Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

PGP 10.1.x Trialware?

Created: 10 Mar 2011 | 5 comments

Is the current trialware for PGP Desktop based on 10.0 or the latest 10.1.x?  If 10.1.x, is the "Unsigned Data-Injection Vulnerability" (CVE-2010-3618, Symantec advisory SYM10-012) fixed in the current trialware? 

Comments 5 CommentsJump to latest comment

bgillson's picture

Trialware should always be the same version as the shipping product. If not, let us know because it's an error. I've tried to test it, but I'm getting an error on the download site. I'm not sure if it's because I'm inside the Symantec network or if there's a problem with the server.

10.1.1 includes the fix for CVE-2010-3618. Per the release notes:

  • "Improved how PGP Desktop for Windows handles multi packet signed messages. [28821]"

The issue is also described in detail in the following KB article: http://www.symantec.com/docs/TECH149999

Bryan Gillson
Sr. Director, Product Management
Encryption Products

DERoss's picture

I was earlier informed that the fix for this vulnerability was available only for purchase-ware PGP Desktop and that trialware users would have to use the workaround described in the http://www.symantec.com/docs/TECH149999 page. 

From your reply, I get the impression that PGP Desktop 10.1 now has the vulnerability fixed not only for the purchase-ware version but also for the trialware version.  Please confirm that impression. 

dfinkelstein's picture

The fix was originally available in a service pack.  Service pack releases are only available to purchasers of PGP Desktop.  But it was always our intention to get the fix into a general release, and this has now been done.  10.1.1 was only released recently.

Please report back if you find that the trialware download is giving out a version earlier than 10.1.1.

--------

David Finkelstein

Symantec R&D

DERoss's picture

Thank you. 

Now, however, I cannot download the trialware version.  This is how I navigated in my attempt: 

At "PGP Products | Symantec Corp." http://www.symantec.com/business/theme.jsp?themeid..., I selected PGP Desktop Email link. 

At "Enterprise Desktop Email Encryption | Symantec Desktop Email" http://www.symantec.com/business/desktop-email, I selected Trialware link.  

At "PGP Desktop Email: Trialware - Symantec Corp." http://www.symantec.com/business/products/trialwar..., I selected PGP Desktop Email Trialware link.  

At "Symantec Marketing Campaigns" https://www4.symantec.com/Vrt/offer?a_id=109690, I selected Download Now button.  For "Terms and Conditions" at the same URI, I selected the I AGREE button.

At different "Symantec Marketing Campaigns" https://www4.symantec.com/Vrt/vrtcontroller, I entered the same user ID and password that I use to login for this forum.  I got the page at same URI with the message "Sorry! Your request could not be processed. Please try after some time." 

I have been seeing this "Your request could not be processed." for at least the past four days. 

Note that all of the navigation that I attempted was through Web pages that are clearly business oriented.  Even the URIs indicate "business".  I cannot find PGP Web pages on the Symantec site that are appropriate for individual, non-commercial, home users, which I am one.  

dfinkelstein's picture

As I commented in the other thread, this is working for me.  I started from here:  http://www.symantec.com/business/desktop-email

and clicked the Trialware link.

I note that I was vended 10.1.0 and not 10.1.1, which I will have looked at.

--------

David Finkelstein

Symantec R&D