PGP Security Suite

The magazine of the Melbourne PC User Group
PGP Security Suite
Bernadette Houghton
bernieh@iaccess.com.au

PGP - a.k.a. Pretty Good Privacy - is one of the most commonly used and highly regarded encryption methods around. McAfee Associates' PGP Security Suite includes PGP Personal Edition 6, Guard Dog 2 and Oil Change, an almost-complete security package for your computer. "Almost", I say, because no software package can fill those most basic of security holes - not securing your password, leaving your computer logged on and unattended, and complacency.

Complacency that leads you to delete a sensitive file the normal way "just this once"; complacency that assumes that just because you're using a security package, "you're right, mate"; complacency that makes you fail to keep abreast of new security threats.

PGP - What Is It?

Each user has a key pair, consisting of a public key and a private key. The public key is available to anyone, but the private key you keep to yourself. You encrypt and sign messages and documents with your private key, and recipients use your public key to decrypt your messages and verify your signature. If someone wants to send you an encrypted message, they encode it with your public key, and you use your private key to decrypt it. You can register your public key on PGP key servers on the Internet, so anyone who needs to send you secure e-mail can search for and retrieve your public key. Alternatively, you can distribute your public key yourself. To use PGP, both sending and receiving parties must have some form of PGP software installed.

Figure 1. Generating a key pair with the Key Generation Wizard

PGP Personal Edition - How It Works

To create a key pair, you answer the simple questions asked by the Key Generation Wizard (see Figure 1) and choose a passphrase, which is a longer version of a password. The longer the key pair (choose from lengths of 768 to 4096 bits), the more secure the encryption, but the trade-off is that longer keys slow down processing. Once you have your key pair, you simply invoke the PGP tools as the need arises, and enter your passphrase where prompted. If you're sending an encrypted message, you select the recipient's public key from the PGP keyring on your computer - much like choosing an address from an address book.

The PGP tools are accessible from the system tray or a floating toolbar (see Figure 2) or if you're using a supported e-mail program, directly on the toolbar. A welcome enhancement in version 6 is the ability to encrypt, decrypt, sign and verify documents directly within most applications without having to first copy and paste.

Figure 2. PGPPE's floating toolbox

PGP isn't just for messages; you can use it to secure files on your computer as well. From version 6, you can also create PGP-encrypted volumes on your hard disk or removable media. These behave just like a disk partition on which you can install applications, store sensitive data, perform file operations and so on.

The difference is that the files on the PGP volume are encrypted, accessible only when you mount the volume with the correct passphrase. For further security, you can set PGP volumes to automatically unmount after set periods of inactivity.

Figure 3. Properties of a key with photographic ID

More New Features

Version 6 of PGP Personal Edition has several new security features, most of which attempt to minimise external risks, such as sensitive file fragments remaining on your hard disk, and electromagnetic signals radiating from your computer. New key security features include the ability to add signed photographic IDs (see Figure 3) to your public key, the ability to create multiple encryption keys which you can activate and revoke independently of each other, and the ability to set signatures on other keys to expire after a given date; a useful feature when you need to grant validity to a key for a limited time. For extra high security, you can split keys among multiple people; when you need to sign or decrypt with a split key, a designated number of participating shareholders must sign.

Guard Dog

Guard Dog acts as a firewall between your computer and the Internet, offering a variety of security measures to protect your privacy and the integrity of your data. When you first start Guard Dog, it takes you through a short interview process and thereafter hides away, reappearing only when it detects a potential hazard or when a scheduled system security check is due. When it detects a hazard, it presents an explanation, recommends a course of action and offers to fix the problem.

Guard Dog has several monitors, each of which you can configure independently. There are monitors to check the currency of your emergency disk, Web browser software and Guard Dog itself. To protect your privacy Guard Dog prevents your personal details and financial information (bank account numbers, credit card numbers etc) from being sent out without your approval. It warns you when a Web site attempts to place a cookie on your computer, and prevents Web sites from transferring your personal information to other sites (disconcerting how often this happens!). It also cleans up your tracks when you exit your browser.

Guard Dog controls which programs have access to the Internet, and warns you of various potentially hazardous activities, e.g. your modem dialling out silently, one program trying to access another, and suspicious ActiveX and file deletion activity. Guard Dog also warns you when you enter known harmful Web sites, and can encrypt sensitive files and warn you of any access attempts. Another convenience is the Browser Buddy which stores all your Web site passwords in a central location, from which you can drag them into a Web form as necessary. Virus Sentry monitors your computer for viruses.

There are a number of changes since I last reviewed Guard Dog (PC Update,_June 1998). The most significant is that Guard Dog now actually corrects problems. The interface is also much prettier, there are more checks, and you can protect Guard Dog settings with a password.

I've been using Guard Dog since its original incarnation and like the peace of mind it gives me while using the Internet. However, there is one very big security hole - you can simply turn it off at the system tray, no questions asked. Keep this in mind if you're relying on Guard Dog to protect your computer while it's being used by others.

Oil Change

Oil Change identifies software on your computer, then checks on the Internet to see if there are any updates available. If there are, it offers you the option of downloading and installing them. Oil Change checks only for software which it knows about, but will undo any installation it has done.

Assessment

Used properly and with appropriate attention to external security (password safeguards etc), PGP Personal Edition will secure your data with a high level of reliability. Guard Dog will protect your data while you're using the Internet - as long as it remains active. And Oil Change will help ensure your software is current. PGP Security Suite includes two complete licences in the package, each with its own CD, manual and registration card.

PGP Security Suite is a worthwhile package (and I'm very fond of Guard Dog!). Buy it and install it, but don't become complacent.

Cost and Availability

Suggested retail price $79.95. Available from Chandlers, David Jones, Dick Smith Electronics, Harvey Norman. Download trial versions of individual products from http://download.mcafee.com/eval/evaluate.asp

Minimum System Requirements

486 processor (Pentium recommended), Windows 95 or Windows NT, 16 MB RAM, 256colour monitor, CD-ROM drive. Certain features require Internet connection.

Reprinted from the November 1999 issue of PC Update, the magazine of Melbourne PC User Group, Australia

[About Melbourne PC User Group]