Re: Mac encryption?

[Morrow Long <morrow.long () YALE EDU>]

You'll often see this same problem with the Mac version of several
other commercial products (Symantec Anti-Virus for example).

Mac versions are a lesser priority to most vendors.  Version released
for a major MacOS upgrade are often later than those for Windows, lack
features found in the Windows version and can be rougher around the
edges for two major reasons:

1.      Apple Macs are a much smaller market than the Windows PC market in
terms of total purchases.
2.      Apple Mac users were also perceived (rightly or wrongly) as a less
commercial market (this is the explanation for the lack of enterprise
integration product functionality and management console interfaces).

Morrow


On Nov 13, 2009, at 12:01 PM, Basgen, Brian wrote:
> The Mac version of Checkpoint's product is also feature limited
> compared to the PC version. That said, it is a capable product with
> a good feature set (e.g. still allows single sign on, which is a
> major feature).
>
> FWIW, while the Checkpoint product works reasonably well for us, the
> management interface of the software is rather clumsy.
>
> ~~~~~~~~~~~~~~~~~~
> Brian Basgen
> Information Security
> Pima Community College
> Office: 520-206-4873
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU
> ] On Behalf Of Mike Lococo
> Sent: Friday, November 13, 2009 9:17 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Mac encryption?
>
> Harvard Townsend wrote:
> > We're using PGP Whole Disk Encryption for Macs and Windows and have
> > been
> > very satisfied, except they do not yet support Snow Leopard. The do
> > support Windows 7, though.
>
> We're evaluating PGP as well, and while it works ok I thought it worth
> mentioning that PGP on the Mac seems like a bit of a second class
> citizen when compared to PGP on Windows, at least when you're using it
> in conjuction with a managed PGP server.  For example:
>
> * If you use Guarded Key Mode, the Mac client cannot automatically
> download the GKM keys during enrollment of a new machine (the windows
> client can).  Instead you have to manually load the keys from some
> other
> source.
> * Mac clients fail to complete the "Key Reconstruction" process using
> the 5 recovery questions.  They give an error which falsely claims
> that
> the questions were answered incorrectly.  If you forget your
> passphrase
> or your keyfiles become lost/corrupted, you'll have to recover them
> from
> a PC and manually transfer them to your mac.
> * You can't change or update your 5 Key Reconstruction questions on a
> Mac.  If you want to update your security questions, you must do so
> from
> a PC.
> * The Whole Disk Encryption boot prompt for Mac clients does not
> display
> the site-specific "additional text" often used to point folks to the
> helpdesk in the event of problems.
> * Finally, as others have noted Snow Leopard support has lagged
> Windows
> 7 support considerably.  Whereas it seems like PGP fairly consistently
> tries to release PGP compatibility updates in advance of retail
> availability of Windows OS updates, you're likely to be stuck holding
> your Mac clients back pending the availability of a compatibility
> update.
>
> I haven't used Checkpoint and can't speak to whether they do any
> better,
> but while PGP is certainly fuctional on a Mac, it is fairly rough
> around
> the edges.  I find this to be in stark contrast to the Windows version
> which I've found to be quite solid and bug-free.
>
> Thanks,
> Mike Lococo

Attachment: smime.p7s
Description: