Microsoft tightens Edge security for less visited websites Microsoft wants to make it safer for Edge users to browse and visit unfamiliar websites by automatically applying stronger security settings. The new feature is part of a number of security updates in version 104.0.1293.47 announced this month that are designed to reduce the risk for the five Edge users users as they move …
According to StatCounter, it's the third most popular browser behind Chrome and Safari - ahead of Firefox, Samsung and Opera.
And please nobody say "people need to use it once to download a proper browser", because that's obvious, hackneyed, silly and untrue. I repeat, Edge gets more day-to-day usage than Firefox. It deserves some respect.
I'd argue its only because its forced on users. Especially with the default browser randomly getting reset to Edge.
Windows 11 got pushed out to our machines at work which I was annoyed about as we hadn't set up policies yet. One install I set Chrome as default browser and rebooted. Logged back in and Edge had decided to set itself back as default.
We aslo have the period when MS were making it a lot more difficult to change the default browser.
Essentially everything they are doing for Edge is very similar to their anti trust in the late 90s and they really need to be hit again with another one.
Unless they do something similar to NoScript most of the scripting attack vectors are still there.
I am aware that NoScript is probably a bit too much hassle for non technical users as half the web sites display something along the lines of "please enable scripting, this site depends on it" and another quarter simply displays a blank page.
I still wonder why no browser allows to block scripts by default but allow them for specific sites in a session in a simple way like NoScript for advanced users.
As one of the five Edge users (because some of the sites I access require a Chromium browser) I appreciate the auto blocking o JIT.
I also appreciate that I can install uBlock Origin, block tracking cookies, and disable permissions.
And as far as "I still wonder why no browser allows to block scripts by default but allow them for specific sites in a session in a simple way like NoScript for advanced users."
Edge allows you to block the Javascript permission and add individual sites to the Allow list.
It's not enough to pry me away from Firefox but anyone still using Chrome should switch.
It's good for Microsoft, but not good for users as Microsoft joins the vast swath of companies that want to become gatekeepers of what you watch online. I'm guessing websites listing all their CVEs and other critiques will somehow magically become much harder to use, for instance.
Works a bit like NoScript or similar extensions (block scripts unless users manually authorizes or adds the site to a whitelist), so seems like a step in the right direction.
What I can't figure out, and the MS doc isn't clear about this, is how sites are categorized into 'popular', 'unfamiliar', 'less visited'. Is it just based on the user's browsing history (the first time I visit microsoft.com, it will be considered 'unfamiliar'), or does MS maintain a list of more or less visited sites globally? Do they also maintain a list of untrusted websites?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
