Educause Security Discussion mailing list archives
Re: Mac encryption?
From: Morrow Long <morrow.long () YALE EDU>
Date: Fri, 13 Nov 2009 12:22:17 -0500
You'll often see this same problem with the Mac version of several other commercial products (Symantec Anti-Virus for example). Mac versions are a lesser priority to most vendors. Version released for a major MacOS upgrade are often later than those for Windows, lack features found in the Windows version and can be rougher around the edges for two major reasons: 1. Apple Macs are a much smaller market than the Windows PC market in terms of total purchases. 2. Apple Mac users were also perceived (rightly or wrongly) as a less commercial market (this is the explanation for the lack of enterprise integration product functionality and management console interfaces). Morrow On Nov 13, 2009, at 12:01 PM, Basgen, Brian wrote:
The Mac version of Checkpoint's product is also feature limited compared to the PC version. That said, it is a capable product with a good feature set (e.g. still allows single sign on, which is a major feature). FWIW, while the Checkpoint product works reasonably well for us, the management interface of the software is rather clumsy. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College Office: 520-206-4873 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU ] On Behalf Of Mike Lococo Sent: Friday, November 13, 2009 9:17 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Mac encryption? Harvard Townsend wrote:We're using PGP Whole Disk Encryption for Macs and Windows and have been very satisfied, except they do not yet support Snow Leopard. The do support Windows 7, though.We're evaluating PGP as well, and while it works ok I thought it worth mentioning that PGP on the Mac seems like a bit of a second class citizen when compared to PGP on Windows, at least when you're using it in conjuction with a managed PGP server. For example: * If you use Guarded Key Mode, the Mac client cannot automatically download the GKM keys during enrollment of a new machine (the windows client can). Instead you have to manually load the keys from some other source. * Mac clients fail to complete the "Key Reconstruction" process using the 5 recovery questions. They give an error which falsely claims that the questions were answered incorrectly. If you forget your passphrase or your keyfiles become lost/corrupted, you'll have to recover them from a PC and manually transfer them to your mac. * You can't change or update your 5 Key Reconstruction questions on a Mac. If you want to update your security questions, you must do so from a PC. * The Whole Disk Encryption boot prompt for Mac clients does not display the site-specific "additional text" often used to point folks to the helpdesk in the event of problems. * Finally, as others have noted Snow Leopard support has lagged Windows 7 support considerably. Whereas it seems like PGP fairly consistently tries to release PGP compatibility updates in advance of retail availability of Windows OS updates, you're likely to be stuck holding your Mac clients back pending the availability of a compatibility update. I haven't used Checkpoint and can't speak to whether they do any better, but while PGP is certainly fuctional on a Mac, it is fairly rough around the edges. I find this to be in stark contrast to the Windows version which I've found to be quite solid and bug-free. Thanks, Mike Lococo
Attachment:
smime.p7s
Description:
Current thread:
- Mac encryption? Plesco, Todd (Nov 12)
- <Possible follow-ups>
- Re: Mac encryption? Jones, Dan (Nov 12)
- Re: Mac encryption? Basgen, Brian (Nov 12)
- Re: Mac encryption? David Grisham (Nov 13)
- Re: Mac encryption? Harvard Townsend (Nov 13)
- Re: Mac encryption? Morrow Long (Nov 13)
- Re: Mac encryption? Mike Lococo (Nov 13)
- Re: Mac encryption? Basgen, Brian (Nov 13)
- Re: Mac encryption? Morrow Long (Nov 13)
- Re: Mac encryption? Mike Lococo (Nov 13)