End users are asking questions about McAfee, Norton and other anti-virus (AV) compatibility with Microsoft Edge. The problem AV products have with Edge is the lack of ActiveX and plugin support. This means these AV products cannot inject themselves in the browser the way they could in Internet Explorer.
Edge does not support ActiveX controls and will not support ActiveX. This is the technology most AntiVirus products use to hook into Internet Explorer. The problem is ActiveX is a source of most browser security holes. This feature alone makes Edge more secure than its predecessor, Internet Explorer.
“However, browser extensions come at a cost of security and reliability: binary extensions bring code and data into the browser’s process, with no protection at all, and so anything that goes wrong or is vulnerable in the extension can also take down or compromise the browser itself.” - Edge Blog
The truth is you are far better off using Edge without McAfee or any AntiVirus product. Edge is very secure, in many ways more secure than Internet Explorer, Chrome or FireFox.
Internet Explorer has a specially designed API for anti virus products to hook into. The problem is they seem to avoid it for a much less stable and less secure mechanism. Many of the problems you have with Internet Explorer are due to plugins, ActiveX and other 3rd party ‘hooks’, not the browser itself.
Right now the team is working on an extension model, but I don’t think this will meet McAfee’s approval.
Let me put it this way, and this is my opinion, McAfee’s advice to go back to Internet Explorer is a deceitful effort so you will continue to buy their product. A poor effort to milk their last vestige of revenue from a product you don’t need.
Norton and Other Anti-Virus Companies Screwing Around Too
MacAfee is not the only third party antivirus product telling users to avoid Microsoft Edge, Norton is participating in this fear mongering. If you look around the Internet I am sure you will continue to find other vendors toting a similar line.
AVG Takes a Different Approach
I came across this AVG support question and answer.
“I see that you are unable to install Privacy fix in Microsoft Edge browser. We will help you with your concern. We would like to inform you that Privacy fix is compatible with Firefox, Chrome, Android and iOS devices. However, you need not worry as your browsing activities will be monitored by the link scanner and you will be protected. If AVG shows as “you are protected” then you can enjoy safe computing!
Let us know if there’s anything else we can do for you. We’re happy to help you.”
This is what I take from this answer. AVG plugins won’t work in Edge, but it is no big deal because AVG filters sites outside the browser. In other words, AVG scans the TCP/IP activity, for known bad sites and blocks access. This is where it should be done, not part of the browser pipeline.
The Edge Sandbox
One of the reasons why these third party ‘security’ products cannot inject themselves or see Microsoft Edge activity is the sandbox.
“The largest change in Microsoft Edge security is that the new browser is a Universal Windows app. This fundamentally changes the process model, so that both the outer manager process, and the assorted content processes, all live within app container sandboxes.”
Here are some of the ways Edge keeps you from bad web pages:
- Stronger, More Convenient Credentials
“Windows 10 provides Microsoft Passport technology with asymmetric cryptography to authenticate you to your web sites”
- Defending Against Malicious Web Sites and Downloads
“SmartScreen defends users against phishing sites by performing a reputation check on sites the browser visits, blocking sites that are thought to be phishing sites. Similarly, SmartScreen in both the browser and the Windows Shell defends users against socially-engineered downloads of malicious software to users being tricked into installing malicious software.”
- Defending Against Fake Sites with Certificate Reputation
“Certificate Reputation – recently we have extended this system by allowing web developers to use the Bing Webmaster Tools report directly to alert Microsoft to fraudulent certificates.”
- New Web Standards
“Microsoft EdgeHTML helps in defending against “con man” attacks using new security features in the W3C and IETF standards”
The Reality - Are We Safe Without Anti-Virus Products?
Yes you are, in fact at least 25% of the public turn off AV products in the browser due to performance issues alone. I have not run a third party AV product in maybe a decade and have not had any issues. Windows Defender does a fine job of keeping me clean. Defender is not perfect, but neither are third party AV products.
The Microsoft Edge team does some thorough research around Internet security and threats average users encounter on a routine basis. Today there are many counter measures built into all major browsers to protect you from attacks bad guys attempt. I wish I could explain more about the R&D and security measures the Edge team has shared with me over the past few years. The content is fascinating and sometimes over my head, but the body of work if nothing short of impressive.
So when you see Norton, MacAfee and other ‘security’ product vendors telling you not to use Microsoft Edge, please ignore their desperate attempt to stay commercially viable.
Windows 10 ships with built-in antivirus software that you may never know is running. Windows has shipped with Defender for years. It updates in the background and scans your device the same way the third party products do. The exception is it does not intrude in the browsing experience the way third party products do. This means it does not degrade your experience.
Anti-Virus vendors see the writing on the wall. Soon they will no longer have a market. They need to do what they need to do to ensure they have more time to stay alive. I don’t blame them for this attitude. But instead of encouraging users to use an older technology just so they can sell a product is wrong. Creating something new and useful, don’t fear-monger.