On 19/07/14 13:25, Chris Pemberton wrote: > > On 07/18/2014 02:19 PM, Ned Slider wrote: >> I note EPEL has a thunderbird package but it seems very out of date at >> version 24.5.0. Version 24.6.0 was released 10 June, nearly 6 weeks ago, >> and fixed 3 critical security issues. Is this normal for EPEL to be so >> far behind on security updates? >> >> So what is everyone else using? > > I'm using the EPEL package for my personal laptop. The odds of me > getting bit by a 6 week old exploit are probably almost non-existent. > The odds of me forgetting to keep a custom install of thunderbird > updated outside of yum is very high. > Yes, the power of a centralized packaging system where everything can be updated in one hit can not be understated. Firefox and Thunderbird do have a built in updating mechanism and are supposed to update themselves (this is disabled in packaged versions). I've no idea how well it currently works - I'll let you know when the next update comes out. > I'm far from any kind of security expert, but here are two things I do > to keep my browser/email client safe: > > 1. I only use gmail - as Google likes to scrub all of my data clean > before they steal it > > 2. I install a custom hosts file ( http://someonewhocares.org/hosts/ > ). This protects all applications in one swoop, not just the browser. > Yes, great advice. There's another popular variant here: http://winhelp2002.mvps.org/hosts.htm > I don't use any adblock browser/email plugins because I've never > investigated where the list of re-directs are stored on the machine. > Perhaps they are harmless... but it would be easy to place a few > re-directs in there and get millions of machines to do bad things real fast. > > ~ Chris