Microsoft is testing a “Super Duper Secure Mode” (or SDSM) for the Edge browser that targets the bane of all browser security: Javascript. Specifically, enabling SDSM mode disables the Javascript Just-In-Time (JIT) compilers, which websites use to optimize Javascript code running on the page.
JITs boost page loading speeds and browser performance, but are notoriously exploitable by hackers. So Microsoft Edge’s Vulnerability Research team decided to disable the JIT entirely, and found that doing so removed nearly half of the bugs that needed fixing. Several other security features can be enabled when JITs are turned off, including Control Flow Guard (CFG), Controlflow-Enforcement Technology (CET), and Arbitrary Code Guard (ACG)—each of which adds even more protective layers to keep users (and their data) safe.
But it gets better: with fewer bugs to squash, users won’t have to install security updates or emergency patches nearly as often.
So if disabling Javascript JIT compilers boost security that much, why have them turned on at all? The short answer is performance: Even though JITs are vulnerable, they’re widely accepted because of their assumed benefit to browsing speeds.
Microsoft is testing the impact disabling JITs has on user experience, and its initial findings do show occasional hits to page loading, memory use, and device power consumption—though it actually improved the browser’s startup times.
G/O Media may get a commission
Since SDSM is currently in the testing phase, it’s possible other bugs and performance issues will crop up for those who try it out, but Microsoft aims to boost stability and enhance the mode with further protections in coming months.
Oh, and the Research Team says it might ditch the name, but I kinda hope they keep it.
How to enable Microsoft Edge’s Super Duper Secure Mode now
If you want to try Microsoft edge’s Super Duper Secure Mode, download one of the Edge Insider builds for Windows and enable it in the experimental flags menu. It’s available on the Beta, Dev, and Canary versions, and will come to the stable version in the future (Microsoft also plans to bring it to the Mac and Android at some point.) After doing so:
Run the browser, then go to edge://flagsUse the search bar to find “Super Duper Secure Mode.”Enable the flag, then restart the browser when prompted.After the restart, Edge will be in Super Duper Secure Mode.[OnMSFT]