Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Associates Gives Up Search for PGP Buyer

Posted by michael on from the bargain-bin dept.

nakhla writes: "I came across this article which states that Network Associates has given up the search for a buyer for its PGP division. The company has laid off 18 workers, and plans to continue to maintain the product for one year. It's a good thing that there are still products like GnuPG and others out there for people who need cheap, reliable encryption."

12 of 180 comments (clear)

  1. who feels suspicious about this too? by Anonymous Coward · · Score: 2, Insightful

    Seems from comments I read in other places (theregister.co.uk,newsforge.com,...) they never did any serious effort to market PGP. Still, there is a market for products like this. It is even growing. Some article also mentioned certain US government administrations as key clients... Doesn't this look a little suspicious?

  2. High Profile Use Case by SirSlud · · Score: 3, Insightful

    PGP encryption could use a nice high profile use case where its use saved the ass of someone the average joe could relate to.

    I really dont think that the average consumer is concerned about having their private messages intercepted. (The logic is usually: "I dont do anything bad. Hey, waitaminute. Why are /you/ so interested ... ?")

    That being said, I'm not surprised that it was difficult to find a buyer for them. The market really hasn't encountered the high profile case that justifies wide spread deployment of PGP use. I think .. ?

    --
    "Old man yells at systemd"
  3. PGP is a joke by Dwonis · · Score: 3, Insightful

    Who cares? I stopped taking PGP seriously when NAI decided to stop releasing source code and expected me to 'just trust them' instead. Any crypto company that does that obviously knows nothing about security.

  4. Re:What difference will it make? by Boiling_point_ · · Score: 5, Insightful
    Is there any hope? I'd like to think so, but only if it becomes the default in hotmail and MS Outlook will it become widespread, and what are the odds of that?

    That's the trouble with encryption, and security in general. It takes effort to be secure. You can trust an algorithm with your life, but do you trust the piece of software you installed on the computer you assembled out of parts you bought off the shelf? Sadly, strong encryption built as a default into something like Outlook might cause more trouble than its worth, in misplaced trust.

    Most Outlook users wouldn't know how to tell if their private key had been compromised by some email malware. If they're using email for tasks that SHOULD be kept private because they trust that Outlook will make it safe, then where will we be?

    --
    "If you create user accounts, by default, they will have an account type of Administrator with no password." KB Q293834
  5. Re:What difference will it make? by Foxman98 · · Score: 3, Insightful

    Can't agree with you more. I setup PGP/GPG for myself at one point in the past. Fact of the matter is, hardly anyone uses it. The reason for this? Simple - the average e-mail user is not aware of how open their e-mail really is. I remember eplaining to a co-worker that their e-mail was readable to anyone in the world who really wanted to. After explaining this fact (the whole "don't write anything you wouldn't write on a postcard" theory) they still didn't seem to "get it". So I decided to show them. I had them send a message to another co-worker while dsniff was watching their machine. Should've seen the look on their face when they say the e-mail displayed on my terminal. Point is - average user hears about, and knows that e-mail isn't entirely secure, but I don't think they realize just a) how insecure it is and b) how easy (and illegal) it can be to sniff it.

    --
    S.t.e.v.e.
  6. Encryption and the masses by EschewObfuscation · · Score: 5, Insightful

    There are, IMHO, two things that keep the average email user from using encryption:

    First, it has to be absolutely transparent. It can't put more of an overhead on a standard email send-and-receive than already exists. Key management would have to become at least as easy as address book management (say, having addresses and keys automatically integrated into your keyring). While this would present a security hole, most users aren't going to want to go and verify keys. They're also not going to want to type their password every time they send an email. Most users of apps like Outlook just store their passwords on their PCs anyway, because they can't be bothered logging in once per session (ever deal with someone who didn't remember their password because they never type it in anymore?). IIRC, PGP had several of these features, but with some apps you still had to encrypt to the clipboard and then paste the encrypted message back into your document.

    Second, to even get people to do this minimum, and to demand it in products, they have to see the need for it. Phil put it best, I think, when he drew an analogy in the docs for PGP. I can't remember the exact wording, but it was something along the lines of "So you're not saying anything illegal. What would you think if the government outlawed envelopes, and all mail had to be sent on postcards?

    Most people don't believe how easy it is to read email, because they have no idea how to go about it. Instead, they shrug and say that they don't care. If instead you ask them how they'd feel about having all of their corporate correspondence and private letters going out on postcards, they'd think twice, and (hopefully) bite the bullet and start using something like PGP. There can be a huge market for applications like PGP, but it has to be sold to people with the right message, and it has to, even at the expense of some security (and yes, I realize the implications of that, and know the argument that no security is better than flawed security), be easy to use.

    --

    (email addr is at acm, not mca)
    We are Number One. All others are Number Two, or lower.
    --The Sphinx
    1. Re:Encryption and the masses by Xofer+D · · Score: 3, Insightful
      I know I've been looking for a mail app with just these features that runs on Windows (and hopefully Linux too). I'm a competent Linux and Windows user, and I have no trouble using PGP on Windows with my Mozilla mailer. On Linux, it takes me significant time to copy and paste together an encrypted - or even just signed - message.

      I don't think that there's a good reason to think that making PGP easier to apply to email would make it less secure:

      • Taking the PGP model as an example, we could simply bind a hotkey to the copy-EncryptClipBoard-paste operation.
      • Alternately, we could modify our mailers to include "encrypt" and "sign" buttons right next to the "send" button.
      • The problem with authentication could be solved by an icon displaying the level of trust the user may place in the key - highest if the user has typed it in manually and has explicitly indicated trust, lower for implicit trust, and very low for automatically found keys
      • There are already public key databases (which the NAI PGP client hooks into, I might add) which could be queried to decrypt or check signatures (see above re: trust levels) automatically. Making this transparent would significantly aid the spread of PGP use.
      As you can probably tell, I feel kind of strongly about this - I even convinced my mother to use the PGP suite (although it turned out that the old version I gave her crashes her Win2k machine). I'd seriously consider working on the project, but I know I couldn't do it alone, and there are limited numbers of free choices for Windows (which I think it's crucial to get this working on). This is something I'd love to see integrated into the Mozilla mailer, but I don't want to suggest it while they're bug-hunting for 1.0!

      I'd love to hear advice as to how I can help this to happen, or find it already sitting around.

      --
      The Signal/Noise ratio can be improved in two ways. Remaining silent is the OTHER way.
  7. Re:Does GnuPG has VPN support? by Skorpion · · Score: 2, Insightful

    I don't see why it should. Gnu Privacy Guard is a program that talks OpenPGP (RFC 2440). A OpenSource/Free VPN solution is for example FreeS/Wan. Those are different things ad selling them under one brand, while business-wise feasible, is like mixing aplles and oranges.

  8. Re:Danger Will Robinson! Danger! by caluml · · Score: 2, Insightful

    Erm - how is that different to the disgruntled employee that just deletes the files instead? You just restore from backup.

    If you didn't have backups of your "business critical" data, you shouldn't be in business anyway.

    --
    Get your own free personal location tracker
  9. Re:Does GnuPG has VPN support? by andersen · · Score: 2, Insightful

    There is no open source IPSEC client for windoze. I know, since a guy wanted me to setup a VPN for him. I setup FreeSwan, then realized that the only way to make windoze connect up was to buy copies of PGP/NET's IPSEC client...

    --
    -Erik -- --This message was written using 73% post-consumer electrons--
  10. Bollocks! PGP has option for corperate key escrow! by SomethingOrOther · · Score: 3, Insightful

    you can't deploy it in a corporate environment.

    You ARE wrong! Read this about which PGP version to use.

    Here is a cut 'n' paste of the intersting bit....

    The Business versions allow you to set up how PGP will be used throughout an organization, and also allow for use of an Additional Decryption Key (ADK); but do not really include anything of additional value to an individual user. The ADK is just a master key used by an organization that all of its email/files is also encrypted to, so that if someone leaves the organization, there will still be access to his/her encrypted files - It has absolutely nothing to do with concepts such as government key recovery.

    --
    Anyone quoted by a reporter knows how little they understand
    Don't believe what you read is the truth.
  11. Marketing blunder! by dcavanaugh · · Score: 3, Insightful

    PGP is a nifty little package for encrypting files & e-mail. If it had been sold as a nifty little package at a low price, NAI would not be looking to dump it.

    I played with PGP when it was freeware. In a pilot project, I exchanged office gossip with a co-worker to see if ordinary people could use it effectively for secure e-mail communications. It worked quite well, but we didn't have a pressing need for the technology so deployment went nowhere.

    Years later, I'm at a different company and now I have a use for it. I visit NAI to see if I can buy just the basic file & e-mail encryption. I discover all they really want to sell is the entire PGP Desktop bundle, for a price that IMHO far exceeds what basic encrypted e-mail should be worth. Eventually, I managed to buy the basic package, but only after making phone calls and finding a reseller who could do such a thing. The licensing complexities of the whole process was as if I was buying an nuclear reactor! Had this been an easier process, I might have deployed it on hundreds of PCs, instead it's only a handful.

    I am the customer; I am always right. I want an easy-to-buy, easy-to-use, cheap-to-deploy package that encrypts the 5% of my users' e-mail & files that are worthy of encryption. NAI could have marketed PGP successfully to a high percentage of business and home PC owners, but for whatever reason they chose to go after the ultra-paranoid, encrypt-everything, price-is-no-object crowd instead. PGP is a great product; better management could have made it profitable. Maybe someone will buy the product and figure out how to broaden its appeal.