SecureZip improves encryption for file-based applications

1. The process of encrypting or decrypting something is often too arcane for most people, even when it's simplified quite a bit.
2. If someone else wants to make use of what you've encrypted, they often have to download and install software that's intrusive and difficult to use -- which is, in a way, an extension of the first problem.

Data security vendor PKware Inc., the maker of the PKZIP family of products, is doing its best to break through this double impasse with a new product, SecureZIP, version 11. It's a multi-platform .zip application, billed as "the next generation of ZIP," and it includes strong password- and certificate-based encryption as a standard feature. Most everyone knows how to create a .zip file or unpack one; PKware's guess

Encryption extras Alternative encryption methods? TrueCrypt: Free encryption utility

is that by adding strong encryption as a standard .zip feature, they can make it that much easier for people to encrypt documents and email. In that sense it's similar to products like MessageLock, but MessageLock is specifically designed as an Outlook extension while SecureZIP is more general-purpose.

SecureZIP installs and runs primarily as a .zip file client, so the user doesn't have much of a learning curve to get over. Right-click on the file, select the appropriate context menu option and the .zip file appears in the same directory. The only overhead that SecureZip adds is to prompt the user for a password. As long as recipients of the file have the password, they can extract the file. But if they don't have SecureZip on their end, they can elect to automatically create a self-extracting archive (which can run on Windows, Linux, DOS, Solaris and a variety of other platforms). AES 256-bit encryption is used by default, but 128- and 192-bit AES (as well as 168-bit 3DES) are also available. SecureZip can also optionally install a system tray icon that allows quick access to common options such as signing attachments or encrypting a message body.

Advanced SecureZip options include signing files with encryption certificates as well as password protection.

If password encryption alone isn't enough, SecureZip allows files to be automatically signed using a digital certificate, one either stored locally or available through a directory. Received signed files can also be authenticated against the signature's public key (if one is available). In addition, you can use a certificate as a recipient list with or without a password so that a given file cannot be decrypted by anyone except the intended recipient.

SecureZIP integrates into Microsoft Outlook as a message-encryption solution. By default, it automatically compresses any attachments sent through Outlook and installs a toolbar to let you set message-specific options. It supports both Outlook 2003 and 2007, although integration with OL2K7 is a little clunky at the moment -- the SecureZip toolbar shows up in the Add-Ins tab for a message. If you elect to encrypt an entire email and not just its attachments, then the message, attachments and all, are packed into a file and encrypted with instructions for extraction. A SecureZIP user at the other end will be prompted to automatically extract the file. Those without SecureZIP can download a free tool, ZIP Reader to unpack the message, which also works with standalone .zip archives.

SecureZip makes the basic process of securely encrypting documents and email as easy as creating a .zip file.

One possible problem with SecureZIP is that people on locked-down machines who cannot install or run programs arbitrarily must have SecureZIP or the ZIP Reader added by an administrator in order to receive messages. If the lockdown on their end is tight enough, they probably won't even be able to unpack a self-extracting archive created by SecureZIP. But, realistically speaking, this isn't a limitation of SecureZIP per se, and the way SecureZIP is implemented makes it a lot easier for people to perform good encryption (that is, encryption that isn't going to be broken casually) without a huge amount of work.

Finally, in addition to the desktop version, PKware publishes an advanced server edition of SecureZIP, which includes extensions for FTP and SMTP -- a feature set I'm deeply curious about and would like to explore separately at another time.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

Rate this Tip To rate tips, you must be a member of SearchWindowsSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Vulnerability/Authentication tips for Windows Correct improperly assigned user rights in Windows XP Free security testing tools for Windows handheld devices Windows Integrity Control (WIC) in Vista Metasploit 3.1 updates improve Windows penetration testing Cross-site scripting 101: XSS attacks plague Web browsers Windows network rights, password policy and network security testing Top Windows security testing tips of 2007 Network security assessment for network infrastructure Cheap Microsoft licenses for security pros: Microsoft Action Pack Determining the proper Microsoft malware removal tool Security Tools Patch Tuesday will see the release of 13 security updates Securing your Office Step-by-step guide: Simple e-mail encryption Cracking passwords Offline NT Password and Registry Editor Windows Server Update Services (WSUS) Desktop apps ripe turf for open source Security Tools Research Other Microsoft Tools Vista SP1 vs. XP SP3 -- upgrade or business as usual? Web security features of Internet Explorer 8 Data encryption with EFS and BitLocker, step by step Windows Integrity Control (WIC) in Vista Prevent data loss with Encrypting File System (EFS) PatchGuard defends against rootkits in Windows Vista What's hot in Windows security: Ins and outs of Windows Server 2008 Security tools that limit user logon in Windows Windows Vista's security features: One year later Cheap Microsoft licenses for security pros: Microsoft Action Pack RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BitLocker  (SearchWindowsSecurity.com) Microsoft Antigen  (SearchWindowsSecurity.com) Next Generation Secure Computing Base  (SearchWindowsSecurity.com) WS-SecureConversation  (SearchSoftwareQuality.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.