Thank you for using Network Associates' products. This What's New file contains important information regarding PGP Corporate Desktop, PGPmail, PGPdisk, PGPvpn and PGPfire. Depending on the PGP product(s) you chose to purchase and install, some of the items listed in this file may not apply to you. Network Associates strongly recommends that you read this entire document.

Network Associates welcomes your comments and suggestions. Please use the information provided in the Read Me file to contact us.

Warning: Export of this software may be restricted by the U.S. Government.

WHAT'S IN THIS FILE  

Changes in Version 7.1.1
New Features
Known Issues
Additional Information

CHANGES IN VERSION 7.1.1

• PGPmail and PGPdisk may now be used through Windows Terminal Services.
• This release incorporates all patches and hotfixes released since 7.1, and fixes other reported customer issues.

NEW FEATURES

Modularity

1. PGP Corporate Desktop has been split into four products:
   • PGPmail - Email and File Security
   • PGPdisk - Disk Security
   • PGPvpn - IPsec Virtual Private Networking
   • PGPfire - Personal Firewall and Personal IDS

   PGP Corporate Desktop is also available in the traditional form with all of the products integrated together. Each of the products can be installed and uninstalled in any combination to automatically combine the functionality.

Smart Card Support

2. PGP now provides full support for smart cards. Smart cards allow private key storage on secured hardware. Decryption and signing operations using private keys stored on smart cards occur on the smart card itself. Keys can also be generated on the card, and the cards do not allow the private keys to be read off the card. The smart card features have been integrated into PGP's core functionality and thus are available in all of the PGP products whenever key pairs are used.
3. Three smart card types have been certified for this release:
   • Rainbow's iKey 20XX
   • Schlumberger's Cryptoflex
   • GemPlus GemSafe Enterprise

   For best results, we recommend using these cards. PGP also provides more generic support for any type of smart card that provides full PKCS#11 compatibility.

4. PGP's smart card implementation is fully compatible with certificates placed on cards by Windows 2000 or Netscape Communicator.

Personal Firewall / Personal IDS / VPN

5. Application-level firewall. PGP's enterprise-class Personal Firewall and Personal IDS (Intrusion Detection System) now supports the ability to specify applications associated with each firewall rule, and sports a significantly improved user interface.
6. Firewall rule learning. PGP can now be told to watch your network traffic and write firewall rules dynamically for you.
7. Notifications of unknown network traffic. PGP can now ask you whether you want to allow or deny applications from communicating over the network as they occur, and will automatically modify your firewall rules as appropriate based on your answers.
8. Firewall rule sets can now be exported and imported.
9. VPN IP Range support. In addition to the past support for VPN Subnets, PGP now supports Ranges. For many networks, especially extremely large networks, Ranges are a much superior way to specify the configuration of the network.
10. Sniffer-format intrusion packet captures. Packets which cause the intrusion detection system to fire are now automatically captured and logged. They can later be analyzed using packet analysis tools such as Sniffer.
11. Automatic IP Address block ownership tracing. When tracing Intruders, PGP will now provide information about the ownership of the IP Address block from which the intrusion originated.
12. PGPfire is now compatible with the CheckPoint SecuRemote VPN client.

Enhanced Exchange Server Support

13. Exchange server identities, which are similar to ""/o=Acme/ou=HR/cn=Recipients/cn=JBob", can now be automatically added as a second PGP user ID when generating keys. The Outlook email plugin will automatically lookup identities of this form as well. This feature makes sending email using the Outlook plugin in an Exchange Server environment even more seamless.

Large File Support

14. PGP now supports file encrypt/decrypt/sign/verify operations on files greater than 2.5 Gigabytes.

KNOWN ISSUES

1. Due to a Windows 2000 limitation, you cannot use the normal Delete function to delete a folder on a PGPdisk volume that is mounted as a directory. However, you can work around this limitation by selecting the folder and pressing Shift+Delete.
2. If PGPfire is installed along with CheckPoint's SecuRemote client, then the ipconfig command line tool will not show the IP address of the computer.

ADDITIONAL INFORMATION

All PGP Corporate Desktop Products

• Certain Microsoft Windows operating system services are needed to authenticate communication between PGP components on your computer. On Windows NT, the "RPC Configuration" network service is required. On Windows 2000, the "Client for Microsoft Networking" component must be installed, but may be disabled if so desired.
• The DKeyServ.exe service from the iKey Token software must be running in order for the iKey to interoperate properly. If Rainbow's software is already installed on your computer, go to the Services control panel and make sure that the Startup Type is set to "Automatic" for DKeyServ.exe. If the Rainbow software is not yet installed on your computer and you want to load this service automatically during its installation, then select the "Start CIP during Windows startup" check box.

PGPmail

• The Windows Explorer provides PGP with information only about the target of a shortcut and not the shortcut itself. If you use the Wipe feature in the Explorer, the shortcut itself will not be wiped. The actual target will be wiped. When using PGPtools, the shortcut will also be wiped.
• Hotkeys are for use with applications that support general text editing. Using Hotkeys with some applications may result in unpredictable behavior.
• The PGP ICQ plug-in is not compatible with ICQ's Multilanguage mode and Split Message mode. Please make sure those options are disabled for proper operation of the ICQ plug-in. ICQ 2001b is not supported.
• The PGP Outlook plug-in does not support using Microsoft Word as an email editor.
• When sending a PGP message in Eudora, your message is converted to an attachment and attached to a blank message when it's placed in your Outbox. If "Keep Copies" is turned on in Eudora, then the same thing happens to the copy of the sent message. This behavior is normal for Eudora and is not controlled by the PGP plug-in. If you find this behavior to be undesirable, please contact Qualcomm at eudora-bugs@qualcomm.com.

PGPdisk

• The Adaptec DirectCD software is fully compatible with PGP. However, you must not create a PGPdisk on a CD-R using Adaptec's CD-R features that allow in place additions. You can create a PGPdisk on a normal hard drive and then copy it to the CD-R.

PGPvpn/PGPfire

• Do not attempt to manually uninstall PGPnet. It is very important that you use the PGP Uninstaller to remove PGPnet. The PGP Uninstaller can be accessed via the Add/Remove Programs control panel.
• Do not attempt to make changes to the PGPnet Virtual Identity Adapter. This adapter is controlled programmatically, and cannot, for instance, be given an IP address manually.
• On Windows NT and Windows 2000 platforms, the DHCP Client service must be running to ensure proper operation of the PGPnet Virtual Identity feature. To avoid problems, set your DHCP Client service to start automatically.
• 3COM's Dynamic Access control panel prompts you to reboot if you use Set Adapter to modify your network bindings. Ignore this reboot request until Windows has finished updating the network bindings.
• PGPnet does not support Token Ring or FDDI network interface cards.
• PGPnet is not compatible with the Intel EtherExpress 16 driver.
• At release time, SMC had just released new drivers for their 802.11 wireless cards. These new drivers are required for PGP compatibility.
• This release of PGP has been tested successfully with many third party VPN clients including those from Nortel, CheckPoint, and Cisco/Altiga. We recommend always installing PGP after installing the third-party product as well as uninstalling PGP or unsecuring all adapters prior to uninstalling the third party VPN product.
• When using PGPfire with Nortel's Contivity VPN Client, make sure the "Extranet Access Client Adapter" is not secured.
• If PGPnet is installed, you cannot use the default MSN dialer to connect to MSN. To connect to MSN with PGPnet, use the Microsoft Dial-Up Networking client.
• AOL 6.0 is not compatible with many third-party VPN/Firewall products. Attempting to establish a PGP VPN connection through an AOL 6.0 Internet connection is likely to fail. We recommend using AOL 5.0 until AOL resolves these issues.
• The legacy authentication/RADIUS (aka Extended Authentication) mechanism of the PGP 5 through 150 e-ppliance firmware version 6.0 is not compatible with this release of PGP. This problem will be resolved in the 6.1 firmware update for those devices. Shared passphrase modes are fully compatible with the current e-ppliance firmware. PGP's Extended Authentication support is fully compatible with many gateways.
• If you are planning to use Microsoft File and Print Sharing Services on Windows 98 and Windows ME platforms, then make sure that this is installed prior to installing PGP. If it is added after PGP, then you must run SetAdapter to clear all adapters, and then run SetAdapter again (after reboot) to secure the appropriate adapters.
• PGP is compatible with most PPPoE clients. However, some of these clients require changes to their configuration filesfor proper operation. Please contact the support organization for your PPPoE client for details if you experience problems.