Microsoft Edge 113 removes Basic Enhanced Security Mode
Microsoft has just released Microsoft Edge 113 Stable for all supported operating systems and platforms. The new version of the browser makes a change to its Enhanced Security Mode, automatic updating on macOS devices, and a bunch of new policies for system administrators.
Microsoft Edge 113 is already available and most installations of the web browser should receive the update automatically in the coming days. Desktop users may speed up the installation of the update by selecting Menu > Help & Feedback > About Microsoft Edge. The browser should download and install the update when the page is opened.
Removed Basic Enhanced Security Mode
One of the main changes of Microsoft Edge 113 removes something from the browser. Microsoft notes in the release notes that it has consolidated the security level settings of the browser's Enhanced Security Mode.
Enhanced Security Mode is disabled by default on most systems. It enables protections against certain threats and disables the Just In Time Compiler, which makes certain exploits more difficult to use.
Edge, up until now, supported the three modes Basic, Balanced and Strict. The three modes determined the scope of the feature. Basic mode, the mode that Microsoft removed, enabled the mitigations for "less visited sites" only. Balanced expanded this to all sites that were not visited frequently in Edge and Strict expanded it even further to all sites.
With Basic gone, Microsoft Edge users have the option to set the mode to Balanced or Strict. The descriptions of the two modes have not changed. Edge users who have configured the browser to use the Basic mode are likely moved to Balanced mode during the upgrade to Edge 113, but there is no confirmation from Microsoft about this in the release notes.
The second main change of Edge 113 is that the browser users a new updater on macOS devices. The switch from Microsoft Autoupdate to EdgeUpdater. Microsoft explains here that the switch "provides an update experience tailored to browser usage, with fast, reliable updates and minimal user interruption". EdgeUpdater furthermore allowed the company to align its backend systems and allows it to "deliver new macOS management experiences".
System administrators need to know that policies have changed and that the new policies need to be set before updating to Microsoft 113.
Microsoft Edge 113 comes with PDF View Settings and Microsoft Root Store policy updates. The first, RestorePdfView, gives administrators control over Edge's PDF View Recovery feature. The second is a deprecated policy that will be removed in Edge 115.
The release notes lists four new policies:
- EnforceLocalAnchorConstraintsEnabled - Determines whether the built-in certificate verifier will enforce constraints encoded into trust anchors loaded from the platform trust store
- ReadAloudEnabled - Enable Read Aloud feature in Microsoft Edge
- ShowDownloadsToolbarButton - Show Downloads button on the toolbar
- TabServicesEnabled - Tab Services enabled
Edge 113 updates the Chromium core as well,
Now You: have you tried Edge recently?
@John G. asked > @11r20 won’t be more useful to add the list of blocked sites with a uBlock Origin or Adguard filter?
@11r20 says: Yeppers, I also use uBlock-original and it’s backed up.
I “manually” update blocklist’s and AV-security
The occasional nefarious network IP I capture is kept/listed in ‘2’ firewalls
and a Piholed-router
It’s been so enjoyable over the years to run ‘lean’ and ‘quiet’
11r20 from Texas
@11r20, oh, now I see that you are from Texas. The good country of the Lone Star that has one of the most interesting History of the whole states of USA, and that proudly shows its dignifying respect to the Six Flags along the time since 1519. Indeed one of the favorites books of my father is “Texas”, by James A. Michener (it’s one of the most fat books I have seen, more than 1020 pages in the 1986 Spanish edition). The book was a gift that a man from Frisco gave to my father in Madrid. Such old times for my young mind.
My Edge Version 113.0.1774.35 (Official build) (64-bit) has Basic, Balanced and Strict modes
@ilev, probably you need to go below at configuration options. I think that you are writing about the tracking protection. Just seek near the secure DNS configuration, you will see the enhanced security options near there. Edge Version 113.0.1774.35 is the right version for this article.
Only about .01% of Edge installations are used as default browsers. MS inflates its stats from desktop search queries and OS calls.
Enhanced security drastically slowed the browser performance last time I enabled it. I don’t use Edge anymore, far as I am concerned Microsoft went the wrong direction with Edge implementing too many niche features and bloating up the browser.
@John, same here when visited a “non frequently visited site”, however after reloaded the website two times the website fall down from estric to balanced security and it works with good speed again. It’s due the control of JIT, and where is more noticeable is in website with heavy scripts. Anyway you can add an exception for those websites one by one, and even you can make a general exception for all https://* sites. Also you can add only all the http://* sites to be controlled by the supposed enhanced security (see above the “manage the enhance security for sites” option).
I don’t use Edge or any Windows-browsers at all.
But when using the latest ‘Blackbird for Windows’ on a locked down Win7-Pro, I noticed it Pings & Blocks a Crap-Ton of ‘Edge-IP’s.
This should raise enough red flags to avoid ‘Edge’
There’s also a screenshot on line showing the Blackbird ‘Edge’ Block-list @ https://www.getblackbird.net/blacklist/hosts/
11r20 from Texas
@11r20 won’t be more useful to add the list of blocked sites with a uBlock Origin or Adguard filter?
Dear readers…
The “Windows Update Orchestrator prevents windows from sleeping” has come back for me.
Has anyone else run into this issue on windows 10?.
I’ve tried adding the following override but it makes no difference.
powercfg -requestsoverride SERVICE UsoSvc EXECUTION
I’ve have to disable the service for a temporary fix.
I am using win 10 pro and do have Quality updates delayed 14 days and Feature updates delayed 180 days.
I also have the target feature update version set to 22H2.
@Tachy, hello, have you execute the command “powercfg -requestsoverride SERVICE UsoSvc EXECUTION” under admin privileges? :S Are you sure that the “MoUsoCoreWorker.exe” has no culprit? Simply test: powercfg /requestsoverride process MoUsoCoreWorker.exe execution
(and see if it is solved). To undo: powercfg /requestsoverride process MoUsoCoreWorker.exe
(both commands should be executed with admin privileges).
I hope it will work, this was fine for me with W10 21H1 for a while too, however I don’t remember exactly the version that it was installed.
@John G
Thanks for replying.
Yes I ran the command prompt as Admin. I have it pinned to my start menu and I r-click on it and hover over “more” and click on ‘run as admin’.
As it did not work I’ve already removed the override.
I did find a 6 year old workaround, from Martin Brinkmann.
https://www.ghacks.net/2017/12/03/allow-only-manual-updates-on-windows-10/
It gives me great pleasure to see the result of the last time the task was ran as “access denied”.
My PC now sleeps normally again.
@Tachy, I’m glad you were able to fix the problem! :]
Speaking of Edge, just like Google with the Chrome Web Store, Microsoft will also add badges to some of the extensions in the Edge Add-on Store, this was announced some time ago, but the badges have only started showing up since yesterday when visiting the store in Edge Canary (controlled rollout):
https://redd.it/1392wts
.
John G: Very nice addition to the article.
@Seeprime thanks! :]
The enhanced security mode of MS Edge is the worst useless pile of garbage ever done in security, in terms of browsing. The main reason of this is that the only difference between balanced and strict is the “number of visits” that you have done to the site (or even the number of visits that a website received in whatever criteria that I still haven’t found). And this is a real problem, because it’s not decision of the user that can allow or disallow it, as it should be. The different ways of enhanced security consists in the next particular options:
“This runs the unknown sites without just-in-time (JIT) compilation to provide additional protection. Running without JIT reduces the attack surface, making it more difficult for malicious sites to exploit vulnerabilities. Additional protection includes Windows operating system mitigations such as hardware-enforced stack protection, arbitrary code protection (ACG), and control flow protection (CFG).”
However this is not true. They are lying because you are really controlling o enhancing nothing at all, because if you visit a website three times the sites is automatically recognized as secure. The same with some local sites that are visited by thousands of persons per day and it automatically is set automatically to “strict” (e.g. my online supermarket). Also this is a pure security placebo because when you clear all cookies (if you use the option to clear them on exit), the next time you visit the “secure” sites they are new again to the browser itself. I don’t know if I have explained my complaints to be understand in a clear way, however I will explain it in another way:
– The balanced and strict options must clarify what the browser understand for “frequently visited” sites because I can visit one hundred times a site and this doesn’t make secure the site.
– The user must have the power to decide what they want to protect by default (e.g. JIT, ACG, CFG and so forth) in a new mode that may be named “user mode”.
– The criteria of “frequently visited sites” should disappear too: it’s useless.
Thanks for the article.
@ John G. Excellent clarification of this gibberish security options and how they – not- work. Never known before. Thank you!
@Sebas thanks! :]
most browsers include gimmick privacy features to make users feel that they are protected…in reality they’re not…there’s no privacy online.