Mozilla Thunderbird vs. Microsoft Outlook

A security expert examines the relative security of the two programs on a point-by-point basis.
(Page 1 of 2)

Along the same lines as what I said last month about Internet Explorer vs. Firefox, I am convinced I’m safer using pretty much any email client other than Microsoft’s Outlook. Outlook is simply not as secure as its competitors.

So again, instead of taking my opinions at face value, let’s explore how I came to believe them. Bear in mind, though, that I’m comparing Outlook against its competition, which is a pretty vague comparison. So, when specifics are called for, I’ll call in Mozilla’s Thunderbird as a prime example of an Outlook competitor.

Lower profile target. Face it, what do most people use the Internet for? Web browsing and email are likely to be at the top of just about anyone’s list. What are the most popular browser and emailer? Simple: Microsoft’s Internet Explorer and Outlook, and by a pretty darned big margin. Sure, Outlook Express probably deserves an honorable mention here, along with a few others, but in terms of market share, it’s IE and Outlook.

The corporate world loves IE and Outlook (paired, almost inevitably, with Microsoft Exchange) for all sorts of reasons. So do phishers and other Internet miscreants. I’d even venture to guess that no software in the history of software—such as it is—has been attacked as much as IE and Outlook have.

If you’re using either of these in their default configurations and without any additional security protection from anti-virus products, firewalls, spam filters, etc., your computer is almost certainly not fully under your own control any longer. I don’t say that as mere hyperbole either.

As such, using just about anything other than Outlook has got to be lower risk—not necessarily more secure, however.

Qualitative score: Outlook gets an F while Thunderbird (et al.) get a B+.

Default configurations and configurability. Perhaps this one is a bit of a trick criterion, as pretty much every mailer I’ve ever installed came “out of the box” in a default configuration that was akin to walking through a crowd with copious quantities of $100 bills hanging out of your pockets—and then being surprised when you get robbed.

That said, most mailers these days allow the user to configure a pretty rich set of options regarding HTML rendering, automatic image downloading, message previewing, and script running. Many mailers nowadays take that a step further by watching out for emails containing known phishing sites, spam messages, and such—in essence, an auto-updating blacklist of bad characters. Although I’m not a fan of blacklisting (vs. whitelisting), they’ve no doubt prevented a lot of users from loading messages that could have harmed them.

Along these lines, the ability to plug into different anti-spam engines is a major bonus. Thunderbird, in particular, is quite flexible in how it plugs to your anti-spam engine of choice.

Both Outlook and Thunderbird carry out these features reasonably well. I have to admit, though, that I prefer Thunderbird’s security features, though this is a rather subjective measure. What I find missing, and perhaps I’m looking in the wrong places, is the sort of control that I get with the Noscript plug-in for Firefox that I mentioned last month.

Qualitative score: Outlook gets a C while Thunderbird gets a B.

Next page: Usability, and "the other guys"

Page 1 of 2

1 2
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.