Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Windows XP and PGP - WARNING

0 views
Skip to first unread message

Anonymous User

unread,
Jun 5, 2002, 7:14:50 PM6/5/02
to
Be warned!! I downloaded PGP 7.0.3 Freeware and installed it with XP (no
warnings anywhereI). Result? I can't FTP files to my servers anymore! PGP
has hosed the TCP/IP stack, and the TCP/IP stack does not support manual
reinstallation. Hello total re-install of WinXP, goodbye 2 days of my time.
And goodbye PGP too. There must be something better which will work with
XP -- any suggestions?

Microsoft has this article on the problem:
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q286562


disa...@saiknes.lv.no.spam.net

unread,
Jun 6, 2002, 2:31:54 AM6/6/02
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Anonymous User wrote:
Be warned!! I downloaded PGP 7.0.3 Freeware and installed it with XP (no
> warnings anywhereI). Result? I can't FTP files to my servers anymore! PGP
> has hosed the TCP/IP stack, and the TCP/IP stack does not support manual
> reinstallation.

it does:
sc config IPSec start= system

> Hello total re-install of WinXP, goodbye 2 days of my time.
> And goodbye PGP too. There must be something better which will work with
> XP -- any suggestions?

yes, do not install PGPnet.

__
Disastry http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPP7lrDBaTVEuJQxkEQMDSgCg3p9i069WOQkOyHummnRuyRgXqg0An2Xb
wuJVTz5AhmRS21E9oyuYmANT
=3gHD
-----END PGP SIGNATURE-----

xganon

unread,
Jun 5, 2002, 6:38:40 PM6/5/02
to
Be warned!! I downloaded PGP 7.0.3 Freeware and installed it with XP (no
warnings anywhereI). Result? I can't FTP files to my servers anymore! PGP
has hosed the TCP/IP stack, and the TCP/IP stack does not support manual
reinstallation. Hello total re-install of WinXP, goodbye 2 days of my time.

And goodbye PGP too. There must be something better which will work with
XP -- any suggestions?

Microsoft has this article on the problem:
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q286562


xganon

unread,
Jun 6, 2002, 8:46:20 AM6/6/02
to
<disa...@saiknes.lv.NO.SPaM.NET> wrote

> Anonymous User wrote:
> > the TCP/IP stack does not support manual
> > reinstallation.
>
> it does: sc config IPSec start= system

Please explain this. M$ says it can't be done, but you say it can be done.
Do you have anything I can read for guidance? It sure would save me heaps of
work!

> >any suggestions?
>
> yes, do not install PGPnet.

I did not.

xganon

unread,
Jun 6, 2002, 8:46:13 AM6/6/02
to
"Tom McCune" <NoS...@CheckMyWebSite.com> wrote

> You should read the fourth paragraph of this section:
> http://www.McCune.cc/PGPpage2.htm#Version
>

> Your specific problem is because you

> installed the PGPnet component.

I did *not*! I specifically installed PGPkeys _only_. I had already read a
few warnings here about the extended PGP functions and hooks into programs,
and I deliberatly excluded those. Why do you assume things about what I did?

> Don't blame PGP (or any other software package) when

> you have a problem because you choose to

> install software on an operating system it is

> not designed for.

I'm not blaming PGP, just the fact that there are inadequate warnings about
consequences. That's why I posted my warning, for future hopefuls like me.

I notice no-one has come forward with alternatives yet ....


Anonymous User

unread,
Jun 6, 2002, 9:45:31 AM6/6/02
to
"Tom McCune" <NoS...@CheckMyWebSite.com> wrote

> You should read the fourth paragraph of this section:
> http://www.McCune.cc/PGPpage2.htm#Version
>

> Your specific problem is because you

> installed the PGPnet component.

I did *not*! I specifically installed PGPkeys _only_. I had already read a

few warning here about the extended PGP functions and hooks into programs,


and I deliberatly excluded those. Why do you assume things about what I did?

> Don't blame PGP (or any other software package) when

> you have a problem because you choose to

> install software on an operating system it is

> not designed for.

I'm not blaming PGP, just the fact that there are inadequate warnings about

consequences. That's why I posted my wanrning, for future hopefuls like me.

Paul B. Johnson

unread,
Jun 6, 2002, 11:10:55 AM6/6/02
to
xganon <nob...@xganon.com> wrote:
> <disa...@saiknes.lv.NO.SPaM.NET> wrote
>
> > Anonymous User wrote:
> > > the TCP/IP stack does not support manual
> > > reinstallation.
> >
> > it does: sc config IPSec start= system
>
> Please explain this. M$ says it can't be done, but you say it can be done.
> Do you have anything I can read for guidance? It sure would save me heaps of
> work!

If one installs PGPnet it disables Windows' built-in IPsec service in
order to install its own service. Apparently Windows XP (as opposed to
previous versions of Windows) cannot work without its own IPsec service
running. Someone in this situation does not need to reinstall the
TCP/IP stack, just reactivate the Windows IPsec service. Thus the
procedure is to uninstall PGPnet, then type the above command at the
console, then reboot.

> > >any suggestions?
> >
> > yes, do not install PGPnet.
>
> I did not.

Be careful, if you execute the above command and it fixes your machine
then it proves that you, in fact, *did* install PGPnet. :-)

If, in fact, you did not install PGPnet and PGP hosed your networking
then you would be the only person in the world in this situation and I
don't know if anyone can help you.

Paul

Anonymous User

unread,
Jun 6, 2002, 11:14:21 PM6/6/02
to
"Paul B. Johnson" <v7jn2s...@sneakemail.com> wrote

> If, in fact, you did not install PGPnet and PGP hosed your networking
> then you would be the only person in the world in this situation and I
> don't know if anyone can help you.

My bad. Mea culpa. I now find the problem was caused not by PGP, but by
Mcafee Firewall, which fouls up ftp because it hooks up into the IP stack. I
used an article from M$ to re-install the IP stack and it reported:

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000.

bad value was: REG_MULTI_SZ = McAfeePF

reset Linkage\UpperBind for
PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\3&61AAA01&0&50. bad value was:
REG_MULTI_SZ = McAfeePF

That change allowed ftp to go ahead. So I then installed ZoneAlarm Pro for
my firewall, and the first time I ran CuteFTP it asked me if I wanted the
pgm to access the internet, I said yes, and away we went! McAfee did not do
that, just hammered the ftp function. Meanwhile I'd uninstalled PGP ...
before I put it back, I'd like to stay with my old Preston Wilson 5.5.3a
version. Can I? I only ever use it to do remailing and encrypt files
manually. I hook it into no programs.

Anonymous Poster

unread,
Jun 7, 2002, 12:32:18 AM6/7/02
to

"Paul B. Johnson" <v7jn2s...@sneakemail.com> wrote in message
news:3cff7...@nopics.sjc...

> If one installs PGPnet it disables Windows' built-in IPsec service in
> order to install its own service. Apparently Windows XP (as opposed to
> previous versions of Windows) cannot work without its own IPsec service
> running.

Not true. Another IPSEC Client will disable the service and take over, ie. SSH
Sentinel does this and XP runs fine. I think it's just that *PGPnet is not
supported in XP*.

AP


Bill Laut

unread,
Jun 13, 2002, 12:00:54 AM6/13/02
to
xganon wrote:

> Be warned!! I downloaded PGP 7.0.3 Freeware and installed it with XP (no
> warnings anywhereI). Result? I can't FTP files to my servers anymore! PGP
> has hosed the TCP/IP stack, and the TCP/IP stack does not support manual
> reinstallation. Hello total re-install of WinXP, goodbye 2 days of my
> time. And goodbye PGP too. There must be something better which will work
> with XP -- any suggestions?
>

Suggestions? Here's one: Try reading the End User License Agreement
(EULA) for XP. Buried in the legalese you'll find a sentence in which you
explicitly give Microsoft the *right* to download software updates and/or
otherwise remotely access your PC without your prior knowledge or approval.
If Microsoft is demanding that right, then it's a safe bet that XP is
riddled with Microsoft-authored spyware engineered to let them have
unrestrained access to your PC at any time (it is in the EULA). Therefore,
as long as you insist on running XP the concept of encryption as security
is moot because you have no assurances from Microsoft that your passphrases
and/or decryption keys won't be "harvested" by some black hat.

If you really want security, I suggest you consider using Linux to access
the Internet, along with GPG to do your encryption stuff. Properly
configured, Linux is the closest thing to "impenetrable" that I've seen.
If you must have something from Microsoft, then I suggest you switch to
either W2K or even W98se and then install a GOOD firewall to block all
incoming TCP connection requests and/or UDP datagrams.

Additionally, you may want to consider installing Linux so that you can use
its Tripwire software to cryptographically fingerprint all of the Windows
system files. Then, if Windows gets a virus you can boot Linux to use
Tripwire to identify the infected files and replace them from backup.

--
Bill Laut

PGP public key - www.i2k.com/~laut/pgp/dh_3072.asc
Fingerprint - 0A64 07B2 1F45 B823 ABD5 CD54 DEB8 3ED3 AC9E 8EB8

Other encryption and signing keys -- www.i2k.com/~laut/pgp/

0 new messages