locked
Edge Browser Security vs IE's EMET RRS feed

  • Question

  • The Edge browser's security capabilities are touted as being so advanced as to not need to incorporate EMET.

    Does Edge currently (or will it) offer the same Certificate Pinning capability (aka Certificate Reputation / SmartScreen) that EMET currently offers? 

    Will EMET be supported in IE11 (and future versions of IE, if IE continues to exist)?

    Friday, September 2, 2016 6:14 PM

Answers

All replies

  • Hi aa_kira,

    For the edge certificate reputation system, while people trust sites that have encrypted web traffic, that trust can be undermined by malicious sites using improperly obtained or fake certificates to impersonate legitimate sites. To help address this problem, we introduced the Certificate Reputation system last year. This year, we’ve extended the system to let web developers use the Bing Webmaster Tools to report directly to Microsoft to let us know about fake certificates.

    https://technet.microsoft.com/en-us/itpro/microsoft-edge/security-enhancements-microsoft-edge?f=255&MSPPError=-2147217396

    Microsoft has officially stated that there is no need for EMET in Windows 10 as the OS already contains protections such as Device Guard, Control Flow Guard and AppLocker. For the same reason, EMET does not protect Edge browser. However, EMET 5.5 is fully compatible with Windows 10.

    For our products, there are a lot of areas in need of improvement. Thank you for your suggestion and expectations. I will forward this information to the appropriate department through our internal channel. Both the Microsoft Product Team and Development Team take into consideration all suggestions and feedback for future releases.

    Hope it will be helpful to you

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 5, 2016 6:15 AM
  • I really appreciate your reply and the information. I am specifically concerned with whether or not there will be a certificate pinning capability in Edge going forward with Windows 10 and beyond.  I am researching Pinning as a desired capability and EMET was the only MS product that appears to offer that capability. If I am in a position to recommend Pinning and there is no MS product that will do cert/public key pinning, I will advocate for the use of either Chrome or Firefox browsers and not IE or Edge.

    Can you offer further clarification on a certificate pinning capability that will be available in MS Edge?

    Monday, September 5, 2016 9:11 PM
  • Hi aa_kira,

    Thank you for the update on the issue. Based on my knowledge and search, Windows 10 Edge browser that it's dropped support for it in EMET 5.5.        

    Given the advanced technologies used to protect Microsoft Edge, including industry leading sandboxing, compiler, and memory management techniques, EMET 5.5 mitigations do not apply to Edge.

    https://blogs.windows.com/msedgedev/2015/05/11/microsoft-edge-building-a-safer-browser/#buEjM5zXopcexXFI.97

    Hope it will be helpful to you


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 9, 2016 9:21 AM