Google Chrome to abandon older versions of Windows and Mac OS X April 2016

Google Chrome icon

Back in November of 2015, Google made an unwelcome announcement which was some very bad news for older Windows and older Mac OS X users.

On their Google Chrome Blog posting at that time, Google announced that it will stop providing updates to Google Chrome for the following Windows and Mac OS X versions;

  • Windows XP
  • Windows Vista
  • Mac OS X 10.6 (Snow Leopard)
  • Mac OS X 10.7 (Lion)
  • Mac OS X 10.8 (Mountain Lion)

NOTE: Linux 32-bit Distribution users see the end of this article for your sad news too, but most of you are already aware of this since it happens this month!

This does not mean Google Chrome will stop working in these OS versions — which would almost be better security wise. Instead, Google has decided to simply stop providing updates to the installed versions of Google Chrome for these OS versions.

This is very bad news since Google Chrome has Flash built in (which is updated as needed with Google Chrome). These older versions of Windows and Mac OS X will be doubly vulnerable. Over the years, these users have gotten used to not having to update Flash separately like you need to do in other browsers like Firefox, Safari, Opera, earlier versions of Internet Explorer, Pale Moon, etc.
Because Flash is built in to Google Chrome, these abandoned users will not be getting the Flash updates either.

This will make these older versions of non updated Google Chrome extremely vulnerable to browser attacks from infected websites. Malware purveyors will quickly begin to adjust their attacks (if they have not already in anticipation of this change) to look for these older vulnerable systems using outdated/vulnerable versions of Google Chrome as new attack vectors for these abandoned Windows and Mac users.

Those thinking that being a Mac user will make you impervious to attack, think again. Browser attacks are one thing that every operating system including Windows, Macs and Linux have been subject to these days. Sure Windows users get hit more often but that is because they are the biggest user base and they have the largest target on their back, but Mac users and Linux users can still get hit at times if they have outdated operating systems, Flash, Java, etc. Even Android has been hit by a banking trojan these days – reported March 9, 2016 by ESET’s We Live Security Blog.

With other browsers, you could simply remove Flash from the system and be done with it if you were concerned about it and didn’t mind losing the ability to see YouTube videos and other Flash supported content on other websites. Although, with HTML5 support coming right along, that could be moot.

Some might be quick to blame Adobe Flash, but apparently this is not the case as Adobe is quick to point out in at least two places that they support these OSes:

Plus other browsers such as Firefox clearly still support these OSes and Flash on these OSes. However, they will have to update their supported browsers to NOT include Google Chrome after April 2016 unless Google rethinks all this for at least a couple of the newer, of the older, OS versions. 😉

If Google does not give a reprieve/stay of execution, once Adobe makes their final update to Adobe Flash in April 2016 and Google updates Google Chrome the final time for these OS version users that includes that last Flash version, it will apparently be the last Google Chrome AND thereby Flash update that these Google abandoned OSes will see Google based on the Google Chrome blog article posted November 2015.

Google has been very quiet on the subject since that date so no reprieve or stay of execution even for the newer OS versions to be abandoned; Windows Vista and Mac OS X 10.8 (Mountain Lion).

It seems quite harsh to drop support for these two OS versions (Vista and Mac OS X 10.8 (Mountain Lion)) since Google supported the earlier noted OS versions like Windows XP and Mac OS X 10.6 (Snow Leopard) for so many years! But there it is.

If you are using one of these older OS versions of Windows or Mac OS X, read it and weep for the loss of a great browser like Google Chrome, and make be wise to make the move to Mozilla Firefox newest version to-date 44.0.2 (STILL supports Mac OS X 10.6 Mountain Lion), or Opera (however NO support for Mac OS X 10.6 Mountain Lion, but does support Lion and Mountain Lion), which have not, so far, abandoned these users. But they are not the only players still in the game…

There is also another browser project that has gained a lot of popularity among Windows users — the Pale Moon browser. There are versions for Windows: Pale Moon, Pale Moon 64, Portable. There are also versions for:  Atom/XP, Linux and Android on the Download tab on the website.

There is also a Mac OS X version of Pale Moon 26.1.1 Unofficial available as of February 2016. As noted on their forum page:

Important note:
The Mac OSX version of Pale Moon is still very much in development. Your assistance in bringing this build to fruition is greatly appreciated, but you can expect there to be bugs and problems for a while yet!
Any specific bugs you find that don’t have their own topic yet: please make a new topic; one bug per topic please to keep things organized.
Please also note that these builds are currently created by BitVapor and Moonchild will likely not be able to provide insight or assistance due to lack of Mac hardware and OS/build knowledge for Mac.

Windows XP Vista No Support Yellow Strip Popup Google Chrome

Windows XP Vista already shows No Support Yellow Info band in Google Chrome

Those using these older versions of Windows (See image to the right), and Mac are already getting an annoying yellow warning info band across the top of their Google Chrome browsers.It is advising them to move to a more modern operating system. Wise move on Google’s part and it also servers to show that they  do not appear to be backing down from their November 2015 announcement.

That means Google Chrome users will need to do something to address the issues by either upgrading to a more modern operating system where possible, getting a newer computer with a more modern operating system since all of these operating systems are older and most have been abandoned by their creators anyway except Vista which is coming next April 2017 (preferable security wise), or barring all that, changing to a supported browser, or using an extension to address the old version of Flash issue (see end of article posting).

If you move to another browser, it will be very important to keep Adobe Flash updated since only Google Chrome in Windows 7, 8.1 and Windows 10, or on Mac OS X: Mavericks, Yosemite and El Capitan! will include Flash updates automatically with browser updates after April 2016.
NOTE: In addition, in Windows 8.1, the latest versions of Internet Explorer (IE10, IE11), and of course the new Edge browser on Windows 10 include Flash built in and updated for you like Google Chrome does.

Older versions of Windows and Mac are not the only users to be abandoned/axed by Google Chrome in early 2016. ALL 32-bit Linux distribution versions are also being abandoned — this month — March 2016 as noted in BetaNews, Slash Dot, and PCWorld and other news outlets back in November and December 2015.

Even though many and maybe even most computers these days are 64-bit, there are still a lot of 32-bit computers and 32-bit operating systems in use around the world today so this may be a move forward for 64-bit, but it is also a sad day for all the 32-bit hardware/operating systems worldwide.

Of course, there are still several browsers like Firefox, Opera and Pale Moon available for Linux 32-bit computers —  just as there are for Windows and Mac users. There are also some alternative browsers based on Firefox available (Pale Moon noted earlier here is included), and distro-specific versions of Firefox like Iceweasel in Debian Linux, etc.)

For all users of Google Chrome, there are some Flash blocking or control Extension possibilities that can protect everyone, but particularly these older users from having Flash run all the time if they choose to continue to use Google Chrome:

WinPatrol Changing of the guard

WinPatrol – Scotty

WinPatrol has been very important over the years. I have several (six I think at least) lifetime memberships of WinPatrol software and I install it on all my Windows installs personally and for my friends, family and clients. It has been a staple in my security arsenal for many years now, and BillP has been a great friend to all of us.

BillP, thank you so much for continuing to look for someone who would fit the bill, as it were, and you certainly found a great choice!

I am very excited about the promise that Bret Lowry made to WinPatrol customers:

My commitment to WinPatrol customers is as follows:

One, your lifetime PLUS licenses are just that, lifetime licenses. That was the easiest topic in our negotiation and is written into the contract.

Two, WinPatrol will not have toolbars or other “add-ins” added to it or its installer. Installers that do that drive me crazy because I’m the guy people call to “fix” their computer after the installer completes its hijacking. I am not going to do that to my customers.

Three, I will be responsible for answering support questions, even more incentive to play nicely and stand-by item two above. And

Four, I use WinPatrol myself and therefore am committed to the continued improvement of WinPatrol. I am honored to have earned Bill’s trust and confidence in his allowing me to purchase WinPatrol. Bill has run WinPatrol with integrity since its inception, as a founder of Ruiware (along with my wife), I promise we will carry on that tradition.”

BillP, after reading your blog posting and Corrine’s Security Garden posting, I was totally thrilled to read about Bret Lowry, Ruiware, LLC being your choice.

Totally awesome! I knew you wouldn’t let us down! Thank you Bill for all the years you have given to us! We totally understand your need to step aside and wish your family all the best and your family is ever in my thoughts and prayers.

Corrine, thank you for letting us know of the change right away!

This must be a bittersweet day for BillP; to let go of his baby, to turn it over to someone else, but sweet knowing he turned it over to a great guy who will care for his customers the way he did.

Hi Bret Lowry! I am excited to meet you in Bits from Bill and from Security Garden Blog. Thank you for putting our minds at ease about the commitment you have given us. Hope you will still do the sales periodically like BillP always did and keep the price economical and the free edition which is so important.

On WinPatrol.com:

I’m very happy to announce WinPatrol’s future will be in the hands of Ruiware founder and former lead at Sunbelt Software, Bret Lowry. If you read today’s post and download our new version later today you’ll understand why I’m confident Scotty is in good hands.
Click here to find out why

And this wonderful note from Bret too:

WinPatrol.com - WinPatrol from Ruiware.

WinPatrol.com – WinPatrol from Ruiware. “When I discovered WinPatrol I knew it was a winner and a program I’d install for my entire family. WinPatrol customers matter. You still won’t find obnoxious toolbars when you download WinPatrol. Instead, we help you get rid of them. Thanks, Bret Lowry — Click on image to go to WinPatrol.com

In closing, I would like to echo Corrine’s thoughts from her Security Garden blog entry:

On a personal note, I have long respected Bill Pytlovany and, because of his honesty and high ethical standards, held him in high esteem.  I know I won’t be losing contact with him but still wish to take this opportunity to publicly thank Bill for providing an excellent product.

I could not have said it any better!

Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11)

Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11) on Windows 7  according to an article on Computerworld:

Microsoft strips some Windows 7 users of IE11 patch privileges – Computerworld

Microsoft has quietly stopped serving security updates to Internet Explorer 11 (IE11) on consumer and small business Windows 7 PCs unless the customer has successfully applied an April update for the browser.

The requirement and associated patch stoppage were similar to those Microsoft mandated for Windows 8.1 when it told customers they had to migrate to Windows 8.1 Update by June 10 or lose their patch privileges. The Windows 7 requirement, however, affected only IE11, Microsoft’s newest browser, not the operating system.

This type of thing is very hard to understand. Why would Microsoft do such foolish things. Why would they cut off their nose to spite their face by making things so difficult for their users? Windows Update should provide what is needed as it is needed. Period. If they can’t figure out how to do that, maybe they need to get someone in there to help them do the updates.

At this rate, they will be causing more people to move from Windows to other platforms like Mac and Linux. Do they not realize this? Not to mention that people need their security updates not just for the operating system but for the browser. If they want to maintain market share with their IE browser, they are showing a very strange way of doing that by cutting off the very much needed security updates because one hasn’t installed as yet. Why is it not installed? That is what should be addressed here.

All future security and non-security updates for Internet Explorer 11 require you to have update 2919355 or update 2929437 installed in order to receive updates (emphasis added).”

With the way that malware is attacking Microsoft Windows, I can not see how they can feel it is OK to do this as well as stopping supporting Windows XP when it as still garnered nearly a third of all users world wide even after security update support was ended for Windows XP. As of today, June 15, 2014 it still garner’s over 25% or 1/4 of the total global market:

netmarketshare.com as of 6-15-2014 - choose operating system Desktop Share by Version

netmarketshare.com as of 6-15-2014 – choose operating system Desktop Share by Version

 

May 2010 Windows 2000 fell below 5% and end of life for Extended Life Support of Windows 2000 was July 10, 2010 so WINDOWS 2000 FELL below 5% TWO MONTHS BEFORE SUPPORT ENDED.

OS Statistics- w3schools_org – includes less then 5% Win2K market share at time of end of support (PDF)

Windows 2000 End-of-Life – Strategic Technology Resources – Site Home – TechNet Blogs-11-10-2009 (PDF)

Netmarketshare postings.

Then the Windows 8.1 Update 1 fiasco and now this IE11 fiasco.

There is something very anti-customer about all of this, don’t you think? Especially in light of the fact that Windows is the most high profile target for malware purveyors because it garners the greatest marketshare.

I personally feel Microsoft has a made a BIG mistake ending support for Windows XP when it still holds slightly over 25% or 1/4 (one quarter) of the total global marketshare as shown above. And they are continuing to make security missteps for Windows 8.1 and Windows 7 users now too.

I do not understand. Microsoft has never been this way before in it’s long history of being customer centric. It just does not make sense.

eBay – Change your passwords

Yep, this announcement was published by eBay and retracted and then put back out again. So yes, this is real.

EBay customers must reset passwords after major hack  CNN Money

Not just a rumor…as a precaution, in case the hackers are really good … time to change your ebay passwords. 

Hackers quietly broke into eBay two months ago and stole a database full of user information, the online auction site revealed Wednesday.

Criminals now have possession of eBay customer names, account passwords, email addresses, physical addresses, phone numbers and birth dates.

The company said the passwords were encrypted and are virtually impossible to be deciphered. Still, as a precaution, eBay is asking everyone to reset their passwords late Wednesday.

The company isn’t saying how many of its 148 million active accounts were affected — or even how many customers had information stored in that database. But an eBay spokeswoman said the hack impacted “a large number of accounts.”

eBay Suffers Massive Security Breach, All Users Must Change Their Passwords – May 21, 2014 – Forbes:

eBay is taking the breach extremely seriously stating that users employing the same password across eBay and other sites should also change those passwords. It stresses your eBay password should be unique.


eBay Inc. To Ask eBay Users To Change Passwords – eBay Announcements page (Posted May 21st, 2014 at 8:50 AM):

eBay Inc. To Ask eBay Users To Change Passwords

Earlier today eBay Inc. announced it is aware of unauthorized access to eBay systems that may have exposed some customer information. There is no evidence that financial data was compromised and there is no evidence that PayPal or our customers have been affected by the unauthorized access to eBay systems. We are working with law enforcement and leading security experts to aggressively investigate the matter.

As a precaution, we will be asking all eBay users (both buyers and sellers) to change their passwords later today. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We regret any inconvenience or concern that this situation may cause you.  We know our customers and partners have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.

Click here for updates and additional information.

– See more at: http://announcements…h.V13eaJ1m.dpuf

That Click here link above: Frequently Asked Questions on eBay Password Change – ebayinc.com:

What happened?

Our company recently discovered a cyberattack that comprised a small number of employee log in credentials, allowing unauthorized access to eBay’s corporate network.  As a result, a database containing encrypted password and other non-financial data was compromised.  There is no evidence of the compromise affecting accounts for Paypal users, and no evidence of any unauthorized access to personal, financial or credit card information, which is stored separately in encrypted formats.  The company is asking all eBay users to change their passwords.

What customer information was accessed?

The attack resulted in unauthorized access to a database of eBay users that included:

Customer name
Encrypted password
Email address
Physical address
Phone number
Date of birth

Was my financial information accessed?

The file did not contain financial information, and after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. Likewise, the file did not contain social security, taxpayer identification or national identification information.

Has the issue been resolved?

We believe we have shut down unauthorized access to our site and have put additional measures in place to enhance our security. We have seen no spike in fraudulent activity on the site.

BOLD RED emphasis mine.

More in the article.

I think there is some truth to this too:

eBay’s handling of cyber attack ‘slipshod’ – The Telegraph:

A British security expert has branded eBay’s reaction to a huge cyber attack “slipshod” as emails warning customers that their personal details were stolen have still not been sent out, almost 24 hours after news of the security breach was inadvertently leaked

I certainly would have appreciated an email (not with a link it it necessarily) but message within my eBay would have been good. I don’t click links in email but I would have gone to eBay announcements link at the bottom of every eBay page.

However, as a user, I really appreciate that eBay was forthcoming in the ebayinc.com FAQ.

I changed my eBay password as soon as I heard about it the first time. If you haven’t, please, go take care of that and make sure it is a unique password.

IE Zero-Day Vulnerability

Microsoft Security Advisory 2963983 – Vulnerability in Internet Explorer Could Allow Remote Code Execution – TechNet

General Information

Executive Summary

Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. For information about protections released by MAPP partners, see MAPP Partners with Updated Protections.

Microsoft continues to encourage customers to follow the guidance in the Microsoft Safety & Security Center of enabling a firewall, applying all software updates, and installing antimalware software.

Mitigating Factors:

  • By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.

  • By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.

  • An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  • In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.

More information in the full article. There is no patch. But Microsoft has given some recommendations which are easier to understand at Security Garden’s posting:

Recommendations

As illustrated in the “Security Research and Defense Blog” reference below, users of IE 10 and 11 should ensure they haven’t disabled Enhanced Protection Mode.

Another option is to install the Enhanced Mitigation Experience Toolkit (EMET). The recommended setting for EMET 4.1, available from KB Article 2458544, is automatically configured to help protect Internet Explorer. No additional steps are required.

See the Tech Net Advisory for instructions on changing the following settings to help protect against exploitation of this vulnerability:

  • Change your settings for the Internet security zone to high to block ActiveX controls and Active Scripting

  • Change your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.

 

Those still using Windows XP on the Internet, please be aware:

VERY IMPORTANT FOR ANY HOLD OUT WINDOWS XP USERS

This is the first of the security vulnerabilities that DOES NOT include workarounds  for Windows XP. The oldest Windows noted as being affected are: Windows Server 2003 SP2 and Vista SP2.

IMPORTANT NOTE: Once a Microsoft product’s support has expired — as is true now about Windows XP SP3 since April 8, 2014 — Microsoft no longer lists it as affected by the vulnerabilities being patched. Microsoft only list Windows versions which are still under Mainstream Support or Extended Support. This has always been the case.

If anyone is still using Windows XP on the Internet (UNWISE!!), it would be strongly recommended to disallow IE (Internet Explorer) access to the Internet through your software firewall*, and use another browser like Firefox and Google Chrome which will still be getting updates for a time.

* Any Windows XP users still on the Internet should at least have:

  • a hardware router with Stateful Packet Firewall
  • should be using a ‘real’ software firewall as well as a good AV program. Just one good choice that will continue to support Windows XP is ESET’s Smart Security which is a very good antivirus and firewall. It is the one I use. It is not free. There are several free antivirus programs but not many free security suites.
  • block Internet Explorer through the ESET or other software firewall.
  • should be using a 3rd party browser like Mozilla Firefox with NoScript, Adblock Plus and WOT to help sort out safer search results on search engines, or Google Chrome with ScriptSafe, Adblock Plus and WOT Extension.
  • uninstall Java entirely, keep Adobe Flash religiously updated for Firefox as long as Adobe continues to provide them. Google Chrome updates Flash within itself. Might want to switch from Adobe Reader to Sumatra PDF reader which is a simple PDF viewer.
  • need to be even more careful than ever before about where you go. The bad guys will be looking with great anticipation for computers with expired Windows XP.
  • no risky behavior
  • no banking … note very soon banks will be disallowing expired Windows XP entirely anyway.

IMPORTANT: You can not block a program from getting out to the Internet with the Windows XP Firewall. It is only a one way firewall. It only monitors incoming Internet requests, instead of both ways as any real firewall including Windows 7 and Windows 8 built-in software firewalls do.

Here’s a quote from a ZDNet article:

To those planning to stick resolutely with the aged Windows XP operating system even after Microsoft ends support next year, the advice from experts is simple: Don’t do it.

Again: I would strongly suggest you get a new computer, upgrade your computer if it can be upgraded to a modern/still supported Windows such as Windows 7 or Windows 8, or get a Mac, or you could  convert/upgrade the computer to Linux or use a Linux LiveCD to visit the Internet and still use Windows XP as a standalone NOT CONNECTED TO THE INTERNET computer.

If you need help with any of this, please contact your computer guru, join a forums like Scot’s Newsletter Forums – BATL (Bruno’s All Things Linux) to ask questions, or you can use the contact info on my website  to contact me for some help.

Apple Security Updates – Safari for Macs

Apple security updates

safari logo

Safari 6.1.3 and Safari 7.0.3 – April 1, 2014

Affects

  • OS X Lion and OS X Lion Server v10.7.5
  • OS X Mountain Lion v10.8.5
  • OS X Mavericks v10.9.2

About the security content of Safari 6.1.3 and Safari 7.0.3 – HT6181:

This document describes the security content of Safari 6.1.3 and Safari 7.0.3.

This update can be downloaded and installed using Software Update, or from the Apple Support website.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see “How to use the Apple Product Security PGP Key.”

Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see “Apple Security Updates“.

Safari 6.1.3 and Safari 7.0.3

  • WebKit
    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
    Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling

More in the KB HT6181 article about the specific CVE-IDs addressed.

 

According to ITWire article:

Specific changes called out by Apple are a fix for an issue that could cause the search and address field to load a webpage or send a search term before the return key is pressed, support for generic top-level domains (so that Safari loads the requested page instead of treating it as a search term), and strengthened Safari sandboxing.

Very important update.

MS Word users warned of ongoing attacks exploiting unpatched bug

Microsoft warns Word users of ongoing attacks exploiting unpatched bug – Computerworld

Biggest worry, says expert, is that exploits are triggered just by previewing malicious messages in Outlook 2007, 2010 and 2013

Microsoft today warned users of Word 2010 that in-the-wild attacks are exploiting an unpatched vulnerability in the software.

The company also published an automated tool to protect customers until it issues a patch.

An attacker could cause remote code execution if someone was convinced to open a specially-crafted Rich Text Format (RTF) file or a specially-crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer,” said Dustin Childs, group manager and spokesman for Microsoft’s Trustworthy Computing group in a blog Monday.

BOLD in the quote is mine.

Microsoft put out a Security Advisory 2953095 as Corrine noted on her Security Garden Blog including Fix it buttons for enabling and disabling reading email messages in plain text format.

This is one of the things for which both Microsoft in Outlook and Apple in Mail have massively fallen down on the job. This would not be happening if you could easily toggle various view options such as HTML or Plain Text for reading emails, as well as allowing and disallowing images inline.

This is something that I am very thankful that Mozilla Thunderbird got right from the very beginning. Mozilla Thunderbird gives very granular control regarding the various ways to Display email messages such as in PLAIN TEXT, SIMPLE HTML (simple html with javascripting disabled), or ORIGINAL HTML.

You also have control over how images are displayed or not in several ways and differentiating between attached images and remote images.

You can also close to enable do not track in emails. There are Security Add-ons like Adblock PlusEnigmail (OpenPGP), more. As well as lots of specialized Add=ons. One of these that I like is QuickText and a few others. It works on Windows, Mac and Linux.

There is also a pay to play $9.95 I think, but also has a free trial. It was originally for Macs and now there is a Windows version as well. It was created by the original developers of Thunderbird called Postbox. It has some but not all the Add-ons that Thunderbird has.

/rant on

I am not saying everyone should move to Mozilla Thunderbird. What I am saying is that Microsoft Outlook and Apple Mail should give their users these types of granular control so people can choose how they wish emails to be viewed. Both do some things but they stop way short of what is really needed in this day and age with emails.

HTML is like a venetian blind. It hides what is behind it. You can’t see what is behind all that HTML. You can’t decide to see HTML only if you trust the email after viewing what is in that email. This makes it way too easy for phishing emails to look like your bank, PayPal, your credit card company, etc. It also allows companies to track you with web beacons, transparent gif images and other remotely loaded images so they know if and when you view their email.

Something needs to be done about all this. Mozilla Thunderbird makes it so easy for folks to be able to toggle images so they can’t track you, use SIMPLE HTML to keep the ‘form’ of an email message without the more dangerous javascripting. Or allows you to totally view the email in plain text so you can see that that link that appears to be going to your bank actually goes to some strange URL that has nothing to do with your bank or a store you may or may not do business with.

People need these tools. Some may or may not realize it, but they really do.

I have heard so many people say that the email look just like it was from their bank and they fell for it. Or a store they frequent and gave up their login credentials by clicking on the link rather than going to the website because it looked like it was the store’s promotion.

Sure, no one should click on links in email, but if it looks legit, many do. Sure, if you like something in a promotion for a store, it might be better to just go to the store’s website but some stores really don’t have a page on their website that is clickable to get you there, unless you click on the link in an email. Also, the links are often obfuscated by third party trackers and campaign tracking sites, etc. This all makes life very difficult for email users to know what’s good and what’s not.

OK, I will get off my soap box now.

/rant off