provided by: 
Originally published at Internet.comAlong the same lines as what I said last month about Internet Explorer vs. Firefox, I am convinced I'm safer using pretty much any email client other than Microsoft's Outlook. Outlook is simply not as secure as its competitors.
So again, instead of taking my opinions at face value, let's explore how I came to believe them. Bear in mind, though, that I'm comparing Outlook against its competition, which is a pretty vague comparison. So, when specifics are called for, I'll call in Mozilla's Thunderbird as a prime example of an Outlook competitor.
Related Articles Mozilla Firefox vs. Internet Explorer: Which is Safer?
Is the Mac Really More Secure than Windows?
Mac vs. Linux: Which is More Secure?
The Emerging Dell-Linux-Apple War
FREE IT Management Newsletters
The corporate world loves IE and Outlook (paired, almost inevitably, with Microsoft Exchange) for all sorts of reasons. So do phishers and other Internet miscreants. I'd even venture to guess that no software in the history of software-such as it is-has been attacked as much as IE and Outlook have.
If you're using either of these in their default configurations and without any additional security prottection from anti-virus products, firewalls, spam filters, etc., your computer is almost certainly not fully under your own control any longer. I don't say that as mere hyperbole either.
As such, using just about anything other than Outlook has got to be lower risk-not necessarily more secure, however.
Qualitative score: Outlook gets an F while Thunderbird (et al.) get a B+.
That said, most mailers these days allow the user to configure a pretty rich set of options regarding HTML rendering, automatic image downloading, message previewing, and script running. Many mailers nowadays take that a step further by watching out for emails containing known phishing sites, spam messages, and such-in essence, an auto-updating blacklist of bad characters. Although I'm not a fan of blacklisting (vs. whitelisting), they've no doubt prevented a lot of users from loading messages that could have harmed them.
Along these lines, the ability to plug into different anti-spam engines is a major bonus. Thunderbird, in particular, is quite flexible in how it plugs to your anti-spam engine of choice.
Both Outlook and Thunderbird carry out these features reasonably well. I have to admit, though, that I prefer Thunderbird's security features, though this is a rather subjective measure. What I find missing, and perhaps I'm looking in the wrong places, is the sort of control that I get with the Noscript plug-in for Firefox that I mentioned last month.
Qualitative score: Outlook gets a C while Thunderbird gets a B.
Next page: Usability, and "the other guys"
Related Articles Mozilla Firefox vs. Internet Explorer: Which is Safer?
Is the Mac Really More Secure than Windows?
Mac vs. Linux: Which is More Secure?
The Emerging Dell-Linux-Apple War
FREE IT Management Newsletters
But wait, you say, you thought this was a security comparison. It (still) is. I'm a firm believer that software should be easy to use to include configuration of security features and such.
Having said that, it's been my observation that Outlook's user interface has been the victim of "creeping featurism" over the years, and some configuration attributes and such can be obfuscated in layers of menus. Still, kudos are due.
Qualitative score: Outlook gets an A- while Thunderbird gets a C.
The vast majority of email borne security woes stem from "rich" context like HTML, embedded scripts, and attachments. Since many of these "dumb" mailers don't know how to interpret these things, they're quite immune to such poxes.
Qualitative score: Outlook gets an F while the other guys get an A+.
So, it's not so easy to compare security of emailers. Note that I've completely ignored the ability to plug into proprietary mail servers such as Microsoft's Exchange. I've kept my comparisons principally to the user end and have assumed open standards on the back end. I've also not talked about integration with security products and capabilities like PGP and S/MIME. Most enterprise grade emailers can handle both of these admirably these days. We'll address these things in more detail in a future column.
For me, I'm going to stick with anything but Outlook for email for the reasons I've cited above. I'm a big believer in Apple's Mail.app mailer, coupled with Apple's other Outlook-like apps like iCal and Address Book. I'd still like to see more security features there, however. Let's hope Leopard brings us Mac users some of this.
Author: Kenneth R van Wyk
Read article at Internet.com site