Slashdot Mirror
Network Associates Gives Up Search for PGP Buyer
nakhla writes: "I came across this article which states that Network Associates has given up the search for a buyer for its PGP division. The company has laid off 18 workers, and plans to continue to maintain the product for one year. It's a good thing that there are still products like GnuPG and others out there for people who need cheap, reliable encryption."
I actually bought a version of PGP Personal Security 7.0.3 from these guys. It comes with some nice extras such as a very nice firewall. It's a shame that not enough people contributed to the development. Hopefully they will open source the latest version so that development can continue for long after one year.
That a product as great as PGP is going under. I personally think that if it had stayed the way it was before the buyout, it would still be around. I wonder if something like this could eventually happen to /. or Gnome.
This is the reason I am always concerned when a major company snatches up some cool new technology; they see it in major use by techs/geeks/etc, and think, "hey, with some good marketing...". They fail to understand what features matter to the original audience, fail to capture a new audience, and then drop the product.
In the meantime, it strands people who used to like the product. I was a major PGP user since its inception. Now, I can't stand the darned thing. I tried the Palm and Pocket PC versions, I tried the Windows versions. They added too many toys and widgets to a small, light application.
Oh well. I hope the Gnu PGP clone keeps up.
-WS
An operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.
Maybe a smells a bit of conspiracy-theory, but this article at The Register opens the floor to the idea that NIA's decision isn't entirely due to commercial factors, and in fact looks a bit "fishy".
Quite an interesting point - why would they give up on such a good product like this? And who could gain from them giving up a product like this?
I'v been an ocassional user of PGP for year, first the DOS client then GPG on linux.
A friend of mine tried to use the freeware NA windows version. Hes a typical windows user and won't read instructions. After giving him a five minute talk saying "Other people use you public key to write messages to you, only you can read the message with your private key etc". Days later I call in at his house and he had not managed to use it. The user interface was horrible. Despite having used command line PGP for user and having a quick look at the help I couldn't find his keyring or work out how to use it from a quick look at the menus.
I can't imagine what the staff working on PGP were doing, certainly not useability
There were three background processes running on his already unstable win98 machine poping up box's demanding he type in his details and register. I think he reinstalled windows in the end. People who use PGP are gneerally a bit paranoid, annoying them by trying to make tem register seems pointless.
Network Associates made a fatal mistake in my opinion, that singularly was to belive people are smart enough to ACTUALLY KNOW they need encryption.
People in general, Im not talking slashot techno geeks. Have NO clue WHATSOEVER that information can be snatched from the net. I have told people they have mail bouncing only to see hen freak and become accusitory , HOW do You KNOW ?? You mean You could READ IT ? Blah Blah Blah, I look at em and say yeah but to bwe honest I could give a crap less what you write and to who. hat usually tones em down a notch.
BUT Back to the point, If someone dosent KNOW there is a NEED then there is NO market for the product , If people dont buy it because they dont know there is a need can you blame em ? If someone tried to sell you say a under the desk testicle shield for radiological effects from monitor transmission would you buy it ? a few would , but most no , WHY ? Becaues if here is no problem, the product COMPLETLEY loses its percieved value.
Now, that said they are in a bad market to try and pitch the inherent Insecurity of networks, being Network Associates and all...
Sig went tro...aahemmm.....fishing........
Encryption is one of those things that goes really well with open source. PGP started out as Philip Zimmermann's free and open project which he released with a written warning against software that locked away its source code and algorithms. This makes it a little difficult to go back to closed source and proprietary encryption methods. The internet community's love affair with PGP was broken when Phil quit working with Network Associates. The trust wasn't with PGP alone, it was with Phil heading up PGP's development that drew the trust of us all.
So, its not too surprising that Network Associates is having a little trouble trying to pawn off a product that has no market.
Exit PGP, enter GnuPG.
You are receiving this message because your browser supports Slashdot Sigs and you have Slashdot Sigs enabled.
Maybe CAI didn't want to keep improving the product. DJB's crypto paper and methodology shows that any key less than 1024 can be "easily" cracked. CAI would have had some more work to do on their product (just as I'm sure the GNUPG team is reconsidering the approaches they are using).
Finding the people to verify PGP is secure and proving that any new method of encryption is secure takes money, and since many people still consider zipping a file up with a password as "strong encryption" there was no market for it.
To think, not to long ago the US govt. was complaining that the world would end if we all had encryption. As it turns out, few cared enough to use it.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Absolutely. There are two huge problems. Firstly, it's easy to use things like PGP and set things up so that it's easily crackable. That requires knowledge (at all levels, from something as simple like making sure your private keys are only accessable by you, to the code using decent random generators).
Secondly, you have to care about being secure all the time. One lapse and you're wide open. This is an even bigger sticking point for the masses. Just the other day I was ranting about certain programs (I won't go into which ones here), and for each one of my main reasons for not using them was security or privacy concerns. The person I was trying to convince noticed that and basically asked why that was a big deal. This kind of took me by suprise, and so I did a quick poll of other reasonably computer literate friends (they would all know about PGP for example). Sure enough, most of them do not care if files on their computer can be read, so long as damage isn't done to the PC, etc, etc. I don't understand it, but it appears people are like that.
One random thought is that really email could do with a big overhaul. SMTP, email format, all kinds of aspects. Building encryption and authentication into that from the start would make things a hell of a lot cleaner and help make the above problems less of an issue. But sadly I think I'm dreaming that that will happen any time soon.
The drawback is: I would like very much like to use the same e-mail client on Linux and Windows, but sylpheed is only theoretically cross-platform. On ftp.gnupg.org, there is a w32 build of sylpheed 0.4.60 which is buggy like hell, and I have no idea how it was compiled (otherwise I would rebuild a newer version).
The problem with Phil's analogy to e-mail being like a postcard is that 99% of the time I use e-mail I would have no problem putting on a post card. And for the 1% of stuff I wouldn't normally put on a postcard...well, I'm just to lazy to set it up on every machine I use to send e-mail and convince all my contacts to use it and manage keys for everyone send e-mail to, and end up revoking and re-exchanging keys every time someone on a Win9X lets another person have physical access to their machine. This was the whole problem with the web of trust concept in the first place. The complexity of managing your trusted contacts (revoking certs, multiple certs for a contact, keeping your cert with you at all times) grows exonentially (or maybe worse).
Besides, if 99.9% of the mail coming into my mailbox at home was postcards, I would probably send more postcards and not worry about it. The whole reason the postcard argument works is not real concern for privacy, but comfort with cultural customs. This is also why secure e-mail will never catch on for unior sending a message to grandma. Where it will and has caught on is in security concious businesses such as medical records where encryption of electronic correspondence with patients it is now required by law (do a earch of HIPPA to see all the headaches this is causing).