.KEYWORD datagator
.FLYINGHEAD PRODUCT REVIEW
.TITLE DataGator offers encryption protection for your sensitive data
.OTHER
.SUMMARY Security is an enormously important issue for handheld enterprise computing. Is the encryption power of JAWZ DataGator the security solution we’ve been waiting for? Read Claire Pieterek’s review to find out.
.AUTHOR Claire Pieterek
One reason some corporations are hesitant to supply and support Palm devices is the potential of data theft. Palm devices are much smaller and easier to lose than a laptop. A stolen Palm computer loaded with even a modicum of proprietary sales, inventory, or other information could be worth a lot to a competitor.
I have seen questions on the Palm computing newsgroups asking if there’s a program that will reformat a Palm device’s flash automatically if someone fails to enter the password correctly after a certain number of tries or after the Palm device in question hasn’t been used for a certain number of days. While JAWZ DataGator won’t reformat the flash, it can keep unauthorized people out of your Palm computer-based data.
.H1 Encryption protection
JAWZ DataGator (at http://www.jawzinc.com) comes in two versions: Standard and Professional. The Standard version protects only the big four built-in Palm applications (Address, Date Book, Memo Pad, and To Do List) as well as the Expense and Mail applications. The Professional version, on the other hand, can encrypt data in all applications.
I was provided a two-week trial version of the Standard edition, with 448-bit Blowfish encryption. There’s also a 168-bit Triple DES version. Blowfish performance is said to be about twice as fast as Triple DES, but I couldn’t verify this independently.
The price of the Standard edition is $39.95, and the price of the Professional version is $49.95. If DataGator interests you, it’s probably worth the extra $10 for the Professional version, especially if your information is in third-party databases, such as a DOC file, or one that synchronizes to a major production database, such as DB2 (at http://www-4.ibm.com/software/data/db2/) or Sybase (at http://www.sybase.com).
.H1 Installation
DataGator installation is easy. The setup program will take care of almost everything for Windows users, but Linux and Mac users must use the Palm Install program (or its equivalent) to prepare the DataGator files for synchronization. About the only thing you need to know is what Palm OS version your Palm device is using.
Next time you HotSync, five files are installed: HackMaster, JAWZ BigNumlib.pdb, JAWZBlowfishlib.pdb, JAWZDataGator.prc, and JAWZGator.prc, as shown in Figure A.
.FIGPAIR A These are the files that need to be installed.
A sixth file, a filter database called JAWSFilterDB, is created on the Palm device and contains information about what you want to have encrypted.
If you already have a license for HackMaster, you needn’t reinstall it. Be careful to note the documentation is clear that the version of HackMaster provided with DataGator is limited for use with DataGator only. My advice? Spend the $5 and buy a licensed version of HackMaster. There are many different and useful hacks you can try if you haven’t done so already.
In order to activate DataGator on your Palm device, the first thing you’ll have to do after synchronizing its files is to go into HackMaster and activate it by tapping the checkbox next to JAWZ DataGator. This is pictured in Figure B.
.FIG B In HackMaster, tap the checkbox next to JAWZ DataGator.
.H1 Configuring DataGator
Most of DataGator’s configuration is done through the regular Palm OS Security application. You’ll notice the added "JAWZ Security Manager" button toward the bottom of the Security screen, as shown in Figure C.
.FIG C Tap the JAWZ Security Manager button to configure DataGator on your Palm device.
You might encounter a button labeled JAWZGator in the Unfiled category of your launcher screen. This button doesn’t do anything, and I’m not sure why it’s there. It’s pictured in Figure D.
.FIG D You may notice the JAWZGator button in your Unfiled category; just ignore it.
The JAWZ Security Manager button will take you to a number of options. Here is where you can defeat most of the security that DataGator provides. It would be beneficial if "Are you sure?" messages would pop up if any one of the three selected check boxes in Figure E were unchecked.
.FIG E Configure DataGator in the JAWZ Security Manager.
.H1 Issues
The biggest potential problem with DataGator is the same problem you’ll find with any security application, whether it’s on your Palm device, your PC, or someplace else. If it isn’t easy to use, users will find ways around it. How many of us see people with Post-it notes on their PC screens, listing their passwords? How many of us know our colleagues’ passwords? They usually use their spouse’s name, their kid’s name, their dog’s name, or something else that’s easily guessed. How many of us have worked in places where card access was required, in theory, but the door was routinely blocked open? Many IT professionals can tell you all kinds of horror stories about well-intentioned security procedures defeated by people who just wanted to get their work done.
DataGator is somewhat intrusive, and there are a number of idiosyncrasies. For example, DataGator prefers all applications to be shut down before you turn off your Palm device. For me, this required pressing my Palm V’s off button twice, since it considers my third-party launcher an application that needs to be closed. This is one of those features I could live without.
DataGator also displays your password in clear text as you use Graffiti to enter it. This has been a criticism of the Palm OS’s built-in Security, so that’s nothing new. It would be nice to have an option to mask the password as it’s entered.
What about synchronized or beamed data? The readme file shipped with DataGator says, "By default, JAWZ DataGator will decrypt records before they are HotSynced or beamed to another device. This avoids interference with the operations of the PC software or the other Palm device." True, but that also means DataGator leaves the data wide open on the PC side, which has also been a criticism of Palm Desktop.
Currently, DataGator is available for North American users only (according to information at PalmGear), due to its strong encryption. I was under the impression that strong encryption was now exportable to the countries who have signed the Wassenaar Arrangement. These countries are Argentina, Austria, Australia, Belgium, Bulgaria, Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxemburg, the Netherlands, New Zealand, Norway, Poland, Portugal, Romania, Russia, the Slovak Republic, South Korea, Spain, Sweden, Switzerland, Turkey, Ukraine, the United Kingdom, and the USA. If you work in any of these countries or if you work for a multinational organization, you may want to check with JAWZ to determine whether or not they’ll be able to deploy this application internationally.
Although it’s well-designed and well-intentioned, I can’t fully recommend DataGator at this time. The lack of a companion application for desktop encryption is a major flaw that JAWZ should have been well aware of if they were monitoring the Palm computing newsgroups. Also, the price of the Standard edition is a little bit steep for protecting only the built-in applications. Security is an enormously important issue for handheld enterprise computing. DataGator shows signs of heading in the right direction, but it’s not the ultimate solution we’ve been waiting for.
.BEGIN_SIDEBAR
.H1 Product availability and resources
For more information on DataGator from JAWZ, visit http://www.jawzinc.com.
For more information on DB2, visit http://www-4.ibm.com/software/data/db2/.
For more information on Sybase, visit http://www.sybase.com.
For more information on PalmGear, visit http://www.palmgear.com.
For more information on the Wassenaar Arrangement can be found at http://www.wassenaar.org and at http://www.gilc.org.
For more information about Palm computers, visit http://www.palm.com.
.H1 Bulk reprints
Bulk reprints of this article (in quantities of 100 or more) are available for a fee from Reprint Services, a ZATZ business partner. Contact them at reprints@zatz.com or by calling 1-800-217-7874.
.END_SIDEBAR
.BIO
.DISCUSS http://powerboards.zatz.com/cgi-bin/webx?50@@.ee6ef57
