Two and a half years ago, I wrote a post describing a problem I had been having when Rochelle migrated to Mozilla Thunderbird for email, and Norton Anti-Virus was corrupting her Inbox. The gist of the post was that there didn’t seem to be a good anti-virus solution that worked well with Thunderbird.
A couple weeks ago a comment defending Thunderbird came in on the post. I started to respond in another comment, but because the attitude expressed by the commentor is so prevalent in software, I wanted to respond more publicly.
Here’s the meat of the comment (or read in full):
The problem with virus checking in Thunderbird is actually not Thunderbird. It the strategy you are using to scan for email viruses. […] If your antivirus program doesn’t have a function to scan email as it’s downloaded and prior to hitting your inbox, get a real antivirus solution that does. Let’s not be bad mouthing Thunderbird for something you are not doing appropriately in the situation you have.
Well, at the simplest level, this is correct, it’s really just a matter of configuration. But on other levels this philosophy — that the features are there to solve the problem, the user just needs to find and configure them — is not a very customer-friendly one. You could argue that it’s the opposite. There are very few people out there looking to buy “anti-virus software with an email proxy or plug-in to scan incoming emails.” They just want “safe, virus-free email.” By itself, Thunderbird still does not provide this.
And, in spite of 2½ years passing since I wrote the original post, the software and the web site still do not provide any useful information about how to achieve “safe email.” The only official information about anti-virus protection I found today is the FAQ Is Thunderbird susceptible to e-mail viruses?, which still has the same essentially useless information I noted 2½ years ago. On a very real level, the level at which most people will experience the product, getting “safe email” with Thunderbird is a challenge that most people will not be able to meet.
A person can say “don’t bad mouth Thunderbird,” but what they’re really saying is “people who aren’t smart enough to figure out this Thunderbird + anti-virus stuff for themselves should use something else.” I wonder what the response would be if the Thunderbird project posted those words on their web site, instead of the useless words in the FAQ?
Final note: Rochelle’s solution to the dilemma was to switch to Gmail. Works great, and virus-free.