MozillaZine

Thunderbird full of holes???

Discussion of general topics about Mozilla Thunderbird
FFman
 
Posts: 268
Joined: January 28th, 2012, 2:06 pm

Post Posted September 15th, 2015, 3:08 pm

I subscribe to a magazine called Computeractive. In the latest issue there is a chapter titled "Software YOU MUST UNINSTAL NOW".
It lists 12 pieces of software. One of them is Thunderbird saying it is full of holes, vulnerabilities etc. etc.
I started using Thunderbird 3 years ago when Outlook Express wasn't included in Windows 7 and I really like it.
I just wondered what you experts on here thought about this advice from Computeractive.
I'm continuing to run Thunderbird, btw.

DanRaisch
Moderator

User avatar
 
Posts: 123881
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted September 15th, 2015, 7:05 pm

Thunderbird is an email client, not a browser. The level of security risk is significantly lower with an email application than it is with a browser. There are also settings in Thunderbird that offer security if the user doesn't override them, such as the default setting to block remote content. No email software will protect a user if they choose to turn off such options or to save and/or open attachments indiscriminately.

I'd also hesitate to put too much credence in a magazine whose web page won't display properly in any of the three major browser out there, Firefox 40, Chrome 45.0.2454.85, or IE 9.

FFman
 
Posts: 268
Joined: January 28th, 2012, 2:06 pm

Post Posted September 16th, 2015, 1:07 am

Thanks for your reply, DanRaisch.
I know it's not a browser, I just wanted to know what people on here thought of the advice from Computeractive.
BTW, the magazine is a well respected publication that has been going for years.
I have no problem accessing their website in Firefox, IE, or Chrome.

tanstaafl
Moderator

User avatar
 
Posts: 47167
Joined: July 30th, 2003, 5:06 pm

Post Posted September 16th, 2015, 5:58 am

I never heard of that magazine before. There are some UK based magazines that are popular in the USA, however its not one of them.

James
Moderator

User avatar
 
Posts: 27734
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted September 16th, 2015, 2:43 pm

FFman wrote:One of them is Thunderbird saying it is full of holes, vulnerabilities etc. etc.

What issue number is it exactly?

What is the author's sources or reasons to determine Thunderbird is not safe?

Is the author using this link to assume Thunderbird is not secure because it keeps getting security getting fixes in updates?. Unlike other companies with web browsers and email clients, the developers of Firefox from Mozilla and Thunderbird have been much more open about vulnerabilities so people understand why they should use latest Release. https://www.mozilla.org/security/known-vulnerabilities/thunderbird/

Or maybe the author thinks Thunderbird should be at 40.0 like Firefox is and thinks Thunderbird is behind on security fixes as a result even though the Thunderbird 38.2.0 security update came out when Firefox 40.0 did.

DanRaisch
Moderator

User avatar
 
Posts: 123881
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted September 16th, 2015, 2:51 pm

I know it's not a browser, I just wanted to know what people on here thought of the advice from Computeractive.


I was not suggesting that you did not know that. I was only pointing out that there are huge differences in the levels of risk involved in using an email client versus using a browser and that there should be different expectations in regard to security with different software categories. Without the text of that article it's impossible to judge the merit of the writer's assertions.

tanstaafl
Moderator

User avatar
 
Posts: 47167
Joined: July 30th, 2003, 5:06 pm

Post Posted September 16th, 2015, 5:46 pm

It appears to be Computer Active UK Issue 458 - 16-29 September 2015 . I can find several ways to download that but none that I feel comfortable using. My local library provides a Zinio magazine collection service to let you borrow digital versions of many magazines, but the only computer magazines they have are PCWorld and MacWorld.

Could you give a longer description of the arguments against Thunderbird?

James
Moderator

User avatar
 
Posts: 27734
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted September 16th, 2015, 6:39 pm

Ok here is the part on Thunderbird from recent issue.
Let Thunderbird fly
Mozilla’s email program Thunderbird needs so many security fixes it’s no longer worth using
52 16 – 29 September 2015
Email program Thunderbird used to bealmost as popular as its sister browser Firefox, also made by Mozilla. But while Firefox is holding its own (just) against stiff competition, poor old Thunderbird has been shot down and is full of holes. Look at Mozilla’s list of security advisories for Thunderbird (http://www.snipca.com/17815), and check back regularly if you’re a Thunderbird user. It makes for an alarming read. ‘Arbitrary file overwriting’, ‘Miscellaneous memory safety hazards’, ‘Privilege escalation through Web Notification’ (a flaw that gives any passing hacker more privileges than you) – and all this in only the past few months. Worryingly, some flaws keep reappearing despite regular fixes. Really, is it worth it? We don’t think so. If you use Thunderbird, export any data you want to keep and switch to a new email service. It’s a sad story. A few years ago, Thunderbird was considered a safer alternative to Microsoft’s Outlook Express, which had more patches than a Victorian quilt. Thunderbird was also faster, more innovative and – quite frankly – cooler. But while Outlook has evolved into a cross-platform tool whose free online version successfully borrows the best elements of Gmail, including seamless integration with online tools such as Office Online and Google Drive, Thunderbird is stuck in the past. Some antivirus (AV) tools, including the excellent Norton Security (http://www.snipca.com/17817) have even identified Thunderbird as a Trojan (http://www.snipca.com/17826). This is a false-positive – Thunderbird itself is not malicious. However, it’s so full of vulnerabilities that perhaps these over-zealous AVs are wise to block it.

So the author misunderstands the purpose of https://www.mozilla.org/security/known-vulnerabilities/thunderbird/ and claims Thunderbird is full of holes simply because the Thunderbird council devs are much more open compared to most others who keep security vulnerabilities more hidden unless there is critical vulnerability case to scare people to update to current version say.

The article author might as well be saying Firefox, SeaMonkey and Firefox OS listed at https://www.mozilla.org/security/known-vulnerabilities/ must be full of holes also including current Release.

Makes one wonder if the author or magazine was paid by Microsoft to write that so people would move from Thunderbird to Outlook.

LoudNoise
New Member

User avatar
 
Posts: 40048
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post Posted September 16th, 2015, 7:59 pm

As James noted, all of those security issues include "Product: Firefox, Firefox ESR, Firefox OS, Thunderbird" and were likely found not in Thunderbird but in Firefox. It is a shared code issued and all of them are fixed. Norton finding a trojan in safe software (it is called a false positive) is about as rare as annoyed crows.
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."

FFman
 
Posts: 268
Joined: January 28th, 2012, 2:06 pm

Post Posted September 18th, 2015, 11:31 am

Yes, it's issue 458.
Thanks for the replies, which I agree with.
I'm staying with Thunderbird.

wsmwk
 
Posts: 2638
Joined: December 7th, 2004, 6:52 am

Post Posted September 24th, 2015, 8:38 am

One could argue the article has more holes than Thunderbird :)

Return to Thunderbird General


Who is online

Users browsing this forum: No registered users and 2 guests