Forum Discussion
IE mode only for 20H1 insiders?
Drew1903 "IE Mode works on BOTH Insider Win10 & regular Win10 with a flag. Indeed, it has not, actually, 'arrived' in Edge C, yet. Excuse me for supporting misleading people.
Yes, currently IE Mode requires flags. Period. Applies to any & all Windows 10 Versions or Builds.
And, @hiren1610 , your 1803, still, must be brought up to 1903."
If I understand you correctly, a user wishing to test IE tabs must be on Windows 10 1903 or higher (that is, one of the Insider builds) and one or both "IE integration" flags (see below) must be enabled. Is that correct?
tomscharbach
Yes, Tom but, there's a more than that... In regard to W10 & my saying be on 1903, that is because fundamentally 10 should, now, be on 1903 and definitely not be on 1803, anymore. But, the flags are needed for IE Mode in Edge C no matter what Windows OS is involved (7, 8, 8.1, 10 or 10 Insider Build) or even if on a MAC OS . Dev & Canary will run on all of the above, now, btw.
Cheers,
Drew
Drew1903 You seem to suggest that works on Windows 10 builds other than Windows 10 1903 and Windows 10 Insider builds (e.g. earlier Windows 10 builds, Windows 7, 8/8.1). I hope you are wrong about that, but I assume you've tested and are right.
If IE integration works on legacy builds, that fact suggests that the engine behind the flag is similar to Blackfish Software's "IE Tab" for Chrome, running IE within Edge Chromium without running the tab in a mini-VM, sandbox or other security container.
Running Edge Chromium is risky enough (it can be run in administrator mode, granting the browser and every program that inherits rights from the browser a relatively high level of system privileges), and running IE and the legacy components that are embedded in IE in such an environment compounds the risk.
That does not inspire confidence in Chromium's built-in security.
tomscharbach
Maybe, I am wrong, Tom. I reckoned since one can run Dev & Canary on systems other than 10... that IE Mode could be used in Edge C while it's on those other OSs, too. Someone who has something other than 10 would have to test that, try it; I only have 10 available to me.
Regarding 10, I just don't think or talk about versions prior to 1903 because (in theory) they are not in use anymore, at this point in time or shouldn't be.
I am going to disagree about how safe IE Mode is. With Edge, if & when you run a site in IE, that opens, actually, as IE in its own, separate browser window. If there is or will be any security issue that's it, right there. This approach of an IE Mode within the default browser is supposed to be safe(r) & not have IE's (poor) level of performance.
Cheers,
DrewDrew1903 "Maybe, I am wrong, Tom. I reckoned since one can run Dev & Canary on systems other than 10... that IE Mode could be used in Edge C while it's on those other OSs, too."
Well, I hope you are wrong (that is, I hope that IE Mode implementation requires changes made at the OS level, such as some form of containerization), but I'm afraid that you are not.
"I am going to disagree about how safe IE Mode is. With Edge, if & when you run a site in IE, that opens, actually, as IE in its own, separate browser window. If there is or will be any security issue that's it, right there. This approach of an IE Mode within the default browser is supposed to be safe(r) & not have IE's (poor) level of performance."
That would be a fine theory (a) if browser IE tabs were individually containerized in such a way that a security risk could not escape the tab instance into the browser, or (b) if the browser itself were running in a container (e.g. EdgeHTML's separate kernel) so that a security risk could not escape the browser into the OS. But (as far as I understand it so far, absent definitive information from Microsoft) neither is the case with Edge Chromium.
The risks would be mitigated somewhat if Edge Chromium could not run with administrator privileges, but (unlike Edge HTML) Edge Chromium can do so, inheriting privileges from apps opened in the browser and passing inherited privileges to apps opened by the browser. What that means, stripped down to the basest essentials, is that a risk coming into the browser can exploit administrator privileges and migrate into the OS. That's not good.
IE is required for websites that either (a) run on depreciated legacy code that will not run properly on modern browsers (hence Blackfish Software's IE Tabs extension in Chrome), or (2) use depreciated legacy engines (e.g. Active X, Silverlight, etc.) that pose inherent risks.
Displaying an "IE required" website or web app in Edge Chromium IE Mode drags legacy code and/or engines into Edge Chromium.
I know that because I did a simple test: I do not allow IE on my computers. I turn off Internet Explorer 11 as a "Windows Feature" on install, and have done so since 2009-2010. With IE turned off (my default mode), IE tabs doesn't work, displaying the standard "Can't open this page in Internet Explorer mode. The version of Internet Explorer on this device doesn't support integration with Microsoft Edge. Updating your PC might solve the problem." error message. I took one of my computers (the throwaway laptop) and temporarily enabled Internet Explorer 11 as a "Windows Feature". With Internet Explorer 11 enabled, IE Mode worked. That suggests that IE Mode in Edge Chromium is running IE legacy code and/or engines in Edge Chromium.
That would be fine if Edge Chromium were running IE legacy code and/or engines in a way that exploits could not escape (a) the tab, or (b) the browser, and (c) if escaped, could not inherit administrative privileges. As I noted above, that doesn't seem to be the case, based on what I know so far.
A caveat: My statements are based on what I understand at this time, an understanding that is not based on definitive information from Microsoft at this very preliminary stage of IE Mode design/implementation. Microsoft is more likely than not to put protections in place. We can but wait and see. The intended user base for IE Mode (enterprise customers with legacy web apps) is not going to implement IE Mode without a full understanding of the security risks and in-built mitigation efforts. That means that we will see Microsoft technical information documenting IE Mode (security risks and mitigation efforts) before Edge Chromium is released.