Using zip archives to compress and transfer files has become such a standard part of everyday computing that the notion of using the same tools for security should come easily to most users.
Zip software has offered password protection for several years, although early versions offered merely token resistance to attack. Now, software such as SecureZIP from PKWARE (the inventors of zip) employ full-blown encryption – AES and 3DES in this case.
SecureZip has several security features which are of particular appeal to enterprise environments – specifically, support for digital certificates which allow archives to be created for only specified recipients.
In an LDAP or PKI environment with certificates in use already, this snaps in smoothly and efficiently and, coupled with email integration, you have a secure means to move files around, with a shallow learning curve for your users.
Not, however, to digitally sign and encrypt email bodies. And the software is surprisingly unhelpful on the topic of adding certificates into the Windows certificate store.
Admittedly, this is not Secure-ZIP's job, but providing at least guidance for users would be nice. Not everyone is adept at configuring and managing certificates.
Integration with anti-virus is also a plus – the software can be configured to call an external anti-virus scanner before extracting files. This is a winner, mainly because anti-virus software is unable to look inside strongly encrypted files.
The interface for configuring the anti-virus element is a bit clunky, however, and highlights the need for a standard set of virus-scanning APIs.
Our continued concern with secured zip files is that by default the list of file names is available, even if the file contents are not, which may yield information that extra-paranoid organizations would prefer to remain secret.
The extra features are what give SecureZIP the edge over the many other zip solutions (many of them free) that are available.