LockLizard White Paper Sample

2. Does your PDF security supplier have a background in content security or are you purchasing from a one man band or affiliate scheme?

A lot of companies out there claim their products are secure yet use weak encryption or don't publish their security mechanisms. The majority have no data or content security experience. A lot of eBook 'security' software on the market is affiliate software that is re-branded for different organizations to sell as their own. If the company you are considering does not demonstrate any security credentials, then ask yourself whether you can really be certain that your content will be kept secure - you might want to look elsewhere.

3. Be careful about arguments that plug-ins are a lot safer than executable programs.

Because a plug-in inherits all the power and authority of the program it is loaded into, then you have to be just as confident about the provenance of the plug-in as you do about an executable. But your testing could be a whole lot harder because you can’t evaluate a plug-in unless you load it into its host program and then you don’t know if you are observing the actions of the plug-in or the host.

Make sure that people absolutely cannot load their own plug-ins into the master program. Because if they can, then they can get around the security that is being applied. Plug-ins run on the honor system. But, unfortunately, it seems that whilst people love honor, they love money more.