Skip to content

Tales from the Edge. #Security.

Fun

Late 2017, King county, Washington

An overworked team with an impossible mission, to create a secure Internet browser, on Windows, is called to the weekly time-waster product team meeting.

Product Manager:
Team, you know that Edge needs to be the most secure browser on the planet, right?
So how can this thing segfault if some dude from the security consultancy fuzzes the Backup.dat?

You MUST make sure this is protected. It MUST be a violation of Windows Policy to modify the file. Go, make it happen! Report back next week!

The team disperses.

Early next morning, at a set of tables in the middle of a dimly lit cube farm...

Developer:
Hey, team lead, do you know what the PM meant with "Windows Policy"? I never heard about a "Windows Policy". Is this the "Group Policy"? Or did he mean the product license? Like the shrink-wrap contract? Do we need to consult legal?

Team lead:
Oh, ffs, Bob. No time for discussion. The requirement is crystal clear. Implement it. You're the security lead. We have a deadline approaching.

Developer:
O.k., boss. I'll see what I can do.

Windows Edge backup folder "Protected - It is a violation of Windows Policy to modify"

O Rly?

This is unfortunately not a joke. I found this in a Windows client backup log:

Windows Edge backup folder entry from log

Others have wondered, too:

https://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_security-insiderplat_pc/what-the-hell-are-microsoftedgebackups/b2ada7c2-2ea5-498c-a593-d6033020c463

While you're at it, please admire the beauty of the URL. Underscores or dashes? Short slugs? Four Insiders? Let's tack a UUID on top, always good to have UUIDs! And NEWID is so easy to use in SQL Server. IDENTITY is two more keystrokes.

Next time, I'll do a piece on that bug report, how swearing at support people doesn't help and why an "Insider Preview" program is totally worth it ... if somebody were actually monitoring the feedback.

And why the second answer in that forum is better SEO than the work that went into the clean URL.

And why you have %LOCALAPPDATA% and still use the home directory to store browser cookie backup files in the first place.

...

Update:

15.02.19: Microsoft has decided to discontinue trying to develop a competitive browser engine for MS Edge and instead will re-base on Google Chromium. They have put up a Github repository with a README to explain their rationale.

13.06.18: Even the Windows registry has this security - ehem - feature applied:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DHP]

Bookmarks in the registry. This gets better and better.
So "Windows policy" might be the "Microsoft browser extension policy"?

BTW: Found via https://answers.microsoft.com/en-us/windows/forum/windows_7-security-winsec/some-malware-has-violated-windows-policy-with/6a5b097f-dbac-4240-acbf-83dad6ccebc1 where the user immediately thought of malware.

Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

Anonymous on :

Found this directory on my PC and immediately thought it was malware as well. Wow.

Maciej on :

Today I also found it in my backup log. Immediately thought of some virus...

Add Comment

Markdown format allowed
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Form options

Submitted comments will be subject to moderation before being displayed.