What's New in PGP Desktop Security
Version 6.5.8 for Windows 95, Windows 98, Windows NT, and Windows 2000
Copyright (c) 1990-2000 by Networks Associates Technology, Inc., and its Affiliated Companies.
All Rights Reserved.

Thank you for using Network Associates' products. This What's New file contains important information regarding PGP Desktop Security. Network Associates strongly recommends that you read this entire document.

Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact us.

Warning: Export of this software may be restricted by the U.S. Government.

WHAT'S IN THIS FILE

Fixes in this Release
New Features
Documentation
System Requirements
Known Issues
Additional Information
Contacting Network Associates

FIXES IN THIS RELEASE

  • This release corrects a security-related bug with Additional Decryption Keys (ADKs) that may allow sophisticated attackers to add unauthorized ADK key IDs to the unhashed areas of PGP public keys.

    For more information about this bug, please review the PGP ADK Security Advisory available on www.pgp.com.

NEW FEATURES

  1. PGPnet
    PGPnet is a landmark product in the history of PGP. PGPnet secures all TCP/IP communications between itself and any other machine running PGPnet. It is also highly interoperable with the Gauntlet VPN firewall/gateway product family providing a complete solution for corporate remote access VPNs using the industry standard IPSec (Internet Protocol Security) and IKE (Internet Key Exchange) protocols. PGPnet has been successfully tested with Cisco routers (requires Cisco IOS 12.0(4) or later with IPSec TripleDES), Linux FreeS/WAN, and many others. PGPnet is also the first IPSec product to fully support the use of OpenPGP keys for authentication in addition to X.509 certificates.

  2. Self-Decrypting Archives
    You may now encrypt files or folders into Self-Decrypting Archives (SDAs) which can be used by users who do not even have PGP. The archives are completely independent of any application, compressed and protected by PGP's strong cryptography.

  3. X.509 Certificate and CA Support
    PGP is now able to interoperate with the X.509 certificate format. This is the format used by most web browsers for securing the transfer of information. PGP supports the automated request of certificates from Network Associates' Net Tools PKI, VeriSign's OnSite, and Entrust certificate authorities. X.509 certificates are analogous to a PGP signature, so you can even request X.509 certificates on your existing PGP key. This feature can also be used to interoperate with existing VPN solutions based on X.509.

  4. Integrated PGP Command Line
    This version incorporates the popular command line version of PGP for Windows platforms. This product provides you a convenient way to integrate PGP with other Windows applications and automated processes on your desktop system. Please note that this is intended for single user/workstation use. For use on servers, customers are required to purchase the PGP e-Business Server product. Please contact your local Network Associates Sales representative for more information.

  5. Automated Freespace Wiping
    PGP's Freespace Wipe feature now allows you to use the Windows Task Scheduler to schedule periodic secure wiping of the free space on your disk.

  6. Hotkeys
    The Use Current Window feature has been significantly enhanced by the addition of Hotkeys. By using a configured key combination, the Encrypt/Decrypt/Sign functions can be automatically invoked without using PGPtray. This feature is very useful for users using messaging applications that PGP does not currently have a plug-in for, such as Netscape Messenger.

  7. Fingerprint Word List
    When verifying a PGP public key fingerprint, you can now choose to view the fingerprint as a word list instead of hexadecimal characters. The word list in the fingerprint text box is made up of special authentication words that PGP uses and are carefully selected to be phonetically distinct and easy to understand without phonetic ambiguity.

  8. Support for Outlook 2000 and Outlook Express 5.0
    This version of PGP adds support for sending and receiving encrypted email in Microsoft Outlook 2000 and Outlook Express 5.0.

  9. HTTP Proxy Support
    If you are behind a corporate firewall with an HTTP proxy server, PGP now supports accessing HTTP keyservers through the proxy. To use this feature, you must configure the proxy server address in your Internet Explorer preferences.

  10. Smart Word Wrapping
    The word wrapping in PGP now automatically rewraps paragraphs and even quoted paragraphs resulting in much cleaner signed messages.


PGP enhancements

  1. Support for Windows 2000 operating systems.
    This release of PGP introduces support for Microsoft's latest releases of Windows. All PGP functionality is available in Windows 2000 except PGPnet. PGPnet will support Windows 2000 in future releases of PGP.

  2. Lotus Notes plug-in integrated.
    PGP now includes an integrated plug-in for Lotus Notes 4.5x - 4.6x clients. This feature extends PGP's strong encryption and authentication services to Lotus Notes users.

  3. Support for Novell GroupWise via new plug-in.
    This release of PGP marks the introduction of support for Novell GroupWise 5.2.3, 5.2.4, and 5.5.x via a new plug-in. This plug-in further extends PGP's broad messaging platform coverage to another critical platform used in many enterprises today.

  4. Windows 2000 IPSec interoperability.
    PGPnet running on non-Windows 2000 systems can establish VPN connections with the built-in Windows 2000 IPSec client. (The Windows 2000 system must be running the Windows 2000 High Encryption Pack.)

  5. New PGP Notes Plug-in Server Wizard.
    If you have installed the PGP Lotus Notes plug-in on your Lotus Notes clients, you can run the PGP Notes Plug-in Server Utility to easily configure the appropriate Domino server(s). The PGP Notes Plug-in Server Utility enables you to configure the Domino server(s) for PGP Lotus Notes plug-in usage and configure individual user(s) databases so they can take advantage of this new PGP plug-in.

  6. Intel Pentium III Random Number Generator (RNG) support.
    If your computer is equipped with the Intel RNG, PGP will use the random data generated by the chip in addition to our own entropy collection whenever random data is needed for key generation and encryption. The Intel RNG is currently only available with select Pentium III chipsets, including the Intel 810 chipset.

  7. Automatic email plug-in pre-selection.
    PGP will now automatically pre-select email plug-ins to install on your system based on what messaging applications are installed. Nevertheless, you are still able to change the selected plug-ins at install time.

DOCUMENTATION

Also included with this release are the following manuals, which can be viewed on-line as well as printed:

  • Introduction to Cryptography
  • PGP Administrator's Guide
  • PGP Installation Guide
  • PGP User's Guide
  • PGP Command Line User's Guide

Each document is saved in Adobe Acrobat Portable Document Format (.PDF). You can view and print these documents with Adobe's Acrobat Reader. PDF files can include hypertext links and other navigation features to assist you in finding answers to questions about your Network Associates product.

To download Adobe Acrobat Reader from the World Wide Web, visit Adobe's Web site.

This release also includes integrated online help in Microsoft Windows Help format:

  • PGP online help
  • PGPdisk online help
  • PGPnet online help

Documentation feedback is welcome. Send e-mail to tns_documentation@nai.com.

SYSTEM REQUIREMENTS

To install PGP on a Windows 95, 98, 2000, or NT system, you must have:

  • Windows 95, 98, 2000, or NT 4.0 with Service Pack 3/4/5
  • 32 MB RAM
  • 16 MB hard disk space for the Client install

If you plan to run PGPnet on the system, you must also have:

  • Microsoft TCP/IP
  • A compatible LAN/WAN network adapter

Note: PGPnet functionality is not available for users of Windows 95a (the original release of Windows 95) or Windows 2000. PGPnet supports Windows 95b (OSR2), Windows 98 and Windows NT 4.0.

KNOWN ISSUES

PGP issues

  1. Mismatching your keyring files can result in data loss. Your public keyring file and private keyring file must be kept in sync. If, for instance, you select a public keyring file that does not contain the public portion of your private key and do not also change the private keyring to the corresponding file, you and others will not be able to encrypt to exported versions of your key after that time. In most cases, simply updating your key from a public copy on a keyserver will fix this. However, it is recommended that the keyring files always be kept in sync. A future version is expected to correct this issue.

  2. Using a Split Key as a public key for PGPdisk will not allow reconstitution of the key through the usual dialog provided for reconstituting split keys. To use such a key to open a PGPdisk, you must first rejoin the key in PGPkeys.

  3. Some PGP Versions 6.0 and later features are incompatible with previous versions of PGP, so we feature a "compatible" export format that strips incompatible features such as Photo IDs and X.509 certificates from keys. Selecting "Include 6.X Extensions" in the Export dialog enables these features to be exported. By default, we export in compatible mode. You may change the default in the Advanced preferences dialog. When sending a key to a PGP Certificate Server Version 2.0 or above, Photo IDs always accompany the key. The default LDAP server in PGP 6.x supports this.

  4. Sometimes, after a PGPdisk volume is unmounted and placed in the Recycle Bin and the Bin is emptied, Windows reports that the drive letter associated with the PGPdisk volume is no longer accessible. This behavior should cease after the system is rebooted. This will not interfere with the normal operation of your system.

  5. On Windows 95/98, the Free Space Wiper will reset every time another program writes to your disk while the wiping process is in progress. This is similar to defragmentation programs, and is required by the Operating System. For optimal wiping, make sure to close all open applications. On some systems with very low amounts of RAM, it may be advisable to also shutdown Windows Explorer.

  6. The Windows Explorer provides PGP with information only about the target of a shortcut and not the shortcut itself. If you use the Wipe feature in the Explorer, the shortcut itself will not be wiped. The actual target will be wiped. When using PGPtools, the shortcut will also be wiped.

  7. Hotkeys are for use with applications that support general text editing. Using Hotkeys with some applications may result in unpredictable behavior.

  8. Hard disk utilities (such as ScanDisk) or programs that monitor the hard disk will not run on a drive on which a PGPdisk volume is mounted. This is to insure that the PGPdisk volume does not become corrupted. To use your hard disk utilities, unmount all PGPdisk volumes on the drive on which you wish to use the utilities.

  9. PGPdisk volumes accessed using an Additional Decryption Key open with permissions set as follows: FAT volumes open with permissions set to read-only; NTFS volumes open with permissions set to read/write.

  10. (Windows 2000 only) To support Windows 2000's Hibernation mode, PGPdisk's Inactivity Timeout feature is disabled on Windows 2000.

  11. (Windows 98 only) If you create a PGPdisk which you plan to immediately copy to a different drive, we recommend that you reboot before you copy to make sure everything is written correctly. This is only a potential issue just after the creation of the PGPdisk, and is due to a Windows 98 disk caching bug.

  12. The PGP Exchange/Outlook plug-in does not support Microsoft Word as an e-mail editor.

  13. We strongly recommend that VirusScan users upgrade to VirusScan Version 4.0.3 or later to take advantage of the newest virus DAT file update features.

  14. (Lotus Notes only) When encrypting a message using conventional encryption, the "Enter Passphrase" dialog box appears multiple times.

  15. (Lotus Notes only) Encrypt and Sign functions do not appear in the Lotus Notes "Actions" menu, but Decrypt and Verify do appear. The Encrypt and Sign buttons appear in the upper right side of the message and not in the toolbar.

  16. (GroupWise only) The GroupWise plug-in does not support PGP's Secure Viewer feature, nor the Synchronize With Servers feature.

PGPnet issues

  1. Do not attempt to manually uninstall PGPnet. It is very important that you use the PGP Uninstaller to remove PGPnet. PGPnet makes extensive modifications to the registry and changes the bindings on network adapters. The PGP Uninstaller can be accessed via the Add/Remove Programs control panel.

  2. (Windows NT only) As a precautionary measure, in the unusual event that there is an incompatibility between your network card driver and PGPnet, you can create a "No Networking" hardware profile prior to installing PGPnet on your system. The "No Networking" hardware profile can be used later if an incompatibility occurs.

    To create a "No Networking" hardware profile, right click on "My Computer," select Properties, and then select the Hardware Profiles tab. Use the Copy button to create a copy of the Original Configuration. Get Properties on your copied configuration and click the Network tab. Finally, select the "Network-disabled hardware profile" checkbox. Click OK to both windows and then you are done. (Due to a Windows bug we recommend that you restart once and double-check that the "No Networking" configuration is working before you install PGPnet.)

  3. (Windows 95 only) You may experience a loss of networking after resuming from standby mode. You must reboot your machine to resume network activity.

  4. PGPnet is not compatible with the Intel EtherExpress 16 driver.

  5. Installing virtual private network software such as PGPnet on the same machine as a firewall or another VPN client is highly likely to cause problems. We recommend uninstalling the other product prior to installing or choosing not to install PGPnet on such a machine.

  6. You cannot use the default MSN dialer to connect to MSN if PGPnet is installed. To connect to MSN with PGPnet, use the Microsoft Dial-Up Networking client.

ADDITIONAL INFORMATION

PGP 6.5.8 includes support for both RSA and Diffie-Hellman key types.

CONTACTING NETWORK ASSOCIATES

For questions, orders, problems, or comments

Contact the Network Associates Customer Service department between 8:00 a.m. and 8:00 p.m. Central Time, Monday through Friday, at:

Network Associates Customer Service
4099 McEwen Road, Suite 500
Dallas, Texas 75244

Phone: (972) 308-9960
Email: cust_care@nai.com
World Wide Web:http://support.nai.com

Contact Network Associates Customer Service for information about technical support subscription plans.

For corporate-licensed customers:

Phone: (972) 308-9960

For retail-licensed customers:

Phone: (972) 855-7044

To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computer and your software. Please have this information ready when you call:

  • Program name and version number
  • Computer brand and model
  • Any additional hardware or peripherals connected to your computer
  • Operating system type and version numbers
  • Network name, operating system, and version
  • Network card installed, where applicable
  • Modem manufacturer, model, and speed, where applicable
  • Relevant browsers or applications and their version numbers, where applicable
  • How to reproduce your problem: when it occurs, whether you can reproduce it regularly, and under what conditions
  • Information needed to contact you by voice, fax, or email
We also seek and appreciate general feedback.

For product upgrades

Network Associates has a worldwide range of partnerships and reseller relationships with hundreds of independent vendors, each of which can provide you with consulting services, sales advice, and product support for Network Associates software. For assistance in locating a local reseller, you can contact Network Associates Customer Service at (972) 308-9960.

For reporting problems

Network Associates prides itself on delivering a high-quality product. If you find any problems, please take a moment to review the contents of this file. If the problem you've encountered is documented, there is no need to report the problem to Network Associates.

If you find any feature that does not appear to function properly on your system, or if you believe an application would benefit greatly from enhancement, please contact Network Associates with your suggestions or concerns.

For on-site training information

Contact Network Associates Customer Service at (800) 338-8754.