The Eudora software developed by Qualcomm is a popular alternative email client to the Microsoft Outlook and Outlook Express software used by many home and business users around the world.
While not nearly as susceptible to viruses as its Microsoft counterparts, thanks to the decision by the developers to make the scripting code very different to that for Microsoft clients, as well as the ability to switch off scripting and MAPI. A number of articles have detailed how to lock down Microsoft clients, but neglect to mention the equivalent in Eudora. In an attempt to rectify this imbalance, this document details how to do it. I am using version 4.3.2 on a Win32 platform for the details of what to do here.
Automation Automation is the ability of one application to control another through the OLE interface. This is typically used by Microsoft office applications to use functionality available from another application. Go to Tools -> Options and choose Automation from the drop down list on the left. Make sure ôAutomation enabled from this machineö is unticked, and ôWarn on automation auto-send of messagesö is ticked.
MAPI Mapi is the Messaging API (Application Programming Interface) and is used by Windows applications to send email. Eudora includes its own MAPI server, for applications to connect to. You can switch this off by going to Tools -> Options and scrolling to the MAPI item, and ensuring ôNeverö is selected under the ôUse Eudora MAPI Serverö option.
Adverts One area where the Microsoft clients have an advantage over Eudora is in the adware department. Eudora uses the Cydoor system to display its adverts, when used in Sponsored mode. The use of such a system is justified as it is made very clear during installation that this is done, and users are given the option of removing it by upgrading to Paid mode. What I have found, however, is that although you can remove Cydoor when in paid mode using tools such as Ad-Aware, the next time you click Send/Receive it will reinstate itself afterwards, which is unforgivable. Yes, the adverts arenÆt displayed on screen but the fact that it stays there is the major weak point I have found in Eudora security. My firewall records connections to port 80 on an IP address owned by Qualcomm, which is obviously this doing its job as there is no legitimate technical need for an email client to connect to a web server.
Attachments EudoraÆs handling of email attachments is very sensible. It puts them by default in an Attach directory, which is under the main program (or mailbox if you move it elsewhere). As the files are stored as received, they will be subject to the same scrutiny of any other file stored locally, and as such any dodgy content should be picked up with a good up to date virus checker.
Overall The Eudora email client is inherently much more secure than its Microsoft counterparts, but a few minutes taken to check its settings can reduce the security risk to almost negligible levels.