Microsoft wants you to use Edge. In an attempt to lure the more security-conscious users, the company is testing a new “Super Duper Secure Mode.” No, that’s not a name we made up; it’s what Microsoft is calling this new browser mode in Edge, at least for now.
What Is the “Super Duper Secure Mode?”
Microsoft’s “Super Duper Secure Mode” is in testing with the Edge Vulnerability Research team, as first spotted by BleepingComputer. The overall idea of the browsing mode is to bring security enhancements without significant performance impairments. Ideally, the company would be able to create a locked-down browsing experience without creating any slowdowns or bottlenecks.
The new browser mode removes the Just-In-Time Compilation (JIT) from the V8 processing pipeline, which is designed to reduce the attack surface threat actors can use to hack into Edge.
To put that even more simply, the browser mode removes a method that hackers could use to hijack a browsing session.
At the moment we are disabling JIT and enabling CET in the renderer process. ACG enablement is next after we do some testing. We also have plans for Android and Mac as well. Android being the most interesting since mobile is such a key target 6/?
— Johnathan Norman (@spoofyroot) August 4, 2021
Johnathan Norman, Microsoft Edge Vulnerability Research Lead, broke down the browsing mode on GitHub. “This reduction of attack surface has potential to significantly improve user security; it would remove roughly half of the V8 bugs that must be fixed.”
The reason JIT exists is to speed things up by compiling code during program execution, but Microsoft says that disabling it doesn’t always have negative impacts on performance.
Not only does the mode disable JIT, but it also enables Control-flow Enforcement Technology (CET), which is an Intel hardware-based exploit mitigation that helps further lock down the browsing experience.
Down the road, Microsoft is planning to add Arbitrary Code Guard (ACG) to the mode, which is another mitigation tool that prevents loading malicious code into memory.
Sadly, the name won’t stick around if Microsoft decides to implement the mode into Edge permanently. “Also, our tongue-in-cheek name will likely need to change to something more professional when we launch as a feature. For now, we are going to continue having fun with it,” Norman concluded.
How to Try “Super Duper Secure” Mode Yourself
If you feel like being Super Duper Secure interests you, trying the mode is relatively straightforward. First, you’ll need to make sure you’re running one of Microsoft Edge preview releases (that’s either Beta, Dev, or Canary).
As long as you have one of those installed, simply type the following in your Edge address bar and toggle the new browser mode:
While you shouldn’t see any noticeable performance drops (according to Microsoft), this is still an experimental mode, and there are bound to be some issues that pop up, so try it for yourself and see what happens.