<div class='os_post_top_link'><a href='http://www.informit.com/articles/article.asp?ss=tps&p=337069' target='_blank'>http://www.informit.com/articles/article.asp?ss=tps&p=337069</a><br /><br /></div><i>"One of Microsoft's most important initiatives is the Windows Mobile platform. Windows Mobile is powered by Windows CE, which is a stable, efficient, truly multitasking operating system offering nothing less than a full, miniaturized version of Windows 2000. In short, it's a masterpiece. <b>Unfortunately, Windows CE was designed without security.</b> In addition, virus writers have created the first virus for Windows CE, known as WinCE4.Dust, as proof of concept."</i><br /><br /> <img src="http://www.smartphonethoughts.com/images/wincedust02.jpg" alt="User submitted image" title="User submitted image"/> <br /><br />informIT has published the first part of its three part series that discusses development of viruses for the Windows Mobile platform. The article sheds light on the <i>WinCE4.Dust,</i> the first known Windows CE virus to run on ARM-based devices running Windows Mobile Pocket PC. Microsoft Smartphones are based on the same Windows CE platform as the Pocket PCs. The main difference between the Pocket PC and Smartphone being the User Interface layer. And we all know that viruses have minimal or no user interface, so a virus written for a Pocket PC Phone Edition can be easily modified to propagate on Smartphones. The mobile devices have access to the internet via the cell phone network or through Wi-Fi. This along with the (unprotected) E-Mail and SMS programming capabilities built into the OS makes them a very attractive target for virus writers. And we must not forget that most of the virus writers create viruses because they see it as a challenge. The Smartphone territory has not yet been explored. So are we safe? For how long? One of my concerns is a virus that utilizes the Over-the-Air device configuration SMS messages to corrupt the phone's settings. Also unlike the desktop viruses, the mobile device virus can inflict direct financial losses by sending a large number of SMS messages or creating unnecessary network traffic and thereby going over the usage limits that the user has subscribed to. What are your thoughts and concerns? What can we do to protect ourselves? What can Microsoft do to improve the security on the Windows Mobile platform?

Microsoft has introduced the concept of Privileged API (Application Programming Interface) on the Smartphones. Programs that require access to the cell phone network or send SMS/E-Mail must have a special certificate. The certificate is issued by the carrier or a universal authority after having verified the authenticity of the application and its writer. But unfortunately on most Smartphones in the market, the users either themselves remove the restriction or the carrier/vendor have released the phones with this feature disabled.

Microsoft will have to improve the usability of the concept (the certification process has to be simplified and made less costly) and the users will have to develop an understanding for the concept.

I agree with Kris.

It's already there... it's just a matter of it being accepted.

Carlo

This thread (http://www.smartphonethoughts.com/forums/viewtopic.php?t=5761) (and the subsequent link article) should help to shed some light on what Microsoft has done to help protect us and our devices.

I think this is an area where I think (hope) that Microsoft has planned ahead and taken steps to curb the spread of a virus across the mobile platform.