- EMAIL SOFTWARE SECURITY COMPARISON

In seminars and past articles I have often advised that using software other than Microsoft's Outlook or Outlook Express will likely provide much greater Internet security for most business users.

For a number of reasons, Microsoft's email capable products come under much greater attention from those in our society who actively create and distribute malicious software programs including: Viruses, Trojan Horses, Internet Worms and other system "hacks" that can compromise your computer's security.

My advice is generally to use either the email capabilities that are included in most contact managers (such as ACT!, GoldMine and Online Agent, among others) or to use alternative software specifically designed for email management, such as Pegasus Mail (www.pmail.com), or my favorite, Qualcomm's Eudora Pro (www.eudora.com).

As can be expected, this advice is often received with some resistance, particularly among users of Outlook and Outlook Express. Naturally, many other readers and students wonder just exactly what "greater security" really means to them on an individual basis.

- How Much Risk?

Trying to quantify "exactly" how much greater risk is incurred by using Microsoft's email products is likely impossible. That said, searching web sites that deal with viruses and other security issues paints a pretty clear picture.

Using a well known virus information site, and executing a search based on recent security issues that affect computers in the United States, returned the following:

350 documents related to security issues with Outlook

85 additional references specific to Outlook Express

3 references to Qualcomm's Eudora software

It should be noted that a great number of security exploits affect both Outlook as well as Outlook Express. Additionally, all three security issues identified with the use of Eudora affect Outlook and Outlook Express as well.

Further, not all viruses and security exploits are equally distributed throughout the Internet. Thus, it is not appropriate to say that one program is a specific percentage more or less vulnerable than another.

Still, this simple example should make it clear to just about anyone that the "greater risk" associated with using Outlook and Outlook Express is not an increase of a minor degree, and searches on several other security/virus related Web sites returned similar results.

It is also important to point out that in many cases (but certainly not all) your system is equally vulnerable regardless of what email software you use. If you willingly execute an infected attachment, then your system will suffer the consequences regardless of the email software you use.

- Vulnerability Beyond Infection

The real issue of vulnerability is often: "How safe are the rest of us?" after a system using Outlook or Outlook Express becomes infected. This is a critical question because the majority of malicious programs spreading today will read the files used by these programs to discover other user's email addresses. Any addresses that can be found in address books, incoming mail and even previously sent email messages might be used to automatically spread the infection to others.

This is the methodology that allows today's viruses to cross the globe in just a matter of hours, often before anti-virus software vendors can develop and release updates to protect those who use such programs.

In stark contrast, two of the three viruses identified in the search results above used Eudora's files for this purpose. One was from 1999 and other from 2001. The third security issue for Eudora users was from 2000, and was actually a Window's vulnerability that could be exploited through Outlook and Outlook Express as well.

- Your Greatest Risk

While there are several steps that a cautious user can take to provide nearly perfect system security, (read Dangerous Virus Misconceptions at www.canale.com) few absolute guarantees exist. One simple mistake, whether made by yourself, a business associate or even by a family member, and your system is compromised.

If you're using Outlook or Outlook Express, then the odds are great that anyone whose email address is contained in your system will be automatically be sent a copy of the virus as well. Worse yet, many of these infectious emails will clearly identify you as the sender.

This represents your greatest risk!

If your system is ever infected, you will always be able to remove the virus from your computer. If files were damaged in the process, then recent backups can be used to restore your system to proper working order.

However, if your email software enabled a virus to infect customers, clients and prospects, then your reputation will suffer and the trust you have developed with others will be diminished.

Who among us would want a valued business contact damaged through the exploitation of our own computer? What will the additional victims think of our professional skills? How will the apprehension they will undoubtedly feel when receiving future correspondence from us affect both our relationship and effective communications?

For the business professional, the "greater risk" associated with using Outlook and Outlook Express is not simply the increased risks to data, but to our most valuable assets: our relationships and our professional reputation.

Many professionals may be both comfortable with and capable of managing these increased risks. They may find that Outlook and Outlook Express offer advantages and conveniences that they believe justify accepting the increased vulnerabilities.

On the other hand, not all users are aware of these issues, and many may prudently decide to use other programs for their business email correspondence.

--

Copyrighted with all rights reserved by Stephen M. Canale