Network Computingwww.networkcomputing.com

Norton Your Eyes Only, however, is easy to use and provides a full range of additional security features, including boot-locking, screen-locking and multiple sets of user rights per machine. It also provides for automatic distribution of client softwa re, centralized logging of audit information, public-key distribution and support for a one-time password scheme that assists mobile users who have forgotten their passwords.

Symantec's product also supports public-key encryption. This means that users who have been set up appropriately and who have access to the same public-key server, can send encrypted files to one another simply by looking up the recipient in an e-mail system-like directory. There is no need to share a secret password in advance. Unless you are concerned with the privacy of e-mail within the corporation, this feature is probably most useful in the case of mobile users because they may need to communicate via untrusted networks. This is not a practical solution for communicating with persons outside the organization because they would need the client software and access to the public-key server.

Although Symantec claims to provide on-the-fly encryption, Norton Your Eyes Only doesn't encrypt and decrypt as data is wri tten to or from disk, as BestCrypt NP and Armor 97 do. It instead encrypts and decrypts whole files on disk automatically when a valid user attempts to open the file. Users are authenticated at logon time, and the authentication lasts until the user logs off--tamper-proofing is provided by means of screen-locking. Unfortunately, that means opening and closing large files is slow going when compared with BestCrypt NP and Armor 97, and the system is arguably less secure for short periods. The product also supports only smart folders, which are automatic encryption and decryption solutions, on local drives. If you want to encrypt files on a server, you must do it manually by selecting one or more files and using an option on the right-click menu.

Data Fellows F-Secure Desktop 2.0
This product is similar to RSA SecurPC. It offers simple, secure on-disk file or folder encryption and decryption easily accessible from the Windows95 right-mouse button menu. It also offers a solid subset of the RSA SecurPC functionality, including support for both Windows95 and Windows 3.1, and the ability to produce self-decrypting executables.

But F-Secure Desktop lacks multiple trustee data recovery and requires a password to be entered every time decryption is attempted. However, if your users always work with the same set of files every time they boot up their machines, F-Secure Desktop may be a better choice than SecurPC-- it offers to decrypt all encrypted files when you boot up.

F-Secure Desktop also addresses one of SecurPC's more significant feature gaps--the availability of a separate secure delete function. While the Security Dynamics product securely deletes original source files after you encrypt them, it doesn't add a secure delete function to the right-mouse button menu. Of course, you could encrypt the file and use the regular delete, but that's a nonintuitive, two-step process that still leaves a possibility--albeit very remote one--of recovering the deleted data.

Data Fellow s take s the separate secure delete function one step further by offering a choice of how many times to overwrite the file (one, three or seven times). The more you overwrite it, the better the chance that the data will disappear forever. A single pass may leave magnetic traces of the data on the ridges of the hard drive surface.

In addition to F-Secure Desktop, Data Fellows offers a range of other security products including F-Secure SSH for network security with Internet commerce applications; F-Prot for virus protection; and F-Secure VPN, a PC-to-PC security product for virtual private networks.