Do You Allow Webmail Use on Your Network?

rtobyr asks: "I don't allow users at my organization to use any third party e-mail. When users complain, I point out that we can't control the security policies of outside systems. End users tend to think that big business will of course have good security; so I ran a test of the 'Big Four': Hotmail, Yahoo Mail, AOL/AIM Mail, and GMail. Yahoo Mail was the only webmail provider to allow delivery of a VBS script. GMail was the only provider to block a zipped VBS script. End users also tend to think that a big business would never pull security features out from under their customers. Of course, we know that AOL and Microsoft have both compromised the security of their customers. I don't know of any security related bad press for Yahoo or Google. Three of my Big Four either allow VBS attachments or have a poor security track records. So, if you are a network administrator, do you limit your users' ability to use third party e-mail, and if so, do you allow for GMail or other providers that you've deemed to have secure systems and reputations?"

You Have Your Answer Already: Replace the OS.

[twitter]

It's amazing how people can tell you the root of their problem without seeing it. The submitter asks about "webmail security" like this:

... Of course, we know that AOL and Microsoft have both compromised the security of their customers. ... Three of my Big Four either allow VBS attachments or have a poor security track records. ...

The issues raised are not "webmail" problems, they are problems of the underlying OS from a company that has "compromised the security of their customers." If you are using a decent OS, these security issues vanish.