1) Yes it is, if a browser is vulnerable code in the email could be run. There have
been more than a few script viruses/malware that hit Yahoo where only reading the
email content was needed for the script to run.
4) that's a stand alone client.
Brian Weeden wrote:
Okay, time to debunk a couple of things that have come up in this thread.
1) "webmail is vulnerable to hacks" - Well, not really. All of the email
preview-pane or attachment auto attacks I've heard about only affect Outlook
and do not affect gmail. Sure, if you execute a bad attachment you're going
to get infected no matter what but Outlook is way more vulnerable here.
2) "can't backup Gmail" - Well that's just not true. If you want, you can
just access it through Outlook or Thunderbird via POP and download
everything. Or you can use a backup client like MailStore:
www.mailstore.com
3) "webmail is slower" Not sure where this comes from. I've got 40,000+
messages in my gmail acccount, all searchable on the fly much, much faster
than using the backup set I have in Thunderbrd on my desktop. Plus, you
never have to worry about running out of mailbox space. That's a huge plus
if you've ever worked in a corporate setting where they put tiny caps like
200mb on mailbox sizes. Then you are forced to move your stuff to offline
mailboxes which makes you vulnerable to crashes.
4) "I must be online to access my email" - Used to be true, but not since
Google released offline Gmail a few months ago. Just install Google Gears,
enable offline Gmail, and presto. So you can download then go offline and
do whatever.
5) "Google has all your data and can do evil things" - sure they have your
data but that isn't any different than your ISP which has it all anyways.
And there are a lot more ways (and incentives) your ISP can screw you over
than Google. For me, this is unavoidable and I'm a fairly paranoid kind of
guy (run Truecrypt on my machines, use VPNs to connect when traveling, etc).
6) "problems syncing with mobile devices" - My iPhone syncs beaufiully with
my Google contacts, calendar and email. No issues there.
Honestly, I think this is a case of people bringing ether pre-conceived
notions or "old fuddy" syndrome. You know, like "Back in my day, a car was
something you could take apart and fix yourself" or "I don't trust this
new-fangled thingie". And that's fine - everyone is free to make their own
choices and rationalize it however they want. But please, make sure you
separate the facts from the opinions so others can make their own decisions.
---------------------------
Brian Weeden
Technical Advisor
Secure World Foundation <http://www.secureworldfoundation.org>
+1 (514) 466-2756 Canada
+1 (202) 683-8534 US
