Change Details

Since most of support issues in GpgOL are related to Addins, especially Symantec. We should improve how we handle these situations as this can lead to plaintext leaks. We have to make clear that all other addins have the same access to plaintext as written under: https://gnupg.com/vsd/security.html Since there is no definition what third party software may be installed on a VS-NfD compliant system we should raise awareness that end to end encryption is bypassed if you have Addins installed which then send decrypted contents to a "clould" for "analysis". dd3ff8397aaf62e58fa9405ddc5397cb6bcfdc29 helped so that one addin / configuration combination did not leak plaintext any longer, but this caused other issues like T6676. In my opinion it would be best to clearly communicate that GpgOL might not work correctly with these Addins installed. Like a message box: "GpgOL has detected the incompatible addin XY". This can cause stability and security issues which are not under the control of GnuPG VS-Desktop. Keeping both enabled increases the risk that plaintext is leaked or that stability problems occur and is not recommended." [Disable GpgOL] [Disable XY] [Keep both enabled] And then a registry key that would disable this warning for environments with central Administration. Assuming that in these cases the Administration knows what they want.

Since most support issues related to GpgOL are linked to add-ins, particularly Symantec and anti-virus add-ins. We should improve how we handle these situations, as this can lead to plaintext leaks in the worst-case scenario. It is essential that we clearly communicate that all other add-ins have the same access to plaintext as stated on our website at https://gnupg.com/vsd/security.html. However, there is no clear definition of what third-party software may be installed on a VS-NfD compliant system. Therefore, it is crucial to raise awareness that end-to-end encryption can be bypassed if add-ins are installed and then send decrypted contents to the cloud for analysis. Anti-virus software has access to attachments before they are opened since they are extracted as files. So in my opinion, having them run in the UI thread of Outlook, where they can block and significantly reduce the UX, is not necessary. The workaround dd3ff8397aaf62e58fa9405ddc5397cb6bcfdc29 was implemented to resolve a plaintext leak caused by one add-in/configuration combination, but it caused new issues {T6676}. And there is no guarantee that a change / update in a third pary addin might change the behavior again. In my opinion, it would be best to clearly communicate that GpgOL might not work correctly with these add-ins installed. In that case it would be better for security to disable GpgOL altogether so that users must use unencrypted mails with encrypted attachments. A message box could be displayed: "GpgOL has detected the incompatible addin XY". This can cause stability and security issues that are outside of our control. Keeping both enabled increases the risk of plaintext leaks or stability problems and is not recommended." [Disable GpgOL] [Disable XY] [Keep both enabled] Additionally, a registry key could be created to disable this warning for environments with centralized administration. Assuming these environments have the necessary expertise to make informed decisions about their add-in configurations.

Since most of support issues inrelated to GpgOL are related to Addins,e linked to add-ins, particularly Symantec and anti-virus add-ins. especially Symantec.We should improve how we handle these situations, We should improve how we handle these situations as this can lead to plaintext leaks. We have to make clearas this can lead to plaintext leaks in the worst-case scenario. It is essential that we clearly communicate that all other addins-ins have the same access to plaintext as written under:stated on our website at https://gnupg.com/vsd/security.html. However, there is no clear definition of what third-party software may be installed on a VS-NfD compliant system. Therefore, it is crucial to raise awareness that end-to-end encryption can be bypassed if add-ins are installed and then send decrypted contents to the cloud for analysis. Anti-virus software has access to attachments before they are opened since they are extracted as files. So in my opinion, having them run in the UI thread of Outlook, where they can block and significantly reduce the UX, is not necessary. Since there is no definition what third party software may be installed on a VS-NfD compliant system we should raise awareness that end to end encryption is bypassed if you have Addins installed which then send decrypted contents to a "clould" for "analysis". dd3ff8397aaf62e58fa9405ddc5397cb6bcfdc29 helped so that one addin / configuration combination did not leak plaintext any longer,The workaround dd3ff8397aaf62e58fa9405ddc5397cb6bcfdc29 was implemented to resolve a plaintext leak caused by one add-in/configuration combination, but it caused new issues {T6676}. And there is no guarantee that a change / update in a third pary addin might change the behavior again. In my opinion, it would be best to clearly communicate that GpgOL might not work correctly with these add-ins installed. but this caused other issues like T6676.In that case it would be better for security to disable GpgOL altogether so that users must use unencrypted mails with encrypted attachments. A message box could be displayed: In my opinion it would be best to clearly communicate that GpgOL might not work correctly with these Addins installed. Like a message box: "GpgOL has detected the incompatible addin XY". This can cause stability and security issues whichthat are not under the controloutside of GnuPG VS-Desktopour control. Keeping both enabled increases the risk thatof plaintext is leaked or thats or stability problems occur and is not recommended." [Disable GpgOL] [Disable XY] [Keep both enabled] And thenAdditionally, a registry key that wouldcould be created to disable this warning for environments with central Aized administration. Assuming that in these cases the Administration knows whaese environments have the necessary expertise to make informed decisions about they want.ir add-in configurations.