I.E. angst is real – what about O.E. angst?

Link: Mozilla Thunderbird 1.0 Email Client Has Landed (I’m resisting the obvious pun). There’s no shortage of people suggesting that Microsoft’s Internet Explorer is insecure, do many people feel the same away about Outlook Express? Two to three years ago, a majority of viruses exploited vulnerabilities in Outlook Express. Over time, many of these security […]

Link: Mozilla Thunderbird 1.0 Email Client Has Landed (I’m resisting the obvious pun).

There’s no shortage of people suggesting that Microsoft’s Internet Explorer is insecure, do many people feel the same away about Outlook Express?

Two to three years ago, a majority of viruses exploited vulnerabilities in Outlook Express. Over time, many of these security loopholes were closed through application of patches and upgrades. Today, while email is still a primary distribution mechanism for viruses, the virus payloads tend to actually attack vulnerabilities that are presented by Internet Explorer (IE) or Windows.

Because Outlook Express will embed part of IE when opening a message with an HTML body, there’s a rich opportunity for virus writers to exploit known security bugs in IE itself, simply by spamming a message containing an exploit.

While Microsoft generally does a good job of quickly issuing patches for known security bugs, it’s very hard for consumer users to keep pace. The general population of pre-Windows XP SP2 machines makes easy pickings for virus writers, as many of them remain vulnerable to well-known security bugs. A significant proportion are still running Windows 95, nearly a decade after that codebase was first built.

On the other hand, Thunderbird uses its own HTML rendering code (shared with Firefox). It also disables JavaScript by default, and incorporates privacy options to hide embedded tracking images ("web bugs").

It seems to us that the main impetus for the early momentum around Firefox was the security concerns about IE. Will the uptake of Thunderbird be similarly boosted? At this point, our sense is no�the general popular awareness of these issues isn’t great.

It does seem clear that Outlook Express is Mozilla’s primary target given the comments made by Scott MacGregor (Engineering Lead for Thunderbird) to eWeek.

Authors: David Via and Richi Jennings

One Trackback

  1. By Richi'blog on December 7, 2004 at 9:57 AM

    Mozilla Thunderbird 1.0 Email Client Has Landed

Post a comment

You must be logged in to post a comment. To comment, first join our community.