Microsoft Is Testing a "Super Duper Secure Mode" for Edge

MakeUseOf

By Simon Batt

Published Aug 5, 2021

The feature may have a silly name, but it removes a major flaw in modern-day browsers that may pave the way for a more secure future.

Image Credit: https://www.shutterstock.com/image-photo/https-lock-symbol-142152166

A lot of work goes into the browsers we use daily to ensure they're as safe as they can be, but there are still elements of the browsing experience that are weak to hacking attacks. In response, Microsoft is making a "Super Duper Secure Mode" that solves this problem in the most effective way possible; stripping out a huge weak spot that hackers exploit.

Microsoft's Radical Plan for Edge's "Super Duper Secure Mode"

Microsoft announced its plans on the Microsoft Browser Vulnerability Research website. The software giant explains that, when testing its browser against malicious threats, it identified that one of Edge's biggest flaws is JavaScript; namely, V8.

Inside of JavaScript is a feature invented in 2008, called Just-In-Time (JIT) compilation. This allows JavaScript to load pages faster than normal, but the complexity of the feature means there are plenty of holes through which hackers can get in and run malicious code.

Developers of high-end browsers manage this issue through lots of testing and security patches, but Microsoft has a different plan. After all, a hacker can't abuse V8's JIT if the browser doesn't use V8 in the first place.

As such, Microsoft is experimenting with a new "Super Duper Secure Mode." It deliberately has a pretty silly name, because as Microsoft puts it, "we plan to have fun with this project."

Right now, you can't test out the Super Duper Secure Mode on the regular branch of the browser. However, if you download either Edge Canary, Dev, and Beta, you can access edge://flags and look for its flag.

Once Super Duper Secure Mode is enabled, Microsoft Edge stops running JavaScript JIT. As you might expect, this results in a negative impact on Edge's page load speed. However, Microsoft performed tests and noticed that the lack of JIT didn't affect page load too drastically, to the point where the average user may not even notice the change.

In fact, in other areas of browser performance, Microsoft noted that getting rid of JIT isn't all bad:

Our tests that measured improvements in power showed 15% improvement on average and our regressions showed around 11% increase in power consumption. Memory is also a mixed story with negatively impacted tests showing a 2.3% regression, but a larger gain on the tests that showed improvements.

Will Microsoft erase JIT from Edge completely? It's hard to say right now. If the Super Duper Secure Mode proves to add a whole ton of security without sacrificing too much in performance, the company may introduce the feature onto the main Edge branch. We'll just have to see how the feature fares in the test branches.

Is Microsoft Edge Ready for Super Duper Security?

JavaScript's JIT may help pages load faster, but Microsoft is discovering that the drawbacks of keeping it patched and secure may outweigh the benefits. Nevertheless, if you want to see the effects first-hand, you can download a beta branch of Edge and give it a spin.

This isn't the first time Microsoft has worked on Edge's security. Recently, Microsoft patched Edge to take advantage of the security tools that modern processors bring to the table.

Image Credit: TACstock1/Shutterstock.com