Microsoft gets Edge on blocking ad injectors

Microsoft has nixed the ability for its Edge browser to run unsigned dynamic link libraries (DLLs) in a move that will make life hard for dodgy extensions and ad injector merchants.

Edge senior program manager Crispin Cowan says the update was dropped last week in the latest Windows 10 update and follows Redmond's plan to harden its web browsing asset.

Last May Microsoft killed ActiveX and Browser Helper Objects making Edge faster and more stable, Cowan says.

"Web browsers are an attractive target, because in-browser advertisements can be a significant source of revenue," Cowan says.

"Developers who are determined to tamper with the user’s settings may resort to injecting DLLs into the Edge process, bypassing the built-in interfaces for settings controls.

"This is a common reason why some users end up with toolbars installed or third party content injected on pages without their intent or consent."

Cowan says advertising injectors will pull down extra malicious content leading to thorough hosing of browsers and at best an increase in attack surface.

Microsoft isn't the only browser baron that hates ad injectors. In April Google killed nearly 200 extensions and prevented users installing those outside its sanctioned store.

The update makes the browser the only one with that type of security protection.

Edge also remains the only browser which inexplicably lacks the bog-standard feature to open all folder bookmarks in tabs, a deal-breaker for this reporter. ®