JIT boost page loading speeds and browser performance, but are vulnerable to hackers. That is why Microsoft Edge’s Vulnerability Research team decided to disable the JIT completely, and found that doing so removed nearly half of the bugs that needed fixing. Several other security features can be enabled when JITs are turned off, including Control Flow Guard (CFG), Controlflow-Enforcement Technology (CET), and Arbitrary Code Guard (ACG)—each of which adds even more protective layers to keep users (and their data) safe.
Even though JITs are vulnerable, they’re widely accepted because of their assumed benefit to browsing speeds.
Microsoft is testing the impact disabling JITs has on user experience, and its initial findings do show occasional hits to page loading, memory use, and device power consumption—though it actually improved the browser’s startup times.
SDSM is currently in the testing phase, it’s possible other bugs and performance issues will transpire for those who try out the SDSM, but Microsoft aims to boost stability and enhance the mode with further protections in coming months.
If you want to try Microsoft edge’s Super Duper Secure Mode, download one of the Edge Insider builds for Windows and enable it in the experimental flags menu. It’s available on the Beta, Dev, and Canary versions, and will come to the stable version in the future (Microsoft also plans to bring it to the Mac and Android at some point.) After doing so:
- Run the browser, then go to edge://flags
- Use the search bar to find “Super Duper Secure Mode.”
- Enable the flag, then restart the browser when prompted.
- After the restart, Edge will be in Super Duper Secure Mode.