What's New in PGP Desktop Security Version 6.5.3 for Windows 95/98, Windows NT, and Windows 2000 Copyright (c) 1990-99 by Networks Associates Technology, Inc., and its Affiliated Companies. All Rights Reserved. Thank you for using Network Associates' products. This What's New file contains important information regarding PGP Desktop Security. Network Associates strongly recommends that you read this entire document. Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact us. Warning: Export of this software may be restricted by the U.S. Government. ___________________ WHAT'S IN THIS FILE - Fixes in this Release - New Features - Documentation - System Requirements - Known Issues - Year 2000 Compliance - Additional Information - Contacting Network Associates _____________________ FIXES IN THIS RELEASE 1. In some situations, it was not possible to Decrypt/Verify a message after browsing your hard drive with the Microsoft Outlook browser. This has been corrected. 2. PGP can now decrypt files that originally did not have a file extension. 3. PGPnet now supports Multi-Tech PCMCIA Cards on Windows NT. Previously, this card was only supported on Windows 95 and Windows 98. 4. PGP and CyberCop Scanner can now be installed on the same Windows NT computer. 5. Problems with some 16 bit applications crashing while PGPtray is running may be resolved. 6. PGP will now permit the selection of the destination directory if the source directory is read-only or full. ___________________ NEW FEATURES IN PGP 1. PGPnet. PGPnet is a landmark product in the history of PGP. PGPnet secures all TCP/IP communications between itself and any other machine running PGPnet. It is also highly interoperable with the Gauntlet VPN firewall/gateway product family providing a complete solution for corporate remote access VPNs using the industry standard IPSec (Internet Protocol Security) and IKE (Internet Key Exchange) protocols. PGPnet has been successfully tested with Cisco routers (requires Cisco IOS 12.0(4) or later with IPSec TripleDES), Linux FreeS/WAN, and many others. PGPnet is also the first IPSec product to fully support the use of OpenPGP keys for authentication in addition to X.509 certificates. 2. Self-Decrypting Archives. You may now encrypt files or folders into Self-Decrypting Archives (SDA's) which can be used by users who do not even have PGP. The archives are completely independent of any application, compressed and protected by PGP's strong cryptography. 3. X.509 Certificate and CA Support. PGP is now able to interoperate with the X.509 certificate format. This is the format used by most web browsers for securing the transfer of information. PGP supports the automated request of certificates from Network Associates' NetTools PKI, VeriSign's OnSite, and Entrust certificate authorities. X.509 certificates are analogous to a PGP signature, so you can even request X.509 certificates on your existing PGP key. This feature can also be used to interoperate with existing VPN solutions based on X.509. 4. Integrated PGP Command Line. This version incorporates the popular command line version of PGP for Windows platforms. This product provides a convenient way to integrate PGP with other Windows applications and automated processes on your desktop system. Please note that this is intended for single user/workstation use. For use on servers, customers are required to purchase the PGP e-Business Server product. Please contact your local Network Associates Sales representative for more information. 5. Automated Freespace Wiping. PGP's Freespace Wipe feature now allows you to use the Windows Task Scheduler to schedule periodic secure wiping of the free space on your disk. 6. Hotkeys. The Use Current Window feature has been significantly enhanced by the addition of Hotkeys. By using a configured key combination, the Encrypt/Decrypt/Sign functions can be automatically invoked without using PGPtray. This feature is very useful for users using messaging applications that PGP does not currently have a plug-in for, such as Netscape Messenger. 7. Fingerprint Word List. When verifying a PGP public key fingerprint, you can now choose to view the fingerprint as a word list instead of hexadecimal characters. The word list in the fingerprint text box is made up of special authentication words that PGP uses and are carefully selected to be phonetically distinct and easy to understand without phonetic ambiguity. 8. Support for Outlook 2000 and Outlook Express 5.0. This version of PGP adds support for sending and receiving encrypted email in Microsoft Outlook 2000 and Outlook Express 5.0. 9. HTTP Proxy Support. If you are behind a corporate firewall with an HTTP proxy server, PGP now supports accessing HTTP keyservers through the proxy. To use this feature, you must configure the proxy server address in your Internet Explorer preferences. 10. Smart Word Wrapping. The word wrapping in PGP now automatically rewraps paragraphs and even quoted paragraphs resulting in much cleaner signed messages. * PGP ENHANCEMENTS * 1. Support for Windows 2000 operating systems. This release of PGP introduces support for Microsoft's latest releases of Windows. All PGP functionality is available in Windows 2000 except PGPnet. PGPnet will support Windows 2000 in future releases of PGP. 2. Lotus Notes plug-in integrated. PGP now includes an integrated plug-in for Lotus Notes 4.5x - 4.6x clients. This feature extends PGP's strong encryption and authentication services to Lotus Notes users. 3. Support for Novell GroupWise via new plug-in. This release of PGP marks the introduction of support for Novell GroupWise 5.2.3, 5.2.4, and 5.5.x via a new plug-in. This plug-in further extends PGP's broad messaging platform coverage to another critical platform used in many enterprises today. 4. Windows 2000 IPSec interoperability. PGPnet running on non-Windows 2000 systems can establish VPN connections with the built-in Windows 2000 IPSec client. (The Windows 2000 system must be running the Windows 2000 High Encryption Pack.) 5. New PGP Notes Plug-in Server Wizard. If you have installed the PGP Lotus Notes plug-in on your Lotus Notes clients, you can run the PGP Notes Plug-in Server Utility to easily configure the appropriate Domino server(s). The PGP Notes Plug-in Server Utility enables you to configure the Domino Server(s) for PGP Lotus Notes plug-in usage and configure individual user(s) databases so they can take advantage of this new PGP plug-in. 6. Intel Pentium III Random Number Generator (RNG) support. If your computer is equipped with the Intel RNG, PGP will use the random data generated by the chip in addition to our own entropy collection whenever random data is needed for key generation and encryption. The Intel RNG is currently only available with select Pentium III chipsets, including the Intel 810 chipset. 7. Automatic email plug-in pre-selection. PGP will now automatically pre-select email plug-ins to install on your system based on what messaging applications are installed. Nevertheless, you are still able to change the selected plug-ins at install time. _____________ DOCUMENTATION Also included with this release are the following manuals, which can be viewed on-line as well as printed: * Introduction to Cryptography * PGP Administrator's Guide * PGP Installation Guide * PGP User's Guide * PGP Command Line User's Guide Each document is saved in Adobe Acrobat Portable Document Format (.PDF). You can view and print these documents with Adobe's Acrobat Reader. PDF files can include hypertext links and other navigation features to assist you in finding answers to questions about your Network Associates product. To download Adobe Acrobat Reader from the World Wide Web, visit Adobe's Web site at: http://www.adobe.com/ This release also includes integrated online help in Microsoft Windows Help format: * Online help: - PGP online help - PGPdisk online help - PGPnet online help Documentation feedback is welcome. Send email to tns_documentation@nai.com. ___________________ SYSTEM REQUIREMENTS To install PGP on a Windows 95, 98, 2000, or NT system, you must have: - Windows 95, 98, 2000, NT 4.0 with Service Pack 3/4/5 - 32 MB RAM - 16 MB hard disk space for the Client install If you plan to run PGPnet on the system, you must also have: - Microsoft TCP/IP - A compatible LAN/WAN network adapter Note: PGPnet functionality is not available for users of Windows 95a (the original release of Windows 95) or Windows 2000. PGPnet supports Windows 95b (OSR2), Windows 98, and Windows NT 4.0. ____________ KNOWN ISSUES *PGP ISSUES* 1. Mismatching your keyring files can result in data loss. Your public keyring file and private keyring file must be kept in sync. If, for instance, you select a public keyring file that does not contain the public portion of your private key and do not also change the private keyring to the corresponding file, you and others will not be able to encrypt to exported versions of your key after that time. In most cases, simply updating your key from a public copy on a keyserver will fix this. However, it is recommended that the keyring files always be kept in sync. A future version is expected to correct this issue. 2. Using a Split Key as a public key for PGPdisk will not allow reconstitution of the key through the usual dialog provided for reconstituting split keys. To use such a key to open a PGPdisk, you must first rejoin the key in PGPkeys. 3. Some PGP Versions 6.0 and later features are incompatible with previous versions of PGP, so we feature a "compatible" export format that strips incompatible features such as Photo IDs and X.509 certificates from keys. Selecting "Include 6.X Extensions" in the Export dialog enables these features to be exported. By default, we export in compatible mode. You may change the default in the Advanced preferences dialog. When sending a key to a PGP Certificate Server Version 2.0 or above, Photo IDs always accompany the key. The default LDAP server in PGP 6.x supports this. 4. Sometimes, after a PGPdisk volume is unmounted and placed in the Recycle Bin and the Bin is emptied, Windows reports that the drive letter associated with the PGPdisk volume is no longer accessible. This behavior should cease after the system is rebooted. This will not interfere with the normal operation of your system. 5. On Windows 95/98, the Free Space Wiper will reset every time another program writes to your disk while the wiping process is in progress. This is similar to defragmentation programs, and is required by the Operating System. For optimal wiping, make sure to close all open applications. On some systems with very low amounts of RAM, it may be advisable to also shutdown Windows Explorer. 6. The Windows Explorer provides PGP with information only about the target of a shortcut and not the shortcut itself. If you use the Wipe feature in the Explorer, the shortcut itself will not be wiped. The actual target will be wiped. When using PGPtools, the shortcut will also be wiped. 7. Hotkeys are for use with applications that support general text editing. Using Hotkeys with some applications may result in unpredictable behavior. 8. Hard disk utilities (such as ScanDisk) or programs that monitor the hard disk will not run on a drive on which a PGPdisk volume is mounted. This is to insure that the PGPdisk volume does not become corrupted. To use your hard disk utilities, unmount all PGPdisk volumes on the drive on which you wish to use the utilities. 9. PGPdisk volumes accessed using an Additional Decryption Key open with permissions set as follows: FAT volumes open with permissions set to read-only; NTFS volumes open with permissions set to read/write. 10. (Windows 2000 only) To support Windows 2000's Hibernation mode, PGPdisk's Inactivity Timeout feature is disabled on Windows 2000. 11. (Windows 98 only) If you create a PGPdisk which you plan to immediately copy to a different drive, we recommend that you reboot before you copy to make sure everything is written correctly. This is only a potential issue just after the creation of the PGPdisk, and is due to a Windows 98 disk caching bug. 12. The PGP Exchange/Outlook plug-in does not support Microsoft Word as an e-mail editor. 13. We strongly recommend that VirusScan users upgrade to VirusScan Version 4.0.3 or later to take advantage of the newest virus DAT file update features. 14. (Lotus Notes only) When encrypting a message using conventional encryption, the "Enter Passphrase" dialog box appears multiple times. 15. (Lotus Notes only) Encrypt and Sign functions do not appear in the Lotus Notes "Actions" menu, but Decrypt and Verify do appear. The Encrypt and Sign buttons appear in the upper right side of the message and not in the toolbar. 16. (GroupWise only) The GroupWise plug-in does not support PGP's Secure Viewer feature, nor the Synchronize With Servers feature. * PGPNET ISSUES * 1. Do not attempt to manually uninstall PGPnet. It is very important that you use the PGP Uninstaller to remove PGPnet. PGPnet makes extensive modifications to the registry and changes the bindings on network adapters. The PGP Uninstaller can be accessed via the Add/Remove Programs control panel. 2. [Windows NT only] As a precautionary measure, in the unusual event that there is an incompatibility between your network card driver and PGPnet, you can create a "No Networking" hardware profile prior to installing PGPnet on your system. The "No Networking" hardware profile can be used later if an incompatibility occurs. To create a "No Networking" hardware profile, right click on "My Computer," select Properties, and then select the Hardware Profiles tab. Use the Copy button to create a copy of the Original Configuration. Get Properties on your copied configuration and click the Network tab. Finally, select the "Network-disabled hardware profile" checkbox. Click OK to both windows and then you are done. (Due to a Windows bug we recommend that you restart once and double-check that the "No Networking" configuration is working before you install PGPnet.) 3. [Windows 95 only] You may experience a loss of networking after resuming from standby mode. You must reboot your machine to resume network activity. 4. PGPnet is not compatible with the Intel EtherExpress 16 driver. 5. Installing virtual private network software such as PGPnet on the same machine as a firewall or another VPN client is highly likely to cause problems. We recommend uninstalling the other product prior to installing or choosing not to install PGPnet on such a machine. 6. You cannot use the default MSN dialer to connect to MSN if PGPnet is installed. To connect to MSN with PGPnet, use the Microsoft Dial-Up Networking client. ____________________ YEAR 2000 COMPLIANCE Information regarding NAI products that are Year 2000 compliant and its Year 2000 standards and testing models may be obtained from NAI's website at http://www.nai.com/y2k. For further information, email y2k@nai.com. ______________________ ADDITIONAL INFORMATION PGP 6.5.3 includes support for both RSA and Diffie-Hellman key types. _____________________________ CONTACTING NETWORK ASSOCIATES On December 1, 1997, McAfee Associates merged with Network General Corporation, Pretty Good Privacy, Inc., and Helix Software, Inc. to form Network Associates, Inc. The combined Company subsequently acquired Dr Solomon's Software, Trusted Information Systems, Magic Solutions, and CyberMedia, Inc. Network Associates continues to market and support the product lines from each of the former entities. You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to the Network Associates Customer Service department at the addresses or phone numbers listed below. Contact the Network Associates Customer Service department at: 1. Phone (972) 308-9960 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time 2. Fax (408) 970-9727 24-hour, Group III Fax 3. Email: custcare@nai.com Network Associates Corporate Headquarters McCandless Towers 3965 Freedom Circle Santa Clara, CA 95054 Phone numbers for corporate-licensed customers: Phone: (972) 308-9960 Fax: (408) 970-9727 Phone numbers for retail-licensed customers: Phone: (972) 855-7044 Fax: (408) 970-9727 Or, you can receive online assistance through any of the following resources: 1. Internet Email: pgpsupport@pgp.com 2. Internet FTP: ftp.nai.com 3. World Wide Web: http://support.nai.com 4. America Online: keyword MCAFEE 5. CompuServe: GO NAI To provide the answers you need quickly and efficiently, the Network Associates technical support staff needs some information about your computer and your software. Please have this information ready when you call: - Program name and version number - Computer brand and model - Any additional hardware or peripherals connected to your computer - Operating system type and version numbers - Network name, operating system, and version - Network card installed, where applicable - Modem manufacturer, model, and speed, where applicable - Relevant browsers or applications and their version numbers, where applicable - How to reproduce your problem: when it occurs, whether you can reproduce it regularly, and under what conditions - Information needed to contact you by voice, fax, or email We also seek and appreciate general feedback. * FOR PRODUCT UPGRADES * To make it easier for you to receive and use Network Associates products, we have established a reseller's program to provide service, sales, and support for our products worldwide. For a listing of resellers, see the resellers.txt file or contact Network Associates Customer Service for resellers near you. * FOR REPORTING PROBLEMS * Network Associates prides itself on delivering a high-quality product. If you find any problems, please take a moment to review the contents of this file. If the problem you've encountered is documented, there is no need to report the problem to Network Associates. If you find any feature that does not appear to function properly on your system, or if you believe an application would benefit greatly from enhancement, please contact Network Associates with your suggestions or concerns. * FOR ON-SITE TRAINING INFORMATION * Contact Network Associates Customer Service at (800) 338-8754.