|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
.ON SECURITY By Susan Bradley I often come across Windows computer systems that have been severely compromised, and more often than not the entry point
[See the full post at: Browsing your way to more security]
Susan Bradley Patch Lady/Prudent patcher
Microsoft realizes that the Web can be a dangerous place, so it is coming out with the Edge Super Duper Secure Mode..
So, it took Microsoft 28 years, since the first Browser for Windows OS, Cello, in 1993 to realize that the Web is dangerous ?
The unlucky thing is, that Microsoft if literally giving people false hope with its .. I apologize for the word – *stupid* advertisings like this one:
Microsoft Edge is the fast and secure browser that helps you protect your data, and save time and money.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
Do you have a reason to believe that Edge is not secure?
I really have reasons to believe, that all browsers are not secure (not just Edge). It mostly depends on user. Periodic updates are some sort of warranty, that discovered vulnerabilities get patched, but they are not almighty.
Is my data at risk?
Local data are at risk, while you are connected to the internet. Cloud data are at risk 24/7. Although the percentage may be low, both are definatelly not 100% safe.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
Do you have a reason to believe that Edge is not secure?
With Edge being based on google chrome, makes it a bigger target as per the article linked below.
Google issues another security threat warning
Chrome is one of the leading browsers available; however, I can’t ignore that this is the fourth major security vulnerability in two months and the eighth zero-day hack this year. The number of attacks is steadily growing, and it is more important than ever to ensure that your browser is kept up to date.
I share those concerns.
I still would recommend users to be cautious, not relying on browser to do all things for you.
Do not open emails you not recognize, never do store your credit card details, do not install any program, that comes from the internet. Unless you know, what you are doing, obviously.
As if driving your car, you do not put your hands of steering wheel and feet of pedals, when junctions is near, relying on the cars driving assistant.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
I think that the majority of unwanted material (malicious or not) tends to come from users that tend to click “OK” on everything, without reading the content of what they’re approving. A lot are simply trying to move on to getting work done, although I see this effect too often with the “I don’t know much about computers” people that are intimidated by the technology, and have the expectation that a using a computer should be no more difficult than using a toaster.
Developers and distributors know about this, and bury disclosures and opt-out options amid lots of arcane stuff, whether dense legal fine-print, FUD warnings, or obscuring things in “Advanced” settings dialogs that are often designed to discourage users from examining, much less actually making changes.
There is some that can be done by education and training, but some users don’t want education and training, and even if they have it, they’ll still finds to justify doing things that the training is intended to avoid. It’s too easy for users to assume “I’m just one person, and I’m insignificant”, and where they really don’t understand that there is no such thing as “my little corner of the Internet”.
Ultimately, the process of installation of too much software (even for legitimate stuff) borrows from the same methodology as phishing.
With Edge being based on google chrome,
Edge is based on the Chromium, not on Google’s Chrome browser. While browsers based on Chromium share many things, including the rendering engine and extensions, you can easily see the Chromium-based browsers diverging.
There was a time when Edge looked almost identical to Chrome. Now it doesn’t.
brain flatulence oopsI Yes, I knew that, but with chromium being the root browser framework in the pyramid of blink, surely the above article is still relevant to these browsers. Good work by project zero although I’m still not convinced given the article findings. ymmv
either that, or someone has re-invented the wheel of security 🙂
However, Google does own the entire Chromium code base. What if anything Google does to leverage that open-source code base for their own purposes, I am not sure.
Google makes no secret that Chromium is developed by Google for the good of Google. People seem to think that “open source” means “community developed for the greater good,” but that’s not a part of the definition. Chromium is open source, so anyone can take the source code, change it as they see fit, and distribute that new browser as they see fit.
Unless people think Google is hiding some self-serving code in plain sight within Chromium, there’s no need to shun it just because it is developed by Google. The unwanted bits that serve Google’s interests can easily be removed (and the devs of browsers like Brave, Vivaldi, Opera, and certainly Edge) do just that.
Google uses a two-tiered development model for its closed-source products that have an open-source base. Chrome is not open source any more than the new Edge is… the final product consists of the open-source base with proprietary bits added, with the final product released under a non-open-source license. Similarly, Android’s open source base is AOSP, or Android Open Source Project, which is also developed by Google for its own benefit. Android proper is not open source… it has stuff on top of AOSP that makes it proprietary.
If you were Google, and you wanted to put something sneaky and nefarious in Chrome or Android, you wouldn’t put it in the open source part that everyone can examine and use for other stuff. Even the most obfuscated code risks discovery when anyone and everyone can use it as they see fit. Why do that when you’re going to be putting closed-source stuff on top anyway? That’s the natural home for any code that maybe you don’t want the rest of the world looking at.
As such, the code for Chromium is most likely pretty clean and straightforward. Having it be open source is part of Google’s strategy for warding off government getting on their case for monopoly issues. Putting sneaky things in that can give people ammunition to claim Google’s being a bad guy would defeat some of the purpose of Chromium being open source, and could lead to more government interest in their actions. It’s not necessary to do that when there is a closed-source portion to Chrome anyway.
If people want to avoid any code written by Google on principle alone, well… that is their choice, of course, but open-source programs are full of corporate-written code that was written for the benefit of the corporations whose employees wrote it. The Linux kernel itself is like this, as are bits that are on nearly every Linux distro (like systemd and Pulseaudio, both developed by Red Hat’s Lennart Poettering).
Having that corporate contribution in open source is not a bad thing. The lack of resources is one thing that has been a problem, and having people being paid to look at your code and make it better is a good thing. It’s open source, so if any project ever ends up skewing too much toward the interests of any one company at the expense of others, it is likely to be forked pretty quickly, with the community-oriented devs typically jumping to the fork (and they’re able to backport the bits of the corporate code that they handpick as being worthy without taking the bad stuff, so the good work by the corporate entity still gets back into the community edition).
A more pressing reason to avoid Chromium would be to avoid having a single rendering engine that is used by everyone. We’re almost there, though, with Firefox having such a small market share that it hardly even matters anymore. Of course, there is also Safari, but it’s only on (in PC terms) Macs, so even if every Mac user used Safari, it’s still only ten percent(ish) of the market.
I use Firefox because I still have not found a way to get Chrom* anything to scroll smoothly with my laptops. Drives me crazy… otherwise I’d be using Vivaldi full time.
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)
Edge is based on the Chromium, not on Google’s Chrome browser
True. But both share the same security bugs.
Every time Chrome issue a new version Edge follows the next day with its own update.
Example : #2382155
In this article you mentioned that Brave is an alternative search engine and that Brave also building a search engine of it’s own. Brave has been my default browser for years now and I love the speed and the way it blocks ads and trackers. Brave Search is now in Beta and can easily be implemented by selecting it from Settings -> Search Engines and selecting it from the list of search engines used from the address bar. However, with the help of someone on the Microsoft Community Forum I found that you can also use it in Microsoft Edge To do so:
1. Open Edge and enter edge://settings/searchEngines in the address bar search field.
2. Click Add and enter Brave for the Search engine, Brave.com for the Keyword and enter https://search.brave.com/search?q=%s in the URL field and save the entry.
3. Once Brave has been added, click on the 3 dots to the right of the entry and select “Make Default” and Brave Search will be your default search engine.
I’m not sure that it can be added to Chrome but considering that Edge, Chrome and Brave are all Chromium-based I’m assuming that the possibility exists (and would really be sticking it to Google to use it on Chrome).
I’m hoping that Susan will write a full blown article for the Ask Woody Plus Newsletter that will include the above and cover some of the differences between it and DuckDuckGo that’s another privacy oriented search engine.
I’m hoping that Susan will write a full blown article for the Ask Woody Plus Newsletter that will include the above and cover some of the differences between it and DuckDuckGo that’s another privacy oriented search engine.
DuckDuckGo offers DuckDuckGo Privacy Essentials. BMHO good plugin, that is available for Chrome and Edge too (maybe all chromium based browsers). You will get small icon, that tells you immediatelly, how secure is the webpage. It blocks incoming trackers and it will let you know, what happens on the backgroud. Sometimes it blocked certain webpages for me. Then I looked what happened and there was warning, that my form data are sent elswehere, that website is promising. Personally, I would recommend to use that for most users.
See, how Youtube is considered as grade D, because it collects lot of data about us. Askwoody is safe, so it was given B+.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
“… there are foundational components of Internet Explorer that will never quite go away. These are the building blocks of many line-of-business applications, so while we can remove icons, the underlying foundational parts will never completely be removed.”
In addition, IE long served as the display engine for various flavors of Outlook, certainly as late as Office 2016. Outlook would sometimes go off the rails, unable to display ones email in HTML directly within the browser. The fix was a cumbersome procedure changing something or other within IE, I forget exactly because it has been two years since one of my clients encountered it.
Maybe the Outlook built into Microsoft 365 has finally gotten past this IE dependency.
The Outlook desktop client has used Word HTML since Outlook 2007. See Outlook 2013 / 2016 / 2019 / 365 and Word HTML – HowTo-Outlook.
--Joe
DuckDuckGo offers DuckDuckGo Privacy Essentials. BMHO good plugin, that is available for Chrome and Edge too (maybe all chromium based browsers). You will get small icon, that tells you immediatelly, how secure is the webpage. It blocks incoming trackers and it will let you know, what happens on the backgroud. Sometimes it blocked certain webpages for me. Then I looked what happened and there was warning, that my form data are sent elswehere, that website is promising. Personally, I would recommend to use that for most users.
Not saying that DuckDuckGo isn’t a worthy, privacy oriented, search engine. The fact is though that Brave Search is new and it’s only a Beta right now but based on some of the articles that have already been printed on it, Brave is different and those differences could be a reason for some to select it over DuckDuckGo and other popular search engines. The Brave Browser is very privacy oriented in terms of blocking ads and trackers so if Brave Search is equally privacy oriented then it should also be considered a worthy alternative as well. This is why I hope Susan will write an article about Brave Search and perhaps later on compare it to other search engines. Since many use Edge instead of Brave I put the instructions on how to set it up in Edge so perhaps it gets a greater number of testers since it is still a Beta version.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
