Network Associates Gives Up Search for PGP Buyer 180
nakhla writes: "I came across this article which states that Network Associates has given up the search for a buyer for its PGP division. The company has laid off 18 workers, and plans to continue to maintain the product for one year. It's a good thing that there are still products like GnuPG and others out there for people who need cheap, reliable encryption."
who feels suspicious about this too? (Score:2, Insightful)
High Profile Use Case (Score:3, Insightful)
I really dont think that the average consumer is concerned about having their private messages intercepted. (The logic is usually: "I dont do anything bad. Hey, waitaminute. Why are
That being said, I'm not surprised that it was difficult to find a buyer for them. The market really hasn't encountered the high profile case that justifies wide spread deployment of PGP use. I think
PGP is a joke (Score:3, Insightful)
Re:What difference will it make? (Score:5, Insightful)
That's the trouble with encryption, and security in general. It takes effort to be secure. You can trust an algorithm with your life, but do you trust the piece of software you installed on the computer you assembled out of parts you bought off the shelf? Sadly, strong encryption built as a default into something like Outlook might cause more trouble than its worth, in misplaced trust.
Most Outlook users wouldn't know how to tell if their private key had been compromised by some email malware. If they're using email for tasks that SHOULD be kept private because they trust that Outlook will make it safe, then where will we be?
Re:What difference will it make? (Score:3, Insightful)
Encryption and the masses (Score:5, Insightful)
First, it has to be absolutely transparent. It can't put more of an overhead on a standard email send-and-receive than already exists. Key management would have to become at least as easy as address book management (say, having addresses and keys automatically integrated into your keyring). While this would present a security hole, most users aren't going to want to go and verify keys. They're also not going to want to type their password every time they send an email. Most users of apps like Outlook just store their passwords on their PCs anyway, because they can't be bothered logging in once per session (ever deal with someone who didn't remember their password because they never type it in anymore?). IIRC, PGP had several of these features, but with some apps you still had to encrypt to the clipboard and then paste the encrypted message back into your document.
Second, to even get people to do this minimum, and to demand it in products, they have to see the need for it. Phil put it best, I think, when he drew an analogy in the docs for PGP. I can't remember the exact wording, but it was something along the lines of "So you're not saying anything illegal. What would you think if the government outlawed envelopes, and all mail had to be sent on postcards?
Most people don't believe how easy it is to read email, because they have no idea how to go about it. Instead, they shrug and say that they don't care. If instead you ask them how they'd feel about having all of their corporate correspondence and private letters going out on postcards, they'd think twice, and (hopefully) bite the bullet and start using something like PGP. There can be a huge market for applications like PGP, but it has to be sold to people with the right message, and it has to, even at the expense of some security (and yes, I realize the implications of that, and know the argument that no security is better than flawed security), be easy to use.
Re:Does GnuPG has VPN support? (Score:2, Insightful)
Re:Danger Will Robinson! Danger! (Score:2, Insightful)
If you didn't have backups of your "business critical" data, you shouldn't be in business anyway.
Re:Does GnuPG has VPN support? (Score:2, Insightful)
Bollocks! PGP has option for corperate key escrow! (Score:3, Insightful)
you can't deploy it in a corporate environment.
You ARE wrong! Read this [mccune.cc] about which PGP version to use.
Here is a cut 'n' paste of the intersting bit....
The Business versions allow you to set up how PGP will be used throughout an organization, and also allow for use of an Additional Decryption Key (ADK); but do not really include anything of additional value to an individual user. The ADK is just a master key used by an organization that all of its email/files is also encrypted to, so that if someone leaves the organization, there will still be access to his/her encrypted files - It has absolutely nothing to do with concepts such as government key recovery.
Marketing blunder! (Score:3, Insightful)
I played with PGP when it was freeware. In a pilot project, I exchanged office gossip with a co-worker to see if ordinary people could use it effectively for secure e-mail communications. It worked quite well, but we didn't have a pressing need for the technology so deployment went nowhere.
Years later, I'm at a different company and now I have a use for it. I visit NAI to see if I can buy just the basic file & e-mail encryption. I discover all they really want to sell is the entire PGP Desktop bundle, for a price that IMHO far exceeds what basic encrypted e-mail should be worth. Eventually, I managed to buy the basic package, but only after making phone calls and finding a reseller who could do such a thing. The licensing complexities of the whole process was as if I was buying an nuclear reactor! Had this been an easier process, I might have deployed it on hundreds of PCs, instead it's only a handful.
I am the customer; I am always right. I want an easy-to-buy, easy-to-use, cheap-to-deploy package that encrypts the 5% of my users' e-mail & files that are worthy of encryption. NAI could have marketed PGP successfully to a high percentage of business and home PC owners, but for whatever reason they chose to go after the ultra-paranoid, encrypt-everything, price-is-no-object crowd instead. PGP is a great product; better management could have made it profitable. Maybe someone will buy the product and figure out how to broaden its appeal.
Re:Encryption and the masses (Score:3, Insightful)
I don't think that there's a good reason to think that making PGP easier to apply to email would make it less secure:
- Taking the PGP model as an example, we could simply bind a hotkey to the copy-EncryptClipBoard-paste operation.
- Alternately, we could modify our mailers to include "encrypt" and "sign" buttons right next to the "send" button.
- The problem with authentication could be solved by an icon displaying the level of trust the user may place in the key - highest if the user has typed it in manually and has explicitly indicated trust, lower for implicit trust, and very low for automatically found keys
- There are already public key databases (which the NAI PGP client hooks into, I might add) which could be queried to decrypt or check signatures (see above re: trust levels) automatically. Making this transparent would significantly aid the spread of PGP use.
As you can probably tell, I feel kind of strongly about this - I even convinced my mother to use the PGP suite (although it turned out that the old version I gave her crashes her Win2k machine). I'd seriously consider working on the project, but I know I couldn't do it alone, and there are limited numbers of free choices for Windows (which I think it's crucial to get this working on). This is something I'd love to see integrated into the Mozilla mailer, but I don't want to suggest it while they're bug-hunting for 1.0!I'd love to hear advice as to how I can help this to happen, or find it already sitting around.