Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP Acquired From NAI

Posted by jamie on from the old-standards dept.

lowy writes "PGP Corporation, the 'new company with a long history' today announced that it has received $14 Million in funding and acquired the PGP Desktop and Wireless encryption product lines from Network Associates, Inc." PGP Corporation issued five press releases today, but we'll forgive it because it actually has products to sell, promises to keep offering a freeware version, and is taking on tech support for existing customers. Also, the email from NAI to its customers follows.

August 19, 2002

Dear Customer,

Today we are pleased to announce that PGP Corporation, a newly formed, venture-funded security company, has acquired the PGP desktop encryption and wireless product lines from Network Associates. As you know, prior to placing the products into maintenance mode, we were actively looking for a buyer that would continue the development and support of the technology.

Network Associates has retained products developed using PGPsdk including McAfee E-Business Server for encrypted server-to-server file transfer, McAfee Desktop Firewall and McAfee VPN Client. These products will remain a part of Network Associates existing product portfolio and we will continue to develop them to meet your security needs. PGP Corporation has acquired PGPmail, PGPfile, PGPdisk, PGPwireless, PGPadmin and PGPkeyserver encryption software products for Win32 and Macintosh, PGPsdk encryption software development kit, and PGP Corporate Desktop for Macintosh.

In addition to the technology, PGP Corporation has acquired all worldwide customer license agreements and technical support obligations. To ensure a seamless transition, Network Associates will work with PGP Corporation to support PGP customers through October 26, 2002. PGP Corporation will contact you shortly with details on its plans and product direction.

We trust that you will have continued success with the PGP desktop and wireless encryption products through PGP Corporation. Network Associates appreciates your business and we value our continued relationship across our remaining product lines.

55 of 175 comments (clear)

  1. Re:Mac OS X by Anonymous Coward · · Score: 5, Informative

    You will! Read the announcement.

  2. Re:Mac OS X by Yarn · · Score: 2

    From http://www.pgp.com/display.php?pageID=21:
    PGP Corporate Desktop 8.0 for Mac OS X will be available for ordering in Q4 2002.

    --
    -Yarn - Rio Karma: Excellent
  3. Check GnuPG, an excellent alternative by Anonymous Coward · · Score: 5, Informative


    http://www.gnupg.org/

    1. Re:Check GnuPG, an excellent alternative by sllort · · Score: 3, Informative
      Please note that GnuPG is not a full replacement for PGP, it does not contain the following features:

      • Run-time filesystem encryption (encrypted fs)
      • Firewall
      • IDS
      • IPSEC Tunneling VPN

      It does have some email encryption abilities however, so if that is your intended purpose, go to it. It's Free as in Speech!

      KWTCMA
    2. Re:Check GnuPG, an excellent alternative by ftobin · · Score: 3, Insightful

      As always, if PGP had come with an mp3 player, people would complain about GnuPG not having one also. PGP-the-suite is primarily a morass of fairly unrelated products, bundled together merely for markettng reasons, which you have obviously fallen for...

    3. Re:Check GnuPG, an excellent alternative by rosewood · · Score: 2

      What version of PGP for windows allows me to be an ipsec 'client' ??

      Im really sick of ol SSH Sentinel, see my sig

      --
      The ultimate network admin tool needs HELP!
  4. Re:Mac OS X by jht · · Score: 5, Informative

    Yep, we will. They've announced that PGP 8.0 for OS X will be available within a couple of months, and it's fully Cocoa based. It'll include plug-ins for Apple Mail and Entourage, and it'll have a version of PGP Disk that'll work with older images and run in OS X.

    There's also going to be new Personal versions of all the apps, as well. PGP Net will be a separate application under OS X, rather than being bundled in the base product. The Windows PGP VPN product will continue to be sold by NAI.

    (Of course, had they posted this when I submitted it 3 hours ago, you would have known this already...)

    --
    -- Josh Turiel
    "2. Do not eat iPod Shuffle."
  5. Re:Cool. But it only benefits.... by sllort · · Score: 3, Insightful

    it only benefits...the corporate/home MS windows user's really.

    So basically PGP only benefits 90% of the Marketplace? As far as being clueful goes, I consider myself to have a clue, and I use PGP instead of GPG because of the extra functionality - seamless integration with email clients, built in firewall, built in IDS, and an encrypted filesystem that integrates seamlessly into the filesystem. How exactly can you secure applications with files spread all over the hard drive (like your Internet Explorer cache) without a feature like that?

    Maybe they're just clued in to different clues than you, man.

  6. Actually... by Anonymous Coward · · Score: 2, Insightful

    Personally I think it's great to be able to download their free non-commercial version but I do think it's a bad business-model.

    Think about it, how much value is there for corporations in a product like PGP? HUGE!

    How much value is there for homeusers that wants to protect their data, also quite big!

    How much do people pay for cable, internet and other stuff each month. Quite some money, right? Wouldn't a product they often use on a daily bases be worth anything?

    For them, I don't think it's wise to give away the product to home users since it has value to them too.

    I think this is the IT-industries problem in a nutshell, people working in it always think their products isn't worth anything then in fact people do pay lots of money for even small insignificant stuff in their life.

    1. Re:Actually... by FreeLinux · · Score: 5, Insightful

      The home user market is really quite small by comparison to the corporate market. Think about it, how many AOL users have a clue what PGP is, much less a desire to use it.

      Since this is a small market anyway, they lose little or nothing by giving it away to this market segment. But, by giving it away, they have a greater potential to increase their mind share and their installed base. They also increase compatibility in the sense that corporations can communicate with private citizens via PGP, something that can not happen if the general public doesn't have a means of decrypting the communications.

      The model is similar to many others who have been highly successful with it. Think about Real Networks, Adobe, Macromedia and even the venerable web browser Netscape and IE. They give the client away and sell the server.

      Now, later on after they have established themselves as the monopoly for the communications encryption market, they can start charging the small users too because at that point those users will have to have it.

      In the end, very profitable indeed.

  7. Re:who funded it by Majin+Bubu · · Score: 5, Informative

    Check http://www.pgp.com/display.php?pageID=51#anch23
    T he new company has Zimmermann and Schneier in the technical board of advisors. One can hope.

    --
    Ander

    @=

  8. Re:Mac OS X by jeffy124 · · Score: 2, Funny

    wow!! that announcement looks great!

    Warning: Too many connections in /var/www/html/pgp/conn.php on line 7

    Warning: MySQL Connection Failed: Too many connections in /var/www/html/pgp/conn.php on line 7
    Error: Could not connect to MySql

    --
    The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
  9. Re:Awesome by Mascot · · Score: 3, Informative

    So.. Why not just install XP then PGP? I've been using PGP 6.5.8 since XP release and it works just dandy. The OE plugin is a bit shaky but it does work. Encrypted volumes (mounted files) works flawless.

  10. Thankfully... by JoshMKiV · · Score: 2, Interesting

    Thank you!!! Freeware just didn't cut it for some installations. We were happy to pay for the product, but then NAI dumps it... The time between owners will hurt PGP, but the damage shouldn't be too bad. Now if Meta and the like will start to recommend it...

  11. Re:Awesome by sql*kitten · · Score: 2

    So.. Why not just install XP then PGP? I've been using PGP 6.5.8 since XP release and it works just dandy. The OE plugin is a bit shaky but it does work. Encrypted volumes (mounted files) works flawless.

    I've experienced issues with PGP and XP's fast user switching. I guess that the PGP services aren't sure what to do with >1 interactive user logged on.

  12. Re:Awesome by Betcour · · Score: 2

    You can do the same without the NTFS file encryption built into 2000 Pro and XP Pro...

  13. Isn't that a bit deceptive? by Bruce+Perens · · Score: 5, Informative
    GnuPG is intended to replace the PGP encryption program, not the entire PGP product line. Of course, there are Free Software replacements for those other products as well:
    • Encrypted filesystem: GPL driver for Linux
    • Firewall: Linux Router Project and others.
    • IDS: Snort and its ilk.
    • IPSEC tunneling VPN: I think this is in Free S/WAN.

    Bruce

    --
    Bruce Perens.
    1. Re:Isn't that a bit deceptive? by Bruce+Perens · · Score: 2, Informative
      OK, sorry to jump upon you, but the confusion of a product and the product line sounded too much like market-speak for me.

      If your criteria include a Windows implementation, we're not going to meet them very often - we are more interested in other platforms. But in the case of the router, that's certainly an advantage. I cringe at the thought of someone hosting their firewall on the Windows OS.

      Thanks

      Bruce

      --
      Bruce Perens.
    2. Re:Isn't that a bit deceptive? by Bruce+Perens · · Score: 2
      His criteria include a user-friendly interface. The Linux Router Project has a management front-end and is packaged like a product. Netfilter is the functionality without the rest of the package.

      Thanks

      Bruce

      --
      Bruce Perens.
    3. Re:Isn't that a bit deceptive? by Bruce+Perens · · Score: 2
      Well, he didn't mention PGPfone, which is an encrypted telephone. I don't know where that went as a product.

      Bruce

      --
      Bruce Perens.
    4. Re:Isn't that a bit deceptive? by tiny69 · · Score: 2

      As for as I can tell, LRP is slowly being replaced by LEAF(http://leaf.sourceforge.net). The mailing list is still active, but there doesn't seem to be a whole lot of development going on (of cousre, LRP looked like that a couple of years ago when I was interested in it:). http://lrp.c0wz.com, which was a great site for information, is down and it's difficult to find an active mirror of the old site.

      --
      Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
    5. Re:Isn't that a bit deceptive? by batkiwi · · Score: 2

      -Firewall: Linux Router Project and others.

      LRP is a router for connection sharing. PGP gives you zonealarm/blackice style firewalling for a windows system (ie restrict outgoing ports to only approved applications, block all incoming ports by default, etc).

      Granted, this functionality can be attained using ipchains with various complex filters, but I haven't seen a nice gui that says "only let ftp, icq, mozilla, and ssh open outgoing connections" for linux (or windows, apart from what I named above) yet.

    6. Re:Isn't that a bit deceptive? by Elwood+P+Dowd · · Score: 2

      Phil Zimmerman was disappointed that it wasn't being used by NAI, so it got released on pgpi.

      http://www.pgpi.org/products/pgpfone/

      There is a text file about the licensing, which sounds real hairy. NAI released the code, but said that no one was allowed to use it. Or something. Phil was hoping other people might submit improvements. Lord only knows what PGPfone's destiny is in this new exchange.

      --

      There are no trails. There are no trees out here.
  14. Command line version? by Malc · · Score: 2, Interesting

    I recently tried out GPG with Mozilla's enigmail. What a horrible experience. I'm back to the PGP6.x. It would be nice if PGP7.x hadn't removed the command line tools... can we please have them back?

    1. Re:Command line version? by kcurrie · · Score: 2, Interesting

      What didn't you like? I use it daily and it works wonderfully (at least in the latest version, running on 1.1b). Even my tech-challenged wife is able to sign and encrypt emails to others without my help.

      --
      -- I speak only for myself.
    2. Re:Command line version? by Llanfairpwllgwyngyll · · Score: 5, Informative

      The PGP 7.x command line tools were removed because of the ease with which you could hack together a server using the command line tools without paying for a PGP Server-stylee licence which cost a lot more. The E-biz stuff still gave you the command line versions - but that was more expensive.

    3. Re:Command line version? by Asgard · · Score: 2

      Combining Quintuple Agent, a password-memory program that also interfaces with gpg, and PgpEnvelope, a very nice text-menu-driven pine-compatible gpg / pgp interface will get you the same thing.

    4. Re:Command line version? by Cadre · · Score: 2

      I've used all the pgp wrappers for Pine and I personally have found the best one is PinePG. It's minimalistic, when you send it gives you the option to sign or sign+encrypt and it securely caches the passphrase. It auto unencrypts and verifys the messages.

      --
      All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
  15. Re:Cool. But it only benefits.... by Llanfairpwllgwyngyll · · Score: 2

    Absolutely. Remember, ANYTHING that expands the PGP (by which I mean anything which is OpenPGP complient) market is GOOD for everyone.

    I use both PGP *and* GPG personally. I use both PGP *and* GPG professionally. For corporate use we HAVE to have the Corporate Recovery features (although you can add an ADK to my *personal* key when you prise it from my dead fingers). For signed files on our FTP server (a Linux box) we can use GPG to auto-check the integrity.

    Dead pleased to see PGP being owned by someone who gives a toss now!

    Two things for them to consider carefully:
    1) Code Review
    2) Other platforms (esp. Linux)

  16. Earlier comments. by mkoz · · Score: 2

    I wonder how this will mesh with the earlier interview where he expressed a desire to open source PGP... It would be really cool if Zimmerman could be convinced to open the code and sell it.

    1. Re:Earlier comments. by davmoo · · Score: 2

      I also wonder how this will mesh, especially since I notice that Mr. Zimmerman's name does NOT appear in either the list of managers, or the board of directors and investors. Does he even have anything at all to do with the new PGP?

      --
      I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
  17. Depressed Persian Towtruck Man by Bill+Kendrick · · Score: 3, Funny

    For some reason, PGP Corp's slogan:

    Protecting Confidential Information,
    In Transit, In Storage, Everywhere, All the Time.

    just reminds me of the Depressed Persian Towtruck Man character from MadTV...

    "Allll-ways... Allll zuh time..." ;)

  18. Now is the time. by mesozoic · · Score: 5, Insightful

    I've always lamented PGP's de-evolution from a robust security tool to an antiquated piece of crap. Network Associates certainly has not spent due time in maintaining and improving PGP, and to their own loss. Now that businesses are paying serious attention to network security, it's the ideal market for a company like PGP Corporation.

  19. Re:Awesome by rosewood · · Score: 2

    I have version 7.0 of PGP Desktop running on Windows XP and have for a hell of a long time, and it works just fine.

    And you can use NTFS for your encrypted file system if you want to be running windows.

    --
    The ultimate network admin tool needs HELP!
  20. Re:Mac OS X by 13Echo · · Score: 2

    I don't doubt it. The problem with NAI having PGP was that it was pretty much in limbo. Nothing could be done with it. It was pretty much just going to waste.

    This was a really good article on the subject of Phil Zimmerman on buying back PGP
    .

    Just who is PGP Corp.? Their site is down, and I can't get more info.

  21. Re:Check GnuPG, an excellent subset by ftobin · · Score: 2

    Your attempt at sarcasm shows that you know much less than you think you do.

  22. Re:Check GnuPG, an excellent subset by matts.nu · · Score: 3, Informative
    Yes, an IDS, a firewall, an encrypted email client, and an encrypted filesystem

    Have you actually tried running them together? Like configuring PGPfire to block everything that wasn't authenticated in PGPvpn. You can't do it. There is no interaction between PGPvpn and PGPfire.

    SSH Sentinel isn't sold as a firewall, just a VPN solution, but it allows you to block any traffic that you don't have a VPN definition for. I'll take SSH any day over PGP, and it's also free for non commercial use.

  23. Huge market and price points by dcavanaugh · · Score: 2

    I agree that there is a huge market for encryption, and it will continue to grow as people realize the need for defense against a whole new category of threats.

    While PC encryption has a huge potential market, NAI ignored most of it. To me, the problem was that they concentrated on the tiny market segment that was willing to pay top dollar for an all-inclusive encryption package. I found it quite difficult to buy just the basic file encryption or e-mail encryption. Why should encryption cost more than the entire OS?

    Less than 1% of all my documents and e-mail needs to be encrypted. I think that's fairly typical for users in general. If NAI concentrated on getting something from everyone ($50?) who needed to send/receive encrypted e-mail or wanted better encryption than the feebleware features of MS Office, PGP would have been a big winner. Let's hope the new owners can capitalize on the untapped market for this product.

    1. Re:Huge market and price points by dcavanaugh · · Score: 2

      Based on your comments and NAI's marketing, it appears NAI agreed with your position -- look where it got them! If the price is over $100 per seat, the market is very small. Under $50, it's huge. Somewhere between $1 and $100 per seat is the optimum price that will produce the most revenue.

      I checked out the price list on pgp.com, and the "promotional" prices are all in the neighborhood of $50 per seat! If they can keep the silly user handholding under control, there is no reason why they won't crank up the volume and make far more than NAI ever did.

      If M$ can sell "XP home edition" for $99, there is no reason why an encryption package has to cost more than that. Does M$ sell the OS as a loss leader? I doubt it. How does the cost of supporting PGP compare to what M$ spends to support millions of idiotic users, and the endless parade of critical updates & service packs?

      The PGP encryption algorithms are already developed -- it's just a matter of applying them to data sources and providing a reasonable plug-in interface to a variety of apps. Remember -- the original (pre-NAI) PGP was distributed at a cost of $0.

  24. Re: the home market for PGP by King_TJ · · Score: 2

    Well, I think the corporate market is much larger than the home user market for PGP *in its current form*.

    Is there a potentially huge market for the individual home user to encrypt their data? Absolutely!!

    Problem is, the average home user wants something so "brain-dead simple" to deal with, that it basically becomes invisible. If they can integrate PGP to the point where it feels like part of the OS itself (and doesn't cause a noticeable performance hit, or compatibility/stability issues in the process), then they've really got something.

    I envision a product that asks a few basic questions during the initial setup, and then simply runs invisibly in the background afterwards. It should default to encrypting all data saved to my non-removable media, and let me click to encrypt removeable media on a case-by-case basis. Instant messengers like ICQ, AIM, etc. should all be supported, as well as email.

  25. Not gonna do it... by zenyu · · Score: 2

    If you want to send someone an encrypted e-mail, you're gonna ask them for their PGP key. But you'll probably tell them where to get the Free-as-in-beer GUI. If there wasn't the nice one from PGP you'd point them to the Free GPG one as well, and that's what they would probably download, even though it's a little tougher to use.

  26. Re:Awesome by Jeremiah+Cornelius · · Score: 2
    The question is, how long until the XP version of PGP is released?

    This exists, and includes a working PGP Disk Driver under Windows XP. Check out Imad's PGP PageThe latest Build 9, Beta 3 includes XP compatability. Imad's sources are the Publicly release 6.58 branch fom NAI. His fork includes numerous bug-fixes, platform-compatibility enhancements, additional plug-ins (ICQ), and improved interoperability with GnuPG/Open PGP.

    Joe-Bob says, "Check it out."

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  27. Re:Awesome by Zeinfeld · · Score: 3, Informative
    The question is, how long until the XP version of PGP is released? PGP has been my "killer app" for sticking with Win2k - how can you own a notebook computer without an encrypted filesystem?

    Windows XP Professional includes an encrypted file system. Have you considered using that?

    Outlook, Netscape, Notes etc. all support S/MIME encryption and signature, so adding PGP is not adding crypto capability, it is adding a particular crypto protocol. Now you may argue that you prefer the PGP implementation of that functionality but don't raise a preference to the level of a requirement unless you want to risk that when you give the world a choice of PGP or nothing that they go off and choose nothing.

    The problem we have in the industry is that PGP/X.509 has become a Betamax/VHS battle. The costs of incompatibility are much greater than the specific benefits of either protocol.

    The reason that PGP Inc mk I failled commercially is that they were pushing Betamax while the rest of the industry had standardized on X.509v3 with cross certificate extensions to provide Web of trust type capability.

    There was also a good deal of personal animosity between some of the principals of the X.509 and PGP worlds. At this point however the industry is pretty much been driven by a different group of people and the standards issue has moved beyond the certificate format question. The XKMS protocol is designed specifically so that the client does not need to know whether the underlying PKI is PGP, S/MIME or whatever based.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  28. ok there's a RFC lets see them follow it by johnjones · · Score: 2

    there is a RFC on OpenPGP

    http://www.ietf.org/rfc/rfc2440.txt

    I wonder if they will follow it or just pay themselves out of the 15million they got
    (the RFC is explained here )

    I just hope they do the decent thing

    regards

    John Jones

  29. compatability is a RFC by johnjones · · Score: 2

    there is a RFC on OpenPGP

    http://www.ietf.org/rfc/rfc2440.txt

    I wonder if they will follow it or just pay themselves out of the 15million they got
    (the RFC is explained here )

    I just hope they do the decent thing

    regards

    John Jones

    (yes I know its a repost but I could not see it with my GF's threshold)

  30. on windows IPSec is a free download or part of OS by johnjones · · Score: 2

    MS has a free download of IPSec for win98 and its a feature of win2k and XP as they both have IPv6
    (linux needs a patch because it does not have the crypto inside the kernel)

    see
    http://download.microsoft.com/download/win98/Ins ta ll/1.0/W9XNT4Me/EN-US/msl2tp.exe

    regards

    John Jones

    p.s. check the secure log to see whats going on in linux and set pluto to log

  31. Re:Mac OS X by Jonny+290 · · Score: 2

    Nah, it's like putting a paper bag over the pig's head - enough to make the difference between gnawing your arm off to get away and begrudgingly accepting the situation.

    --
    Hey Taco! Looks like you're using the "infinite monkeys and typewriters" scheme to generate Ask Slashdots again...
  32. Re:Open source it all!! by absurd_spork · · Score: 2
    Puhleeease!

    Need to hire a 'geek' in Michigan? Hire me [mailto]!

    Are you sure you're good at advertising for yourself?

    --

    There is absolutely no reason to panic.

  33. Re:Does anyone actually use PGP by Llanfairpwllgwyngyll · · Score: 2

    Ummm... it was *irony* :-)

    That key belongs to "Pretty Good Privacy Inc Corporate Key " created in 1997!

    I found it on the keyservers myself.....

  34. Re:Awesome by Zeinfeld · · Score: 2
    One problem with the Windows 2000/XP Pro encryping file system that you should consider is that if you have an encrypted volume and you are forced or required to reinstall Windows for any reason you will loose access to that volume because the keys will not match. With PGP disk you simply need to enter the password.

    If you are using the encrypting file system for files of that type you should export your EFS certificate and private key from your profile and store it in a safe place (like a safe). You should also do this with the administrator's master certificate, only this time delete the private key off the machine completely and make several backup copies of the cert.

    The best solution in an enterprise context is to use a commercial key recovery system. While key escrow is not a great idea when John Ashcroft is going to hold everybodys keys, some form of key recovery is essential if you are going to have a system of that type work in an enterprise setting. The better commercial key managers provide dual control through cryptographic threshold or similar techniques. So although a key can still be recovered the sysadmin can't do so and cover up their tracks.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  35. Re:You sounded credible... by rakslice · · Score: 2

    They're designed for KDE... But that doesn't prevent you from using them with something other than KDE's bundled window manager in any way. Desktop environment APIs aren't mutually exclusive.

  36. Erm... by rakslice · · Score: 2

    How does determining primality in polynomial time help you factor really big composites?

  37. Re:on windows IPSec is a free download or part of by rosewood · · Score: 2

    Except it requires x509 certs and then freeswan reqs a patch, which doesnt work well in RPM installs

    I am trying to do this with a PSK which does not work with the windows clients

    --
    The ultimate network admin tool needs HELP!
  38. Use GnuPG with WinPT on Windows by Captain+Chad · · Score: 2
    The main problem I had with GnuPG is that it's a command-line program. I really missed some of the nice GUI features in the Windows version of PGP. Then I found out about WinPT, which is a GUI shell for GnuPG.

    Love it. Use it all the time. Recommended.

    --
    Check out Chad's News
  39. Re:You sounded credible... by mabinogi · · Score: 2

    There are actually some things that can make applications behave better with different window managers.

    The window manager may require that an application set certain hints on it's windows so that it knows how to do the right thing, like leave off or use small decorations, etc.

    --
    Advanced users are users too!