RE: I.E. "Security hole"? [LWN.net]

RE: I.E. "Security hole"?

Posted Oct 13, 2003 17:04 UTC (Mon) by scripter (subscriber, #2654)
In reply to: "Security hole"? by TwoTimeGrime
Parent article: E-mail filters not fooled by signed spam (News.com)

I advise my relatives not use use outlook, period. I tell them to use Mozilla Mail instead. Why? Basic risk assessment:

1. Outlook is one of the most common email clients, thus it is a better target for exploits. Running a lesser known, or lesser used email client generally translates to less risk.
2. Outlook has a track record of serious security problems. I'm sure more will be found. Other email cleints have had problems, but not as high-profile, and not as damaging (partly due to #1).
3. Relatives like the pretty look of Mozilla Mail.
4. Mozilla keeps its email in a standard format, not a proprietary format.
5. Mozilla imports outlook email and the outlook address book, so switching is easy.
6. Mozilla isn't just an email client, it is also a web browser. Why not replace their web browser with something far more secure than I.E.? (I.E. continues to have a horrible track record for security)

Despite all of the above, most relatives prefer to keep using Outlook and Internet Explorer. Why?

1. It's what they know.
2. It's fast.
3. It's what their friends use.
4. They don't have to install something new.

So, I tell them how to install patches. Do they do it? No. Why?

1. They can't remember how to do it.
2. They don't want to tie up the phone while downloading updates. (Fortunately, most of them have dial-up instead of always-on connections, which limits their vulnerability to some degree).
3. They forget to do it.
4. They are lazy. It works, doesn't it?

(Log in to post comments)

RE: I.E. "Security hole"?

Posted Oct 13, 2003 17:46 UTC (Mon) by TwoTimeGrime (guest, #11688) [Link]

> Despite all of the above, most relatives prefer to keep using Outlook and
> Internet Explorer. Why?

Do you mena Outlook Express? Outlook is a completly different product than Outlook Express for which there is currently no open-source equivilent on Windows.

Outlook vs Outloook Express

Posted Oct 13, 2003 20:43 UTC (Mon) by pflugstad (subscriber, #224) [Link]

Please correct me if I'm wrong, but Outlook is the product that comes with Office, correct? It costs $$$$.

And Outlook *Express* is the free one. And the one that has all the bug, holes, exploit of the week.

You can praise Outlook all you want, but Outlook *Express* is what the vast majority if users use, and it's a pile of crap. And Outlook itself, while it may be "safe" with all the patches applied - how many people got nailed by viruses even when the patch has been available for months. Fact is, people don't patch, so even if Outlook is safe, it's not for the vast majority of people who actually use it instead of Outlook Express.

So, either pay $$$ for Outlook, or since Outlook itself has had a large number of security holes, use something like Mozilla Mail. As a side benefit, use Mozilla instead of IE and stop all the spyware from being automagically downloaded onto your computer via ActiveX, DCOM and all the other idiocies M$ has foisted off on us as "useful".

Outlook vs Outloook Express

Posted Oct 13, 2003 21:44 UTC (Mon) by dlang (subscriber, #313) [Link]

Outlook (the full version) has had another hole found in it within the last month (Ok, technicly it was a hole in IE as used by outlook to process mail, but since you have no other choice it made users of Outlook vunerable), so it may be safe if fully patched, but you had better keep checking becouse next week it may have another hole discovered with no patch for it yet.