Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Encryption Blog
Showing posts in English
Brian Tokuyoshi | 03 Aug 2011 | 1 comment

One of the most unusual aspects of the Apple iOS devices is the aspect of how user demand is driving enterprise adoption. Even in corporations where the iPad or the iPhone are not a part of the enterprise standard, it’s not unusual to see employees bringing their own devices to work and making it a part of their business life. For example, a sales manager that has an iPad typically wants to take it on a business trip and read their email. This may include weekly sales forecasts, contracts, and customer data. While having this type of information on the go may be convenient, it poses a security concern for the IT organization that now needs to make sure that sensitive corporate data stays protected on an employee’s personal device.

In order to protect the corporate data, it makes sense to use email encryption to protect data en route and resident on a portable device. Encryption protects the privacy of the information by making use of cryptography to ensure that...

Kelvin_Kwan | 20 Jul 2011 | 14 comments

Now before I begin “The Chicken or the Egg” portion of the blog, I want to address an issue that many people are asking or wondering.  “Why must I first decrypt before upgrading to Lion?”  Well there are many reasons.  However, one of the biggest reasons is that in Lion, Apple has added Recovery Partition Support.  This Recovery Partition allows you to perform repairs and recovery to your Mac without having to find the DVD that came with your Mac.  This is important, because whenever your system is encrypted, it is NOT advisable to create, resize, or move partitions.  This is regardless if you’re running OS X, Windows, or Linux.  Bad things (e.g.  Data integrity issues) tend to happen when encrypted and you do partition modifications.  So, ...

Kelvin_Kwan | 19 Jul 2011 | 2 comments

As you might have seen or heard, Symantec recently announced new features to our encryption products.   I’ll give you a quick run down of some of the highlights of this latest release.

One of the most exciting features is the introduction of Symantec PGP Viewer for iOS.  This has been one of the most asked for feature by customers who need a solution to  “My CxO wants to be able to read encrypted emails on their iPad or iPhone.”  Well, it can now be done with the PGP Viewer for iOS.  You can decrypt your emails locally on your iPad, iPhone, and iPod Touch devices now.  Best of all, the PGP Viewer is free from the Apple App Store (expected to be in the App Store by late summer.) It does require PGP Universal Server for key management, so wait until you get information from your mail administrator before you install it.

Another really cool feature is the ability of Symantec Endpoint Encryption Full Disk Edition (SEE FDE)...

Kelvin_Kwan | 11 Jul 2011 | 0 comments

We are once again writing to follow-up on our early post related to a similar issue from January.  This time, it’s for Mac OS X upgrades to Apple’s just released 10.6.8 update and PGP Whole Disk Encryption for Macs. 

Much like the previous post, Apple’s automated Mac OS X 10.6.8 Software Update mechanism bypasses the protections of PGP Corporation had put around a critical file needed for normal system startup.  This time however, users who are running 10.1.1-Build 10 and newer had no problems with the Apple 10.6.8 update as expected.  Users running older versions, however, ran into problems.

As communicated previously, the PGP Engineering team discovered that the Apple automated Software Update mechanism bypassed the protections PGP built-in to protect the boot.efi file.  This bypass allows the...

Brian Tokuyoshi | 07 Mar 2011 | 7 comments

As a PGP customer, you may have seen the changes that we’ve been making as we transition customer support from the PGP environment to Symantec. Here’s what you need to do to download the latest PGP software.

For PGP software orders purchased prior to February 4, 2011:

Step 1: PGP Products are now downloaded via the Symantec Licensing Portal. Click the following link , and you will be automatically redirected to the Symantec Licensing Portal.

Step 2: Enter the email address which was used to purchase your PGP product and then click SEND MY ACCOUNT INFO.  An email is sent with your Symantec Licensing Portal credentials.

Step 3: After receiving your account login credentials, click the following link and enter your email and password....

Kelvin_Kwan | 02 Mar 2011 | 0 comments

Most recently, we have had enterprise and individual customers complain to Symantec about BSODs pertaining to PGP Whole Disk Encryption.  Initial signs were pointing to the pgpwded.sys driver as the culprit.  Symantec’s engineering team has analyzed dozens of submitted crash dump files and has come to the following conclusion. 

Symantec believes that the BSOD is being caused by a stack space resource issue.  The reason the pgpwded.sys driver is being seen in crash dumps first is that the pgpwded.sys driver is the last to be loaded.  Thus, the pgpwded.sys driver seems to be the tipping point for the BSOD.  But it is not, in fact, the cause.  Here’s why.

Caution:  Geek material ahead!  A quick summary on stack space. 
Stack space is limited and is a shared resource between the Windows kernel runtime and device...

Brian Tokuyoshi | 25 Feb 2011 | 1 comment

In a recent press release, the British Information Commissioner’s Office commented about a recent data loss incident experienced by the Cambridgeshire County Council.  In a roundabout manner, it turns out that an encrypted memory stick triggered a course of events that led to the loss of sensitive personal information.

The council attempted to do the right thing, by providing an encrypted memory stick to its employees, free of charge. However, due to issues with the device, a frustrated employee stopped using the encrypted device provided to him and replaced it with an unapproved, unencrypted one. The unencrypted device contained sensitive information, and unfortunately it was lost, thus resulting in a data loss incident.

This incident brings up an important issue – it’s not enough to have an...

Brian Tokuyoshi | 19 Jan 2011 | 0 comments

Blog Entry – Prioritizing Key Management When Considering the Cloud

One of the trends that I’ve noted when talking with customers is the desire to get cryptographic keys under better central management in anticipation of the cloud. At face value, one might wonder what the connection might be. Why build a key management plan before rolling out a cloud computing strategy?

It turns out that there are several good reasons:

  1. There’s no better time to build out a strategy for managing keys. Once an IT organization evaluates where their data exists and where the encryption lives, the more important better management tools become. It makes a lot of sense to get the existing key management issues under control as a precursory step before moving applications and data to the cloud.
  2. There’s a lot of concerns about cloud security models, especially with respect to who holds the keys. One of encryption’s central use cases is being...
Tim_Matthews | 17 Jan 2011 | 1 comment

We're writing to follow up on our post on this issue last November.  Since then, Symantec has provided both a workaround and hotfix to address the client problem encountered with PGP Whole Disk Encryption when updating Mac OS X.  A maintenance release that will proactively address this issue is now available.

In case you missed our earlier communication, in Mac OS X 10.6.5, Apple's automated Software Update mechanism bypasses the protections PGP Corporation had put around a critical file needed for normal system startup.

Prior to the release of the Mac OS X 10.6.5 update, the PGP Engineering team tested every version of the early developer release of the update provided to PGP by Apple and no conflicts were found. However, we identified after the release of the update that Apple's automated Software Update mechanism bypasses...

Brian Tokuyoshi | 17 Jan 2011 | 19 comments

PGP® Desktop 10.1.1 from Symantec™ is now available and includes a number of updates, and one of the most prominent features is for Mac OS X users. In a nutshell, when Apple pushed out the Mac OS X 10.6.5 and 10.6.6 updates, some of our customers who had PGP® Whole Disk Encryption from Symantec™ experienced a problem that made the machine unbootable. It didn’t affect everybody, but there were certain conditions that caused it to occur with a particular group of users.

First of all, we want to reassure all of you that we tested PGP Whole Disk Encryption on all of the early access developer releases, and we did not see this problem occur. Our engineering and support team diagnosed the problem further, and discovered that the issue arose out of the Mac OS X Automatic Update utility, which disabled PGP Desktop and overwrote critical boot files. The problem wasn’t so much with the operating system update itself, but how the installer performed the...