Network Computingwww.networkcomputing.com

What's more, it comes bundled with a host of other features, including access management, antivirus, Web site blocking, access control, boot protection, Internet/intranet security, network protection, system audit/reporting. It also ships with a copy of another EMD product, Encryptor, a simple ad hoc file-encryption tool that addresses some of the weaknesses in Armor 97. It provides a secure wipe feature and lets you produce encrypted files while leaving the source file unencrypted. This makes it somewhat suitable for encryption of e-mail attachments, though the receiving party will need the same software.

EMD's Encryptor is also the solution you must use if you want to provide protection of backed-up files. Unlike the BestCrypt NP, which stores all encrypted files in easily backed-up container files, Armor 97 sets up special encrypted folders. Any information read or written between memory and disk is automatically decrypted or encrypted. Backup applications copying the contents of the folder will consequently back up unencrypted data.

Because Armor 97 and Encryptor are separate applications, we evaluated Armor 97, the stronger of the two for stored file protection. However, Encryptor is bundled free with Armor 97, so its features have been included in our features table .

McAfee VirusScan Security Suite with PCCrypto
PCCrypto is a part of McAfee's VirusScan Security Suite. This product is best-suited to users who need to encrypt only a few key files because it has no support for folder-based encryption. However, for these users, the product offers several advanced features, including separate secure deletion (one to seven passes) and support for self-decrypting executables. It also includes a unique feature, My Vault, which acts like an encrypted version of Windows95's My Briefcase; files may be encrypted by choosing "Send To," then "My Vault" after right clicking on a file.

If you want to encrypt and decrypt files by moving them to and from My Vault, you can achieve most of what you want via the right-mouse button, though you'll have to enter a password twice every time you move a file into the vault and once every time you move it out.

If you think that's cumbersome, just wait until you run the main application, which is w hat you have to do if you want to store encrypted files in other locations or produce self-decrypting executables for e-mail attachments. First, you need to launch the application, which by default is four menus deep from the start button. Then you have to select the encrypt or decrypt tab, browse to find the file, enter a target file name, enter a password (twice) and enter (or skip) a log file entry. Even then, the original clear-text source file is still intact and you have to click on the Wipe tab if you want to securely remove it. All in all, it will take you some 14 mouse-clicks and plenty of typing to encrypt a file this way.

However, all of this may be moot. McAfee, VeriSign and Security Dynamics have announced plans to work closely together on a number of initiatives. As part of that arrangement, RSA SecurPC is expected to ship as part of the McAfee Virus Security Suite. Meantime, however, McAfee insists that PCCrypto still has life left in it.

Aliroo PrivaSuite
PrivaFile is one of three applications that ship as part of Aliroo's PrivaSuite. Aliroo's goal is to provide a universal document security product that addresses not only stored files but also faxes, formatted text and e-mail attachments. Because the product is 16-bit, it is not well-integrated into the Windows95 environment; the same application runs on Windows 3.x, so there is no right-mouse button support. In addition, the application is somewhat cumbersome to use. However, the product supports a range of platforms (Windows 3.x, Windows95, NT and DOS) and provides strong administrative features.

If you need to deploy PrivaFile to many users, you can implement PrivaSuite Corporate Key Manager, which provides centralized administration of keys. It supports centralized audit logging of encryption events and recovery of data in the event of lost passwords.

PrivaFile does not produce self-decrypting executables for e-mail attachment, but it does ship with a 32-KB executable that can be sent along with an encrypted file and used to decrypt it. Although not as convenient as the self-decrypting executable approach, this may be useful if attachments are small and bandwidth is limited; it is only necessary to send the 32-KB executable once, after that, any files may be decrypted if the key is known.

Software Shelf International CONFIDENTIAL
Software Shelf distributes CONFIDENTIAL for the Swedish firm Winix. Security in CONFIDENTIAL is folder-based and will work only on local drives. Although the product lacks administrative features and is somewhat unwieldy to use, it does do a very good job of completely hiding files. Once encrypted, files disappear from the source folder, so there is no possibility of gleaning information from file names.

In fact, to launch the application you first must run the executable (you'd probably add this to your start-up folder), then click on a small icon that appears on the right-hand side of the Windows95 taskb ar. Because it d oesn't explain in the manual how to start the program, it took us nearly 30 minutes to notice the little icon; this program is definitely worth considering if you want to actually prevent people from knowing that there are encrypted files on your system. However, the product is not suitable for enterprise deployment. It provides no means of information recovery. If you forget the password, you lose the data. In addition, the product does not provide audit capabilities and administrative tools.

Philip Carden is a managing consultant with The Registry Inc., a leading international provider of IT consulting and professional services. He is an industry recognized expert in network security and is a co-author of the book Internet Security for Windows NT. You can reach him at pcarden@tri.com.