFen

        Re: Does it phone home?

        Security and privacy are different things, but privacy is an essential component of security -- particularly if the software mandates phoning home, and doubly particularly of it's phoning home to a company like Microsoft/Google/Facebook/etc.

        1. #define INFINITY -1

          Re: Does it phone home?

          "Security and privacy are different things"

          Quite right; but ignorance is bliss, and the experience must be blissful. As a previous poster indicated, they don't understand trusted roots and signing. Of course not--that's all in the cloud, isn't it? [1]

          As Microsoft (and other USAian tech companies) _introduced_ viruses I don't see why they should be allowed to state that things like 'safescreen' are for our benefit. They only exist because of shit decisions in the first place.

          Can I think of something better? Sure, but it ain't gonna be eye-candy. And that's why I won't compete.

          [1] Surely a 'safe' browser should inform you every time the list of roots changes?

  7. J27

    Probably because the malware authors don't test against Edge. Not worth bothering for that tiny marketshare. I don't write malware, but we don't routinely test our web applications against Edge and no one has ever complained.

    1. sabroni Silver badge
      Thumb Up

      So you agree, it's definitely more secure because it's not targetted?

    2. veti Silver badge

      Maybe because Edge is so standards-compliant you don't even need to test specifically against it?

  8. Unicornpiss
    Thumb Down

    It still sucks donkey balls.

    The post is required, and must contain letters... Pah.

  9. Anonymous Coward
    Anonymous Coward

    False premise

    Microsoft switch to Chromium guts doesn’t negate their efforts to stop phishing.

    It’s more like swapping out your cars engine, but keeping your premium tires.

    The Edge browser of the future will still look for ways to differentiate itself. It won’t be Chromium with an Edge sticker slapped on it...

    1. redpawn

      Re: False premise

      It will be a train wreck with a Chromium engine spinning on its side.

    2. Anonymous Coward
      Anonymous Coward

      Re: False premise

      >It’s more like swapping out your cars engine, but keeping your premium tires.

      This is MS here, they can't innovate for shit. It will be Chromium just with MS's spyware added to make it MS Chrome as opposed to Google Chrome.

  10. Ken Moorhouse Silver badge

    I have a clock that tells the time correctly...

    ...twice a day. Must get a battery for it.

    1. Anonymous Coward
      Coat

      Re: I have a clock that tells the time correctly...

      Technically speaking, it's only correct twice a day if you only look at it twice a day when the current time is exactly equal to the time the clock is displaying. If you look at it at any other time then it's wrong for each of those times.

      Additionally, if you only look at it when it is correct you clearly know what time it is already, so why are you wasting time looking at a broken clock?

      Finally, is it beer-o-clock yet? :)

  11. tiggity Silver badge

    Quite a few points diference on phishy flagging so maybe all the Windows data slurp has some use in helping them spot phishing sites better

    My main concern with browsers is ability to install addons to protect my privacy / increase my security as malware laden ads my main concern as they can occur on "legit" sites.

    Most browsers seem to be making it harder and harder to do basics e.g. granular cookie & JS permissions without having to use an addon / tinker with "here be dragons" config files.

    A useful study would be what browser is best with appropriate "lockdown" tools added.

  12. Charlie Clark Silver badge

    Shock: certificate cartel doesn't like Let's Encrypt

    It's arguable that certificate authorities themselves are responsible for the move to auto-generated certificates. These don't say anything about person that generated them but then they don't have to, they provide a validated public key for encryption.

    But years of high prices and synthetic restrictions (one certificate per ip address) didn't stop the fraudsters or, worse, traffic hijacking.

    1. This post has been deleted by its author

    2. Anonymous Coward
      Windows

      Re: Shock: certificate cartel doesn't like Let's Encrypt

      "But years of high prices and synthetic restrictions (one certificate per ip address) didn't stop the fraudsters or, worse, traffic hijacking."

      High prices - check. One cert per IP? Traffic hijacking?

  13. Dave 15

    fastest???

    To be honest I cant see how anyone can claim edge is fastest, It so rarely gets to the point of a finished page before I have spun up and used chrome to get to the finished page that edge is only ever used by accident.

    Edge like windows 10 is a slow as hell crock of shit

    1. Anonymous Coward
      Anonymous Coward

      Re: fastest???

      "To be honest I cant see how anyone can claim edge is fastest"

      Because it is faster at pretty much any aspect of browsing - I can launch a page on both Chrome and Edge and Edge is noticeably quicker. Especially for loading script heavy sites for of shiteware like the Daily Telegraph. The web benchmarks generally show this too.

  14. Anonymous Coward
    Anonymous Coward

    It's secure because nobody uses it thus nobody is interested in hacking it, security by obscurity.

  15. 0laf

    Windows Phone was also very secure. It wasn't worth malcontents bothering with.

    1. Anonymous Coward
      Anonymous Coward

      "Windows Phone was also very secure. It wasn't worth malcontents bothering with."

      Windows Phone also had various security reviews by whitehats that stated that it was more secure by design and implementation than Android and IOS.

      1. Charlie Clark Silver badge

        Windows Phone also had various security reviews by whitehats that stated that it was more secure by design and implementation than Android and IOS.

        Seeing as the design wasn't available in detail, it's difficult to see how this could be reasonably assessed. Some versions (and there were enormous technical differences between them) did, however, appear to fare well in tests.

  16. Tigra 07
    Thumb Up

    Linux user

    Considering the resources of both Microsoft and Google here, i'd say this completely validates my support for Firefox. Comparable against both, but with a much smaller amount of funding. Well done Mozilla!

    1. Roland6 Silver badge

      Re: Linux user

      >Well done Mozilla! ?

      Firefox uses the Google Safe Browsing API...

      The test results show consistency across client platforms, so the difference is due to whatever is happening in the cloud, not in the client browser.

  17. JDX Gold badge

    I'm sure I definitely never had a security risk from Edge

    You know, since I never launched it

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm sure I definitely never had a security risk from Edge

      >You know, since I never launched it

      Must of loaded FF from a USB stick then.

      1. Anonymous Coward
        Anonymous Coward

        Re: I'm sure I definitely never had a security risk from Edge

        Invoke-WebRequest "https://download.mozilla.org/?product=firefox-latest&os=win64&lang=en-GB" -OutFile "C:\Download\Firefox.exe"

  18. Gheek

    Chrome rendering should get rid of a major issue

    If it’s correct that Edge does well on security then it might do well when it adopts the chromium engine. Edge has been amazingly poor in the rendering stakes. If the security is still going to introduce unacceptable waiting for web pages nobody will use it.

  19. anthonyhegedus Silver badge

    Isn't Edge the Chrome bootstrapper? Can it browse to other sites too?

  20. Wade Burchette

    Irrelevant

    I do not care that it is the fastest. I do not care if it is the safest. If I cannot understand how to use it, then nothing else matters. The UI in Edge is illogical and confusing. To me, this is like a car dealer telling you how safe the vehicle is while you are trying to figure out how to drive the car. I would be more than happy to use Edge if, and only if, the user interface was logical and easy to understand. But it is not. And given how Windows 8 then 10 was designed and how Office was designed, I seriously doubt Microsoft will create a browser that has a proper UI.

    1. Timmy B

      Re: Irrelevant

      RE: "The UI in Edge is illogical and confusing. "

      I don't see how. It all seems to make total sense to me. But then 99% of the time I use "Back", address entry, close tab and new tab. What's illogical or confusing. I generally want to know. Speed is an issue to me.

      But more importantly....

      Backspace to go back a page works without an addon.

    2. JohnFen

      Re: Irrelevant

      "I do not care that it is the fastest. I do not care if it is the safest. If I cannot understand how to use it, then nothing else matters."

      I don't find Edge confusing, just very unpleasant and hard to use (I feel similarly about Chrome, but to a lesser degree). But otherwise I agree -- if a browser is unpleasant or hard to use, then its speed or security isn't important because I won't be using it anyway.

  21. aqk
    Terminator

    But what about Netscape?

    I am too tired to read all the arcane comments below.

    But has any El Rag user yet suggested we should go back to Windows-XP and Netscape?

    Yes, NETSCAPE! Surely a much more secure browser than IE6 !!

    Com'n guys! Is everyone asleep at the wheel here?

  22. Howard Hanek
    Gimp

    Right

    Why does an image of Princess Leia shackled to Jaba the Hut immediately come to mind?

  23. adam payne

    Edge won something, never thought i'd see that.

  24. steviebuk Silver badge

    This seems bullshit

    We get a lot of phishing emails come through at work that go in the junk folder. Now and then I'll check at 365 end and grab a few, stick them in a VM and click the links.99% of the time Chrome and Firefox warn the sites are phishing sites. Pretty much every time IE and Edge give no.such warning and the site loads allowing you to be easily phished. So its far from being secure.

  25. N2

    Fastest?

    Perhaps fastest into the recycle bin after downloading the browser of choice?

    Speed not neccessarily a measure of goodness, as I found out some 40 years ago riding my Suzuki super six motorbike. It was fast alright but oh Lord was it crap at cornering.

  26. Hans 1
    WTF?

    El'Reg What do all these things have to do with rendering ?

    Nothing of what has been brought forward in this article in terms of Edge being better than the rest is affected by the change in redenring engine. Did I miss anything, el Reg ?

    In my experience, Edge is noticeably slower than any browser I have used, except IE 6 ... YMMV.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like