PGP 9 is a serious disappointment - PGP

This is a discussion on PGP 9 is a serious disappointment - PGP ; I'm really disappointed in what PGP Software has done in version 9. Whoever thought up the email proxy scheme and forgot that it won't work with TLS or SSL SMTP & POP/IMAP connections should be publicly humiliated and have his/her ...

+ Reply to Thread
Results 1 to 13 of 13

Thread: PGP 9 is a serious disappointment

  1. PGP 9 is a serious disappointment


    I'm really disappointed in what PGP Software has done in version 9.
    Whoever thought up the email proxy scheme and forgot that it won't
    work with TLS or SSL SMTP & POP/IMAP connections should be publicly
    humiliated and have his/her license to design and write software
    revoked :-)

    Then the marketing geeks who took out necessary features like being
    able to designate a default signing key except in the proxy settings
    (an obvious push to force users to use the email proxy) should be
    permanently barred from ever doing work for a software company. I
    spent 30 minutes on the phone with a support drone trying to explain
    that:

    a) not everyone can use the email proxy "feature" because it
    doesn't work (and can never work in its current form) for
    some connection types

    b) PGP encrypts files as well as email, and that functionality
    requires that one be able to designate a default key

    but it was like talking to a brick wall. When I pointed out that
    default-key functionality was in the online manual, his response was
    "I guess we'll have to change the manual".

    PGP has become buggy bloatware designed, it appears, to force you to
    do things exactly the way they want you to do it. If the trend
    continues, the next things to go will be the "clipboard" and
    "current window" functionality.

    All I need is what was in PGP 7. It worked just fine. Why did they
    have to "improve" it by adding poorly considered functionality?

    I'd still use PGP7 if I could, but they coded it so it won't even
    install on Windows 2000 or XP, even though it runs just fine on
    those OSes if you upgrade the OS. I know this from experience --
    when I upgraded from NT to 2000, PGP7 continued to work with no
    problems until I had a hard disk crash and installed Win2000 fresh.
    PGP7 refused to install, claiming it was incompatible with the OS.
    Bull**it -- I was using it on Win2000 for 10 months. Can you say
    "forced upgrade revenue"?

    9.0.2 has just been released, and the big "news" is that it now
    supports full-disk encryption. Given the number of bugs in 9 and
    9.0.1, it would be insane to trust PGP with the contents of my
    entire disk.


    --
    Jim Garrison (jhg@acm.org)
    PGP Keys at http://www.jhmg.net RSA 0x04B73B7F DH 0x70738D88

  2. Re: PGP 9 is a serious disappointment

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Jim Garrison wrote in
    news:mC9Je.131988$X76.116718@tornado.texas.rr.com:

    >
    > I'm really disappointed in what PGP Software has done in version 9.
    > Whoever thought up the email proxy scheme and forgot that it won't
    > work with TLS or SSL SMTP & POP/IMAP connections should be publicly
    > humiliated and have his/her license to design and write software
    > revoked :-)


    It works just fine with SSL SMTP, etc. It actually defaults to using SSL,
    but for this to work, the email client must not be set to use SSL.

    > Then the marketing geeks who took out necessary features like being
    > able to designate a default signing key except in the proxy settings
    > (an obvious push to force users to use the email proxy) should be
    > permanently barred from ever doing work for a software company. I
    > spent 30 minutes on the phone with a support drone trying to explain
    > that:


    Whether you like (or not) that each email account is now able to have its
    own default key (something many have asked for before), there is still the
    Master Key List that also serves much of the Default Key function (whether
    using the PGP Mail Proxy or not).

    > a) not everyone can use the email proxy "feature" because it
    > doesn't work (and can never work in its current form) for
    > some connection types
    >
    > b) PGP encrypts files as well as email, and that functionality
    > requires that one be able to designate a default key
    >
    > but it was like talking to a brick wall. When I pointed out that
    > default-key functionality was in the online manual, his response was
    > "I guess we'll have to change the manual".
    >
    > PGP has become buggy bloatware designed, it appears, to force you to
    > do things exactly the way they want you to do it. If the trend
    > continues, the next things to go will be the "clipboard" and
    > "current window" functionality.
    >
    > All I need is what was in PGP 7. It worked just fine. Why did they
    > have to "improve" it by adding poorly considered functionality?
    >
    > I'd still use PGP7 if I could, but they coded it so it won't even
    > install on Windows 2000 or XP, even though it runs just fine on
    > those OSes if you upgrade the OS. I know this from experience --
    > when I upgraded from NT to 2000, PGP7 continued to work with no
    > problems until I had a hard disk crash and installed Win2000 fresh.
    > PGP7 refused to install, claiming it was incompatible with the OS.
    > Bull**it -- I was using it on Win2000 for 10 months. Can you say
    > "forced upgrade revenue"?
    >
    > 9.0.2 has just been released, and the big "news" is that it now
    > supports full-disk encryption. Given the number of bugs in 9 and
    > 9.0.1, it would be insane to trust PGP with the contents of my
    > entire disk.
    >


    PGP 9.0 has Full Disk Encryption for WinXP. 9.0.2 adds this for Win 2000.
    Personally, I appreciate the extra security this provides, and except for
    entering my passphrase for booting, it is not even noticeable on my laptop.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 9.0.2 (Build 2424)
    Comment: PGP FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBQvU8KmDeI9apM77TAQJ/1wgAksA5ogPyXdF/Zvi1Nm8oqocrO5/2Y8eW
    dL70LO7GRh89Wn0UDx8qacmjmVSXVRoq6hLXAonACRMabxx8Hh DzmOhCH/mnvYgJ
    dZ9xQ7qli4mvP6JkaGL5u6L7o7zv73xuP5R5s/G8sdnWUMMkvD53mzBGuVLR+y02
    pKfcFnuIiaMrKncNUsEzZKPI/PTvvDFjUm/iVYhMmvXm5Vb31jaM3P54/ZrtI4Yc
    B/2kTuBKjsqvxDh3IUxwK1CwLoPaOgAX0z2Px5sEsT6hcm2iL6QI JIa3RAhra5QJ
    3q6WBQCIHCPssdlJZzXWVHC95ZgQlQrzb1s4ODF1NvnzOMNNjR FnPA==
    =afzJ
    -----END PGP SIGNATURE-----

  3. Re: PGP 9 is a serious disappointment

    Jim Garrison wrote:

    >
    >I'm really disappointed in what PGP Software has done in version 9.


    [snip vent]

    I agree (sorry Tom!).

    Did you buy it, or are you using the trial version? I tried it and left
    it loaded for all of 5 minutes before uninstalling and reverting to
    6.5.8. Then I tried 8.1 because of the raves it got from the previous
    string (Most Popular Versions). If you didn't buy 9.x I'd suggest you
    uninstall it and try version 8.1.



  4. Re: PGP 9 is a serious disappointment

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    nomarkting@my.place (Rein) wrote in
    news:md6bf1hvd48j3cjhp35ad06k285vhsprlr@4ax.com:

    >>
    >>I'm really disappointed in what PGP Software has done in version 9.

    >
    > [snip vent]
    >
    > I agree (sorry Tom!).



    That's okay. I do understand how (esp. at first glance) one may not like
    9.x. My first look at 9.0 was not real positive either. After all, we
    have had years of doing things differently, and have had expectations based
    on that. Personally, I very much disliked the way PGP 6.5 changed the
    PGPtray layout for Current Window usage, but after I got use to it, I like
    it. The same has happened for me with 9.x, and I do appreciate the new key
    options that can be changed in 9.0 key properties. PGP 9.x has made
    significant changes, and some of them have resulted in problems that PGP
    Corp has been, and I suspect will continue to improve upon. It doesn't
    bother me that people may have a negative reaction to 9.x, but I will
    continue to try to correct mistatements made by others. I hadn't used
    Whole Disk Encryption until after a vacation/camping trip in July, but
    while on the trip I knew I would have felt a lot more secure if my laptop
    had WDE - it does now!

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 9.0.2 (Build 2424)
    Comment: PGP FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBQvYBt2DeI9apM77TAQJlyAf/VFQfjsUtonU2EvIj9xGjPEvTd7Mpd6Vm
    BJ9TiooQ+Cq9+SUsCHPaiovtaTbY/lJbJ5FnS1t9r6FOSb5AWBosaqHh5pJYQ8nx
    sxb0iI1G/2o3xZ187dbki5nSG49gUQZe8TE6DnCS0XgTlxHMbXAoz9iIP3p sLWj3
    1gLXhMoX2c+dnxal1MFHgVtLJvjlP6ghvy1XMgHDdXRFoWpgAq RQ1+r44S2Mb+nc
    KHBe7zdBI2t00TORDE6Rl6S+BHcHlaTHw+mJcdwBwZriCwjld9 ri60ZBPHAVj9C+
    AONyFJzmq93GZ6mzd1IaHNqpKEmTfC5EkxD6FPJcDj4OWOEHJO tkyA==
    =Aq+0
    -----END PGP SIGNATURE-----

  5. Re: PGP 9 is a serious disappointment

    In message , Rein
    writes
    >Jim Garrison wrote:
    >
    >>
    >>I'm really disappointed in what PGP Software has done in version 9.

    >
    >[snip vent]
    >
    >I agree (sorry Tom!).
    >
    >Did you buy it, or are you using the trial version? I tried it and left
    >it loaded for all of 5 minutes before uninstalling and reverting to
    >6.5.8. Then I tried 8.1 because of the raves it got from the previous
    >string (Most Popular Versions). If you didn't buy 9.x I'd suggest you
    >uninstall it and try version 8.1.


    Same opinion from me I'm afraid. Once I'd played with PGP 9 for a while
    I made sure to go out and get perpetual licenses for my PGP 8.1
    installations.

    --
    Timotyy.
    -------------------------------------------------------------------------
    Tim Hart | "It's better to travel hopefully than
    tim@fugue.org | to go by Public Transport."
    http://www.fugue.org | --- Me (during the last tube strike)

  6. Re: PGP 9 is a serious disappointment

    Tom McCune wrote:

    >-----BEGIN PGP SIGNED MESSAGE-----
    >Hash: SHA1
    >
    >nomarkting@my.place (Rein) wrote in
    >news:md6bf1hvd48j3cjhp35ad06k285vhsprlr@4ax.com:
    >
    >>>
    >>>I'm really disappointed in what PGP Software has done in version 9.

    >>
    >> [snip vent]
    >>
    >> I agree (sorry Tom!).

    >
    >
    >That's okay. I do understand how (esp. at first glance) one may not like
    >9.x. My first look at 9.0 was not real positive either. [snip for brevity]
    > It doesn't bother me that people may have a negative reaction to 9.x, but I will
    >continue to try to correct mistatements made by others.


    Which is why the ng is lucky to have you.

    > I hadn't used
    >Whole Disk Encryption until after a vacation/camping trip in July, but
    >while on the trip I knew I would have felt a lot more secure if my laptop
    >had WDE - it does now!


    How long did it take to encrypt an entire disk?

    Rein

  7. Re: PGP 9 is a serious disappointment

    nomarkting@my.place (Rein) wrote in news:0frcf1dtmne8nkc10t5htiban1kr8gdq1m@
    4ax.com:


    > How long did it take to encrypt an entire disk?


    For my laptop's 40 GB hard drive, it took nearly 3 hours, but I was using the
    computer (email, newsgroups, web) during some of that time too.

    --
    Tom McCune
    My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

  8. Re: PGP 9 is a serious disappointment

    Tom McCune wrote:

    >nomarkting@my.place (Rein) wrote in news:0frcf1dtmne8nkc10t5htiban1kr8gdq1m@
    >4ax.com:
    >
    >
    >> How long did it take to encrypt an entire disk?

    >
    >For my laptop's 40 GB hard drive, it took nearly 3 hours, but I was using the
    >computer (email, newsgroups, web) during some of that time too.


    WoW. Ya gotta have a serious need for that.

    I used to use ScramDisk to encrypt volumes since it was free and easier
    (so I heard) than PGPDisk. However, I was only doing it for curiosity
    and after awhile you realize that keeping things encrypted for "fun" is
    not very fun at all. ;-) But whole disk encryption (or volume
    encryption for that matter) feels very good when it *is* needed.

    So I assume that when you do WDE the disk cannot be mounted or looked at
    with hex editor type tools that might reveal, say, 'deleted files' in
    the swap portion of the disk? (PGP users should wipe,
    but I'm just curious if it also encrypts the "dump" area of the drive...
    or simply makes it unavailable.)

  9. Re: PGP 9 is a serious disappointment

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    nomarkting@my.place (Rein) wrote in
    news:bi0df195sn4hs1erm6t77ho62s3un3lfrj@4ax.com:

    > WoW. Ya gotta have a serious need for that.
    >
    > I used to use ScramDisk to encrypt volumes since it was free and easier
    > (so I heard) than PGPDisk. However, I was only doing it for curiosity
    > and after awhile you realize that keeping things encrypted for "fun" is
    > not very fun at all. ;-) But whole disk encryption (or volume
    > encryption for that matter) feels very good when it *is* needed.
    >
    > So I assume that when you do WDE the disk cannot be mounted or looked at
    > with hex editor type tools that might reveal, say, 'deleted files' in
    > the swap portion of the disk? (PGP users should wipe,
    > but I'm just curious if it also encrypts the "dump" area of the drive...
    > or simply makes it unavailable.)


    Whole Disk Encryption encrypts each sector of the hard disk, whether or not
    it contains any data at that time. So, if your hard disk has WDE, and is
    not booted, all data is securely encrypted, including paging file, temp
    files, deleted files, etc.

    That three hours may sound like a lot, but it is a one time thing. After
    that, it is completely transparent except for entering your WDE passphrase
    on booting. During that three hours, you can also do your regular use of
    the computer (I'm not sure if you can have a Virtual Disk mounted though).
    You can even shut down your computer before it is complete, and the hard
    disk encryption will continue when you next boot up. It is not a big deal.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 9.0.2 (Build 2424)
    Comment: PGP FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBQvaLpWDeI9apM77TAQK9gQf+N3NCOc47lbyrzVpu7M r+L2v7qVpVxtEC
    UTH+zGAAFC7pe4WgB5vKoxB6NE03+WKHKzdjQao8FdEn8QP7I3 tW4i8I+yCca31L
    lMgclHZYnJ8FJR9bEDb+VjLaIDSw2sQ/kiO+jHZ7dpU0OyDf2eXSEaorYK5+UAsW
    k00BZrt8K47vTrTRf/eRFGigz6l/PBOdSA88QHz2BpVDaGL6BkB/i/rTBip+M/Eu
    faDT0OqrhfyGbYB3e3IWtC9pdFRHZutlyfxwU12b6I5qIi8BJG QzTeuw+Zmtz6T+
    XQoRTxEqDhzmyIR1rnDcewsRyuZz6txXXrGlIcIBEVDWlvwAKP kgcg==
    =uOS7
    -----END PGP SIGNATURE-----

  10. Re: PGP 9 is a serious disappointment

    Tom McCune wrote:

    >That three hours may sound like a lot, but it is a one time thing. After
    >that, it is completely transparent except for entering your WDE passphrase
    >on booting.


    Ah. That makes a difference! So it only decrypts files as you need
    them, then re-encrypts when finished?

  11. Re: PGP 9 is a serious disappointment

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    nomarkting@my.place (Rein) wrote in
    news:re3df1hmb439nkb22k3mqubprr0jp1sgpb@4ax.com:

    > Ah. That makes a difference! So it only decrypts files as you need
    > them, then re-encrypts when finished?


    It works like the Virtual Disk encryption. The files on your hard disk
    always remain encrypted. They are only decrypted for use upon access.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 9.0.2 (Build 2424)
    Comment: PGP FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBQvaQO2DeI9apM77TAQJNJAf/SapHH4xHn6pxbNhMsSIQ9jVtn5FTLcAe
    4ZKaayB7M8/rHjfkHEMYStc08T2Rx3uY6nbTIBpreDOEto263Zuu46CSFaIKX N3G
    DxxrtYnzfja5dxuL+kRvzhanNCHy/wt+3yxTmrlS97sDruERAnTtwNk/G+Hcfuig
    LwES13d94jMXg9YqmR231gkA2pyoGIDRJjfbDIiq0K0t/SpBAbe+1sOYbzJZJ6N5
    jMEWJeatBQTtmijQ5nHBGVwwuZrhy5FLL3EEsPh55qWwDXMRGd 2P1gFuJaA9YzKu
    tVHmrZyaanJ5cPbsWWt2IyLD2unQlUCg8VwZc45HGBOK+vGpY5 wtaQ==
    =4MxH
    -----END PGP SIGNATURE-----

  12. Re: PGP 9 is a serious disappointment

    I don't see any complaints about performance. Ever since PGP 9.0 it
    slows Outlook 2003 down badly. If I close PGP Outlook just flies, but
    with PGP running I experience a 4 to 5 second delay when selecting a
    message to read. Doesn't anyone else have this problem? I am running
    on an Exchange Server, and the problem occurs whether I have caching
    enabled or not.

    On Sun, 07 Aug 2005 22:50:35 GMT, Tom McCune
    wrote:

    >-----BEGIN PGP SIGNED MESSAGE-----
    >Hash: SHA1
    >
    >nomarkting@my.place (Rein) wrote in
    >news:re3df1hmb439nkb22k3mqubprr0jp1sgpb@4ax.com:
    >
    >> Ah. That makes a difference! So it only decrypts files as you need
    >> them, then re-encrypts when finished?

    >
    >It works like the Virtual Disk encryption. The files on your hard disk
    >always remain encrypted. They are only decrypted for use upon access.
    >
    >-----BEGIN PGP SIGNATURE-----
    >Version: PGP Desktop 9.0.2 (Build 2424)
    >Comment: PGP FAQ: http://www.mccune.cc/PGP.htm
    >
    >iQEVAwUBQvaQO2DeI9apM77TAQJNJAf/SapHH4xHn6pxbNhMsSIQ9jVtn5FTLcAe
    >4ZKaayB7M8/rHjfkHEMYStc08T2Rx3uY6nbTIBpreDOEto263Zuu46CSFaIKX N3G
    >DxxrtYnzfja5dxuL+kRvzhanNCHy/wt+3yxTmrlS97sDruERAnTtwNk/G+Hcfuig
    >LwES13d94jMXg9YqmR231gkA2pyoGIDRJjfbDIiq0K0t/SpBAbe+1sOYbzJZJ6N5
    >jMEWJeatBQTtmijQ5nHBGVwwuZrhy5FLL3EEsPh55qWwDXMRGd 2P1gFuJaA9YzKu
    >tVHmrZyaanJ5cPbsWWt2IyLD2unQlUCg8VwZc45HGBOK+vGpY5 wtaQ==
    >=4MxH
    >-----END PGP SIGNATURE-----


  13. Re: PGP 9 is a serious disappointment

    In article
    nomarkting@my.place (Rein) wrote:
    >
    > Jim Garrison wrote:
    >
    > >
    > >I'm really disappointed in what PGP Software has done in version 9.

    >
    > [snip vent]
    >
    > I agree (sorry Tom!).
    >
    > Did you buy it, or are you using the trial version? I tried it and left
    > it loaded for all of 5 minutes before uninstalling and reverting to
    > 6.5.8. Then I tried 8.1 because of the raves it got from the previous
    > string (Most Popular Versions). If you didn't buy 9.x I'd suggest you
    > uninstall it and try version 8.1.


    I'll have to agree with you 100% As far as I'm concerned, PGP
    6.5.8ckt build 09b3 is the best version of pgp released. In
    situations (fewer these days) where I can't use GPG, I'll use
    658ckt09b3. Very likely that I'll never fork over for something
    that's had all the bad reviews that I've seen here in the last
    month.

    BTW- for disk encryption i've got Bestcrypt.. does all I need
    without the buggy misbehaviour I've seen and heard about from
    PGP DISK. PGP should stick with what they were good at.. go
    back to 658ckt09b3 and rethink everything they've done since.

    oh, and that proxy thing that 9.x has? I wouldn't touch it with
    a 10 foot pole if I *had* one. Even if it's perfectly legit and
    clean, it smells too much like a backdoor for my taste.




    *Crash Override
    --
    A: Maybe because some people are too annoyed by top-posting.
    Q: Why do I not get an answer to my question(s)?
    A: Because it messes up the order in which people normally read
    text.
    Q: Why is top-posting such a bad thing?


+ Reply to Thread