Open PGP Technology
ArticSoft Open PGP products and virus prevention
Resisting viruses and e-mail threatsThe overall design of security enforcing systems has a profound effect upon the results experienced by users.
Many file and message encryption products take the approach of integrating themselves into the most popular e-mail and messaging services in order to provide what is often called 'seamless integration' so that the user does not have to be aware, or, even, is not responsible for applying security to files and messages. These things are expected to happen automatically.
This approach creates several critical problems for users and administrators.
Integration is carried out using plug-ins. Sometimes these just don't work with other plug-ins that have been implemented (possibly no-one knew another product was already plugged in because they don't always tell you). At that point things usually stop working for a while until it gets sorted out.
The plug-ins are exposed to anything capable of attacking the other service, which may choose to alter code to bypass the plug-in when wished. There have been many compromises of security systems achieved by compromising the e-mail package instead. Also, modern worms and viruses are able to make use of the e-mail service to execute code, to gain access to address books and to activate system facilities.
Users may not be aware of what is going on 'under the hood' and take no notice of what is happening, simply because they have been blindsided by the administrators. So they won't notice if something is not happening and won't accept that they have any responsibility for what happens either.
Finally, full integration may not be designed to allow on-access virus scanners to run before an encrypted file (that unfortunately had a virus in it before the sender encrypted it because they didn't check) is decrypted and used.
ArticSoft have set out, by design, to avoid these pitfalls, giving users higher degrees of protection and involvement than would otherwise be the case.
ArticSoft products are not 'plugged-in'to e-mail and messaging services. As a result they don't therefore have any plug-in issues, and are, also, very easy to install and de-install.
Because ArticSoft products hand over fully encrypted information to the e-mail or messaging service, if viruses attempt to add themselves to the files or text all they cause is decryption failure on receipt. This is because the ArticSoft readers work outside other services, and do not obey in-line executables, asp or jsp, or, in the case of text, process any non-text characters. Decryption is a two stage process where the user is first told the verifiable status of the file they have received, and can decide to process that file as a second, separate step, once they are personally satisfied about the source. This ensures that an on-access scanner will run, and can detect if a virus was in the file before it was encrypted. As a further benefit, because the decrypted file is not opened under the control of the e-mail system, copies are not left in one of the systems areas, for a hacker to be able to find, as happens with some other systems.
As a final, and probably most important benefit, users are involved as part of the security of the system. They are responsible for deciding when information is sensitive and authorizing information, and only they can really decide if the source of encrypted files is correct or not. And if they are not in control, what responsibility will they take?