Slashdot Mirror
Network Associates Gives Up Search for PGP Buyer
nakhla writes: "I came across this article which states that Network Associates has given up the search for a buyer for its PGP division. The company has laid off 18 workers, and plans to continue to maintain the product for one year. It's a good thing that there are still products like GnuPG and others out there for people who need cheap, reliable encryption."
I actually bought a version of PGP Personal Security 7.0.3 from these guys. It comes with some nice extras such as a very nice firewall. It's a shame that not enough people contributed to the development. Hopefully they will open source the latest version so that development can continue for long after one year.
That a product as great as PGP is going under. I personally think that if it had stayed the way it was before the buyout, it would still be around. I wonder if something like this could eventually happen to /. or Gnome.
This is the reason I am always concerned when a major company snatches up some cool new technology; they see it in major use by techs/geeks/etc, and think, "hey, with some good marketing...". They fail to understand what features matter to the original audience, fail to capture a new audience, and then drop the product.
In the meantime, it strands people who used to like the product. I was a major PGP user since its inception. Now, I can't stand the darned thing. I tried the Palm and Pocket PC versions, I tried the Windows versions. They added too many toys and widgets to a small, light application.
Oh well. I hope the Gnu PGP clone keeps up.
-WS
An operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.
Maybe a smells a bit of conspiracy-theory, but this article at The Register opens the floor to the idea that NIA's decision isn't entirely due to commercial factors, and in fact looks a bit "fishy".
Quite an interesting point - why would they give up on such a good product like this? And who could gain from them giving up a product like this?
At work, we are generallyrequired to use PGP for *all* project releated email, it's usually in the contract with the client. We use PGP 7, which, 99% of the time, works flawlessly with MS Outlook whn installed properly.
The problem comes when the person at the other end doesn't grasp public key encryption - which still seems a sticking point for a lot of people. Maybe they should teach it at High school?
I'v been an ocassional user of PGP for year, first the DOS client then GPG on linux.
A friend of mine tried to use the freeware NA windows version. Hes a typical windows user and won't read instructions. After giving him a five minute talk saying "Other people use you public key to write messages to you, only you can read the message with your private key etc". Days later I call in at his house and he had not managed to use it. The user interface was horrible. Despite having used command line PGP for user and having a quick look at the help I couldn't find his keyring or work out how to use it from a quick look at the menus.
I can't imagine what the staff working on PGP were doing, certainly not useability
There were three background processes running on his already unstable win98 machine poping up box's demanding he type in his details and register. I think he reinstalled windows in the end. People who use PGP are gneerally a bit paranoid, annoying them by trying to make tem register seems pointless.
"and the integration with current mail programs sucks! " Think Hushmail. Encryption standard web based email system.
Yawn.
Network Associates made a fatal mistake in my opinion, that singularly was to belive people are smart enough to ACTUALLY KNOW they need encryption.
People in general, Im not talking slashot techno geeks. Have NO clue WHATSOEVER that information can be snatched from the net. I have told people they have mail bouncing only to see hen freak and become accusitory , HOW do You KNOW ?? You mean You could READ IT ? Blah Blah Blah, I look at em and say yeah but to bwe honest I could give a crap less what you write and to who. hat usually tones em down a notch.
BUT Back to the point, If someone dosent KNOW there is a NEED then there is NO market for the product , If people dont buy it because they dont know there is a need can you blame em ? If someone tried to sell you say a under the desk testicle shield for radiological effects from monitor transmission would you buy it ? a few would , but most no , WHY ? Becaues if here is no problem, the product COMPLETLEY loses its percieved value.
Now, that said they are in a bad market to try and pitch the inherent Insecurity of networks, being Network Associates and all...
Sig went tro...aahemmm.....fishing........
Encryption is one of those things that goes really well with open source. PGP started out as Philip Zimmermann's free and open project which he released with a written warning against software that locked away its source code and algorithms. This makes it a little difficult to go back to closed source and proprietary encryption methods. The internet community's love affair with PGP was broken when Phil quit working with Network Associates. The trust wasn't with PGP alone, it was with Phil heading up PGP's development that drew the trust of us all.
So, its not too surprising that Network Associates is having a little trouble trying to pawn off a product that has no market.
Exit PGP, enter GnuPG.
You are receiving this message because your browser supports Slashdot Sigs and you have Slashdot Sigs enabled.
I work for a small HMO, and we are one of the insurance options for Federal Government employees in our state. *All* data that goes back and forth between us and the Feds is supposed to be encrypted with PGP. They even specify which PGP version we are supposed to use.
It will be interesting to see what happens now. I wonder if they will consider using GPG eventually?
Hey kids, there's only 5 days left 'til Yak Shaving Day!
Maybe CAI didn't want to keep improving the product. DJB's crypto paper and methodology shows that any key less than 1024 can be "easily" cracked. CAI would have had some more work to do on their product (just as I'm sure the GNUPG team is reconsidering the approaches they are using).
Finding the people to verify PGP is secure and proving that any new method of encryption is secure takes money, and since many people still consider zipping a file up with a password as "strong encryption" there was no market for it.
To think, not to long ago the US govt. was complaining that the world would end if we all had encryption. As it turns out, few cared enough to use it.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Remember how Commodore's incompetence helped kill the Amiga? Well I,
:-(. And TIS used to be a pretty good
personally, don't see much difference between that and what NAI has done
to the companies/products is bought/merged.
Where I work we use McAfee VirusScan and the Gauntlet firewall. At home,
personal use only, I use PGP. (Good ol' 2.6.) Since NAI raised its ugly
head:
. Working with McAfee has become more difficult in nearly
every respect, in my experience.
. The Gauntlet firewall product has become so bad, particularly
the support, that we gave up on it. (We're still using it. We just
haven't bothered with (non-)support contracts or "upgrading.") I
used to love that product
company to work with.
. When I tried to license PGP for business use, not only did
NAI not have a Unix version for sale, they had no mechanism whereby
I could license the "open source" version for business use. Think
of it: basically free money for them. They had to do no more than
charge me. No media. No downloads. No support. Just me saying to
them "Here! Take some money." The concept was utterly beyond
them.
So the PGP product is now dead. Imagine that. They've sold Gauntlet to
Secure Computing Corp. God knows what the status of the McAfee product
line is.
In summary: it's my opinion that NAI has done those products, not to
mention their (ex-)customers no favours. Needless to say: NAI is not one
of my favourite companies.
Absolutely. There are two huge problems. Firstly, it's easy to use things like PGP and set things up so that it's easily crackable. That requires knowledge (at all levels, from something as simple like making sure your private keys are only accessable by you, to the code using decent random generators).
Secondly, you have to care about being secure all the time. One lapse and you're wide open. This is an even bigger sticking point for the masses. Just the other day I was ranting about certain programs (I won't go into which ones here), and for each one of my main reasons for not using them was security or privacy concerns. The person I was trying to convince noticed that and basically asked why that was a big deal. This kind of took me by suprise, and so I did a quick poll of other reasonably computer literate friends (they would all know about PGP for example). Sure enough, most of them do not care if files on their computer can be read, so long as damage isn't done to the PC, etc, etc. I don't understand it, but it appears people are like that.
One random thought is that really email could do with a big overhaul. SMTP, email format, all kinds of aspects. Building encryption and authentication into that from the start would make things a hell of a lot cleaner and help make the above problems less of an issue. But sadly I think I'm dreaming that that will happen any time soon.
Part of the issue with widespread adoption of PGP isyou can't deploy it in a corporate environment. Imagine one disgruntled employee who encrypts a bunch of mission critical files, takes his keys, and goes home (resigns).
Yeah, we will su his a$$! Well, in the meantime, you are SOL and out of business for all intents and purposes.
PGP is great for individual use. It is a far too risky for corporate use.
You know, I'm a huge believer in open source, but I'm starting to loose faith.
We always cry that OS software is the way to go, and greedy bastards who charge for software are evil.
Well, look at the economy. Look at the number of out-of-work techies out there mowing lawns and flipping burgers to stay afloat. I wonder how many of them would have jobs if there was less open source software in existance. Are we shooting ourselves in the foot?
The drawback is: I would like very much like to use the same e-mail client on Linux and Windows, but sylpheed is only theoretically cross-platform. On ftp.gnupg.org, there is a w32 build of sylpheed 0.4.60 which is buggy like hell, and I have no idea how it was compiled (otherwise I would rebuild a newer version).
If the government of the sender is in a position to arbitrarily torture/kill it's people, then the mere fact an unreadable message is being sent may be enough to warrant such action. The 'Rubber Hose' attack on crypto is still valid...
My dad installed a dual-boot windows 98se RedHat linux system yesterday, after building the computer, with no prior computer knowledge and a couple hours of phone support with me. He might have trouble with ls and cd right now, but he's starting to understand a filesystem/directory structure. I bet in a year or two he'll be writing encrypted email on linux, now his primary business OS, and maintaining a secure business. He's also converting his winmodem over to external serial modems and setting up another dual-boot linux system for dial-up web access at both his home and business, upgrading staroffice 5.2 to OpenOffice 641C on all platforms (windows and linux) for MS compatibility, and this time around its costing him less than $1000 for the latest technology, 1.6+Ghz system, G-Force 2, etc. I'm very proud of my dad. But he's no exception, he's just like all the other "computer illiterate" people out there. They're not computer illiterate(sp?), they just need a little help to get them started and lots of encouragement. That's all.
The problem with Phil's analogy to e-mail being like a postcard is that 99% of the time I use e-mail I would have no problem putting on a post card. And for the 1% of stuff I wouldn't normally put on a postcard...well, I'm just to lazy to set it up on every machine I use to send e-mail and convince all my contacts to use it and manage keys for everyone send e-mail to, and end up revoking and re-exchanging keys every time someone on a Win9X lets another person have physical access to their machine. This was the whole problem with the web of trust concept in the first place. The complexity of managing your trusted contacts (revoking certs, multiple certs for a contact, keeping your cert with you at all times) grows exonentially (or maybe worse).
Besides, if 99.9% of the mail coming into my mailbox at home was postcards, I would probably send more postcards and not worry about it. The whole reason the postcard argument works is not real concern for privacy, but comfort with cultural customs. This is also why secure e-mail will never catch on for unior sending a message to grandma. Where it will and has caught on is in security concious businesses such as medical records where encryption of electronic correspondence with patients it is now required by law (do a earch of HIPPA to see all the headaches this is causing).
what about the other 90% of the people (literally) who don't use unix?
Thank you.