Reflect for a moment that the ‘S’ in SMTP stands for “simple,” not “secure.”
The e-mail protocol was originally developed for a small number of collegial scientists sending messages about cooperative research over a closed network — not for personal, corporate and government users sending business plans, contracts, patent applications, or confidential medical records over a widely used public network. The bottom line is that nothing is secure about the SMTP protocol we use for e-mail.
Adopting SMTP for business and personal use led to readily intercepted e-mail messages, spam, phishing attacks. The later addition of MIME attachments has led to virus outbreaks occurring at the speed of light.
The simplest way to secure e-mail may be to encrypt all messages. After all, if people only read encrypted mail, they’d never open a spam or a virus-carrying message or attachment. In addition, the processing load of encrypting all that junk mail might hamper or even destroy the economics and operational models of botnet-based spam and virus operations.
But encryption technology is not readily available nor is it generally inexpensive, except to enterprise users that buy large-scale, server-based encryption systems. Examples include financial and other companies that send financial statements, invoices, or medical information in encrypted messages. They can bear the financial and the processing cost that goes with the encrypted approach to e-mail more easily than smaller businesses or individuals can.
Though most don’t take advantage of it, e-mail users do have the ability to encrypt attachments using desktop technology. SecureZip from PKWare, for instance, has been around for a while, but the company has not been able to generate wide use or acceptance of the product. But now PKWare has released SecureZip v11, along with a marketing program designed to make its combination zip-encrypt technology a widely used desktop standard. Could this be the one?
Well-behaved on the desktop
Available in enterprise and desktop editions, the new program has an easier user interface than previous versions and, perhaps more importantly, integrates directly with Microsoft Outlook.
That means that SecureZip operates on your files at the time you send them, saving you the trouble of encrypting them before composing your message. You can also encrypt the e-mail message body as well as any attachments, can encrypt attachments that you are forwarding through Outlook, and can even encrypt calendar entries that you are sending out.
The product zips files and messages before they are encrypted, which saves space over ordinary security methods. The embedded RSA encryption can use ordinary public/private keys for decrypting the messages, and can also use digital signatures. You’ll be able to get your own signatures for free through PKWare once the final version is shipped.
Installation was fast and trouble-free on my desktop PC, and the program has been working smoothly and quickly for some weeks now both through Outlook and in standalone mode. You’ll select default options for use when you send e-mail, and the program only pops itself up when it’s fulfilling one of those requests. For example, if you have it set to only encrypt attachments, or only zip them it will only pop up when you press the “Send” button for a message that has an attachment.
If you have configured SecureZip to encrypt message bodies, it will pop up whenever you send a message. In all cases you can uncheck the option previously selected or add options not selected. That means that if you’ve elected to zip but not encrypt attachments, you can still encrypt them when SecureZip presents itself.
The file-unzipping process is much the same as in previous versions of PKWare’s many Zip-based programs — so much so, in fact, that Windows XP’s native unzipper works on the files transparently. Decryption is equally easy, as long as you have the password, and uses the same menu system. If you choose, you can add a message to your e-mail that tells recipients where to download SecureZip — part of PKWare’s new marketing program.
The Enterprise Edition adds features that are important in a multi-user environment, and should appeal in particular to small- and medium-sized businesses. In particular, it includes policy management, which not only determines if and when users should encrypt files but allows lets administrators set standards and formats for passwords.
More important than those features is the master password, which enables an administrator to retrieve encrypted files after an employee has left. That’s especially handy if the circumstances of departure were abrupt or negative. SecureZip v11 Enterprise Edition does not require a server in order for these features to work — a change from previous versions.
The single user version of SecureZip is free — a price point PKWare sees as the keystone of its effort to make its program the standard for desktop encryption software. The Enterprise Edition isn’t free, but the price has been reduced to US$49.95 per seat, a reduction of $90 from the previous, server-based, enterprise product.
I’ve always been a PKWare Zip fan, especially after trying the clumsy compression interface Microsoft installed in Windows XP, and I like the new edition of SecureZip quite a bit. After about a month of using it I have no intention of removing it from my system because it makes easy work of zipping and encrypting my e-mail out. And, by the way, the price is very right.