Bad PR (second attempt, first was scrubbed due to HTML)

Eric Moore emoore at fastmail.fm
Thu Sep 17 07:36:40 UTC 2015


From: http://forums.mozillazine.org/viewtopic.php?f=28&t=2961989

The latest issue of Computer Active has "Software YOU MUST UNINSTALL 
NOW! The 12 worst programs EXPOSED! page 50." splashed on the cover. One 
of those programs is Thunderbird. Supposedly its the UK's best-selling 
computer magazine. The relevant text is:

"Let Thunderbird fly
Mozilla’s email program Thunderbird needs so many security fixes it’s no 
longer worth using
52 16 – 29 September 2015

Email program Thunderbird used to be almost as popular as its sister 
browser Firefox, also made by Mozilla. But while Firefox is holding its 
own (just) against stiff competition, poor old Thunderbird has been shot 
down and is full of holes. Look at Mozilla’s list of security advisories 
for Thunderbird (http://www.snipca.com/17815), and check back regularly 
if you’re a Thunderbird user. It makes for an alarming read. ‘Arbitrary 
file overwriting’, ‘Miscellaneous memory safety hazards’, ‘Privilege 
escalation through Web Notification’ (a flaw that gives any passing 
hacker more privileges than you) – and all this in only the past few 
months. Worryingly, some flaws keep reappearing despite regular fixes. 
Really, is it worth it? We don’t think so. If you use Thunderbird, 
export any data you want to keep and switch to a new email service. It’s 
a sad story. A few years ago, Thunderbird was considered a safer 
alternative to Microsoft’s Outlook Express, which had more patches than 
a Victorian quilt. Thunderbird was also faster, more innovative and – 
quite frankly – cooler. But while Outlook has evolved into a 
cross-platform tool whose free online version successfully borrows the 
best elements of Gmail, including seamless integration with online tools 
such as Office Online and Google Drive, Thunderbird is stuck in the 
past. Some antivirus (AV) tools, including the excellent Norton Security 
(http://www.snipca.com/17817) have even identified Thunderbird as a 
Trojan (http://www.snipca.com/17826). This is a false-positive – 
Thunderbird itself is not malicious. However, it’s so full of 
vulnerabilities that perhaps these over-zealous AVs are wise to block it."

--------------------------------------------------------------

Perhaps somebody could write a letter to the editor explaining how to 
correctly interpret the security advisories, mention that most of them 
are due to vulnerabilities found in Firefox (shared code), document why 
we think that rather than dropping, that the number of Thunderbird users 
continues to grow, and push back on the idea that Thunderbird is stuck 
in the past.



More information about the tb-planning mailing list