What is Symantec Encryption Desktop? (formerly known as PGP Desktop Encryption)

Symantec Encryption Desktop will end on October 1, 2024.  Please contact your local IT units to ensure your devices are encrypted via Bitlocker (for Windows) or FileVault (for Macs).  Encryption key escrow is available for both platforms.

 

Overview 

Your data deserves protection. The UIC license for Symantec Encryption Desktop provides easy to use and secure encryption to protect sensitive data on your laptop or desktop computers. Laptops are easily lost, and even desktop computers can be stolen. Symantec Encryption Desktop also includes a secure shredder, to really delete files you want to delete. A major motivation for using Symantec Encryption Desktop is to fulfill HIPAA requirements.

Why You Want to Use Symantec Encryption Desktop

You may have heard of PGP -- Pretty Good Privacy -- in the context of encrypting electronic mail and email attachments, and digitally signing email messages. That is not what the UIC license for Symantec Encryption Desktop/PGP Desktop is for. Symantec Encryption Desktop provides easy to use and secure encryption to protect sensitive data on your laptop, PC, or removable media. Laptops and flash drives are easily lost, and even desktop computers can be stolen. Symantec Encryption Desktop also includes a secure shredder, to really delete files you want to delete.

The UIC license for Symantec Encryption Desktop centers on Symantec Drive Encryption (formerly known as PGP Whole Disk Encryption / WDE) which securely encrypts the entire contents of your laptop or desktop, including boot sectors, system, and swap files. After you install Symantec Encryption Desktop on your computer, the disk encryption process will automatically run on its hard drive. After your hard disk is encrypted, you must login to Symantec Encryption Desktop before you can boot the computer. Operating system login bypass tricks won't work.

After you authenticate and your computer boots, encryption is always on, automatically protecting your data. But it is also transparent. This "transparency" means that your computer works exactly as it always did after you boot, but it also means that the files you use are not protected when your computer is on, after you authenticate with Symantec Encryption Desktop. So there are three additional things you need to do to protect your computer:

  1. Turn your computer off when you are transporting it, so that it will be protected from booting without logging into Symantec Encryption Desktop.
  2. Make sure you turn password protection on for when your computer goes to sleep. This does not provide the protection that Symantec Encryption Desktop does, but it will keep casual intruders from accessing your computer while it is asleep. (Note that if you use Hibernate on Windows machines rather than Sleep, Symantec Encryption Desktop will protect your computer when it wakes. However, not all Windows computers support or are set up so that they can Hibernate. (You can tell see whether Hibernate is a Shutdown option in the Start menu; Search in Help and Support on Windows for "hibernate" for more information.)

The Technology Solutions is running a Symantec Encryption Management Server, in which your PGP key is protected with your UIC Active Directory ID and password, which is your UIC NetID and your Technology Solutions common password.

What Am I Installing?

The software that you install is called Symantec Encryption Desktop, but the UIC license for Symantec Encryption Desktop includes only the Symantec Drive Encryption features. Symantec's Quick Start Guides:

have instructions on how to use these parts of Symantec Encryption Desktop:

Symantec Drive Encryption You can use Symantec Drive Encryption to lock down the entire contents of your system or an external or USB flash drive. Boot sectors, system files, and swap files are all encrypted. Whole disk encrypting your boot drive means you do not have to worry if your computer is lost or stolen: to access your data, an attacker would need your encrypted drive's "passphrase", provided that the computer is not already booted.

PGP Virtual Disk volumes allows you to define part of your hard drive space as an encrypted virtual disk volume that you mount with its own drive letter. When a PGP Virtual Disk is mounted -- open-- you can use it and the data in it like you would use any other drive. But when the volume is not mounted, all the data on the volume is protected .

PGP Zip allows you to create an encrypted, compressed, portable archive from any combination of files and folders. Symantec Encryption Desktop must be installed on a system to create or open a PGP Zip archive. You can use a PGP Zip archive to send data to other people securely or to back it up securely.

PGP Shredder completely destroys files and folders that you delete so that even file recovery software cannot recover them. When you delete a file using the Recycle Bin (on Windows systems) or Trash (on Mac OS X systems), it is not actually deleted; just the directory information pointing to it is deleted. PGP Shredder, however, immediately overwrites file's data multiple times.

The Technology Solutions runs a Symantec Encryption Management Server for UIC. The Symantec Encryption Management Server provides central administration of encryption applications, creation and delivery of configuration policy, reporting and logging, and management of PGP private and public keys.

The UIC license for Symantec Encryption Desktop does not include Symantec Desktop Email Encryption (which encrypts, signs, decrypts, and verifies email and Instant Messages) or, for Windows, PGP NetShare (for sharing protected files). PGP Viewer and PGP Zip, respectively, which we do have, can help with these tasks.

Because the Technology Solutions Symantec Encryption Management Server manages the campus's public and private keys, our Symantec Encryption Desktop does not come with PGP Key Management.

Added Security is Necessary When the Computer is Running

The biggest problem with Symantec Drive Encryption is even though the data on your hard drive is encrypted, after you log in and unlock the encrypted disk, your data is freely accessible. Making sure that everyone uses a login password and has that password activated when the computer wakes up from sleep or the screensaver can help with that problem.

However, on Windows, if you use Hibernate rather than Sleep, when your computer turns itself off, Symantec Encryption Desktop will protect your computer when it wakes. But not all Windows computers support or are set up so that they can Hibernate. To tell whether yours is, check to see whether Hibernate is a Shutdown option in the Start menu. Even if it isn't, you might be able to turn it on. Search in Window's Help and Support for "hibernate" for more information.

But the best/easiest solution to protect your laptop when you are transporting it or it is out of your control is to shut it down.