Re: Giving Up on Thunderbird!


Gerald Levy
 


Mozilla seems to have a peculiar obsession with security. They are constantly releasing new versions of Firefox and Thunderbird which are purported to be "more secure" than previous versions, but of course, there is really no way to substantiate their claims aside from taking their word for it. I suspect that they use their claims of improved security to justify their ambitious release schedule, a strategy which has largely backfired, because Firefox has experienced a steep decline in share of the browser market.  


Gerald



On 9/30/2020 7:28 AM, Ron Canazzi wrote:
Hi Gene,

If what you are saying is true then my question is why do software companies--even free ones like Mozilla--always mention security as well as efficiency and functionality when they announce a new update. I could understand if the only companies doing this were for profit, but Mozilla is a free download.  What is in it for them to announce that a particular update is a security and efficiency update?


On 9/30/2020 1:09 AM, Gene wrote:
If we were talking about browsers, I would agree not to run old ones.
I did e-mail searches and found very little supporting your position. Almost everything I fouhnd talked about phishihng and social engineering.  I did find one discussion about a truly archaic version of Outlook, Outlook 2000 and I found a few general statements about unpatched exploits but almost nothing, thus leading me to continue to believe what I believed before, that exploits in e-mail programs are not generally used in attacks these days.

This discussion, talking about a really archaic version of Outlook has content that may support your contention, but I found almost no other discussion of the question in a search for is it dangerous to use an old version of an e-mail program.  And note that this discussion doesn't say that to any of the participants' knowledge, anyone has been hacked through this truly archaic version of Outlook by the use of unpatched exploits  It simply says that this or that can be done..
https://security.stackexchange.com/questions/112342/how-vulnerable-is-an-older-version-of-outlook-as-an-email-application

I'm not saying what you say is wrong, but until I get good evidence otherwise, I shall continue to hold my views, that ((1) there is no interest in attacking people through malicious code these days in e-mails and that (2) being on lists like this for years and not having seen one message from anyone about being attacked in other ways than by phishing and social engineering and that 3) the links for about fifteen results I read, I read the links, I didn't go to the pages, but the links don't mention embedded code, they discuss phishing and other forms of social engineering, all this is, in my opinion, strong evidence that I am correct.

I'm not telling anyone they must do anything, either.  I'm presenting the reasons I believe I am correct.

Here is the link to one of the searches I did.  It was worded about like this:
Are e-mails with malicious code common in 2020

You may see the results.  I've looked at the links to something like fifteen results and they all deal with attacks such as phishing and no links mention messages with embedded malicious code.
https://www.google.com/search?gbv=1&q=are+e-mails+with+malicious+code+common+in+2020re+malicious+e-mails+common+in+2020&oq=&aqs=

As I said, I looked at the links themselves, I didn't go to the pages.

If you have good evidence to show that I am or have a reasonable chance of being wrong, that's fine.  You have more technical knowledge than I do and you may find such information.  I shall continue to believe I am correct unless I see convincing information.

Gene
-----Original Message----- From: Brian Vogel
Sent: Tuesday, September 29, 2020 10:42 PM
To: main@TechTalk.groups.io
Subject: Re: [TechTalk] Giving Up on Thunderbird!

On Tue, Sep 29, 2020 at 11:28 PM, Gene wrote:
You may correct me if I'm wrong on these points or disagree-
I am not going to, because you are entirely capable of doing a web search on "email client attacks" or "email attack surfaces" or similar to get reams of documentation on what has been going on for years.

I'm not going to tell anyone they must do anything.  I'm also not going to tell them that leaving web browsers or email clients in an un-updated state is a wise or safe thing to do, because it isn't.


Join main@TechTalk.groups.io to automatically receive all group messages.