Endpoint Encryption

 View Only

  • 1.  PGP 10.1.x Trialware?

    Posted Mar 10, 2011 08:35 PM

    Is the current trialware for PGP Desktop based on 10.0 or the latest 10.1.x?  If 10.1.x, is the "Unsigned Data-Injection Vulnerability" (CVE-2010-3618, Symantec advisory SYM10-012) fixed in the current trialware? 



  • 2.  RE: PGP 10.1.x Trialware?

    Posted Mar 11, 2011 02:47 AM

    Trialware should always be the same version as the shipping product. If not, let us know because it's an error. I've tried to test it, but I'm getting an error on the download site. I'm not sure if it's because I'm inside the Symantec network or if there's a problem with the server.

    10.1.1 includes the fix for CVE-2010-3618. Per the release notes:

    • "Improved how PGP Desktop for Windows handles multi packet signed messages. [28821]"

    The issue is also described in detail in the following KB article: http://www.symantec.com/docs/TECH149999

    Bryan Gillson
    Sr. Director, Product Management
    Encryption Products



  • 3.  RE: PGP 10.1.x Trialware?

    Posted Mar 12, 2011 03:06 PM

    I was earlier informed that the fix for this vulnerability was available only for purchase-ware PGP Desktop and that trialware users would have to use the workaround described in the http://www.symantec.com/docs/TECH149999 page. 

    From your reply, I get the impression that PGP Desktop 10.1 now has the vulnerability fixed not only for the purchase-ware version but also for the trialware version.  Please confirm that impression. 



  • 4.  RE: PGP 10.1.x Trialware?

    Posted Mar 12, 2011 08:41 PM

    The fix was originally available in a service pack.  Service pack releases are only available to purchasers of PGP Desktop.  But it was always our intention to get the fix into a general release, and this has now been done.  10.1.1 was only released recently.

    Please report back if you find that the trialware download is giving out a version earlier than 10.1.1.



  • 5.  RE: PGP 10.1.x Trialware?

    Posted Mar 13, 2011 03:36 PM

    Thank you. 

    Now, however, I cannot download the trialware version.  This is how I navigated in my attempt: 

    At "PGP Products | Symantec Corp." http://www.symantec.com/business/theme.jsp?themeid=pgp, I selected PGP Desktop Email link. 

    At "Enterprise Desktop Email Encryption | Symantec Desktop Email" http://www.symantec.com/business/desktop-email, I selected Trialware link.  

    At "PGP Desktop Email: Trialware - Symantec Corp." http://www.symantec.com/business/products/trialware.jsp?pcid=pcat_business_cont&pvid=desktop_email_1, I selected PGP Desktop Email Trialware link.  

    At "Symantec Marketing Campaigns" https://www4.symantec.com/Vrt/offer?a_id=109690, I selected Download Now button.  For "Terms and Conditions" at the same URI, I selected the I AGREE button.

    At different "Symantec Marketing Campaigns" https://www4.symantec.com/Vrt/vrtcontroller, I entered the same user ID and password that I use to login for this forum.  I got the page at same URI with the message "Sorry! Your request could not be processed. Please try after some time." 

    I have been seeing this "Your request could not be processed." for at least the past four days. 

    Note that all of the navigation that I attempted was through Web pages that are clearly business oriented.  Even the URIs indicate "business".  I cannot find PGP Web pages on the Symantec site that are appropriate for individual, non-commercial, home users, which I am one.  



  • 6.  RE: PGP 10.1.x Trialware?

    Posted Mar 15, 2011 02:18 AM

    As I commented in the other thread, this is working for me.  I started from here:  http://www.symantec.com/business/desktop-email

    and clicked the Trialware link.

    I note that I was vended 10.1.0 and not 10.1.1, which I will have looked at.