<a href="http://www.vnunet.com/News/1134871">http://www.vnunet.com/News/1134871</a><br /><br />Pocket PC 2002 devices got a boost in security features over the Pocket PC 2000. They center primarily around device access with a power on password, which also protects the data if you try to access it from a PC via an ActiveSync connection. But at least one Gartner analyst disagrees. "Analyst Gartner has slammed Microsoft's Pocket PC 2002 handheld operating system (OS) as unsuitable for enterprise computing, warning that it lacks even basic security features."<br /><br />There is room for improvement in the Pocket PC's security model, no question. There is room for improvement in every OS's security model. But "unsuitable for enterprise computing?" Come on! True, you cannot lock down a Pocket PC like you can a desktop yet, but does that make it unsuitable? Do you have any clue how many enterprises still use Win98/ME? Talk about unsecure. If you have the need for high security, you still have to tweak Win2K Pro/WinXP Pro to get that high level of security. With a Pocket PC you can get much of that security with third party addons.<br /><br />The bottom line is the Pocket PC currently has one of the best, if not the best, security models around for a handheld. Set a password on your Pocket PC 2002 and do a soft reset. Now, put in the wrong password about 5-6 times. Pretty cool eh? I doubt anyone will be guessing your password before the contents are so obsolete as to be worthless.

I doubt anyone will be guessing your password before the contents are so obsolete as to be worthless.

I don't have 2002, but this doesn't exactly sound like a "try this at home" thing. What's it do anyway? :?

I don't have 2002, but this doesn't exactly sound like a "try this at home" thing. What's it do anyway? :?
It won't harm your data. Each time you guess wrong after the first 3-4 tries. the PPC mandates you must wait a few seconds longer before accepting your next guess. After 15-20, the wait gets long and evenutally would be hours between tries. Very effective against brute force attempts assuming your passkey isn't something simple like the year of your birth, last 4 digits of your SS#, etc. that a thief might know.

Personally I think the security on my pocket pc is good enough. I rely on the standard password system because imo it is indeed protected enough against brute force hacking.

What kind of third party apps do you guyz use for security ?

I'll never forget last year around this time when I was flying home from Comdex. I was using my Jornada on the plane and thought "you know, I have a lot of personal info on here like my MS Money files, etc. ... maybe I should password protect it". I set a 4 digit PIN and then fell asleep on the flight. When the flight landed, I got off the plane and FORGOT my PDA in the seat pocket. After returning to my seat 10 minutes after getting off the plane, my Jornada was gone forever, stolen by the cleaning crew. :(

I know for my purposes (i.e. peace of mind regarding my personal data), the PPC security was worth its weight in gold ... assuming we calculate the weight of the person who coded the security routine. :)

I did the beta series for SFR (a German developer) of their image-based password program. While the betas were a bit stressful (forget your password tap-point series and a hard reset is inevitable!), the end product is pretty solid. However, I don't work for anyone else, and no one except my kid has access to my devices, so I don't use a password of any kind. Nothing to hide anyway. If there were, I'd more likely be encrypting individual data files rather than locking the device. And with a hard reset making a stolen or lost PPC usable as-new, I'd frankly rather have my name and address accessible!
http://www.viskey.com/viskeyce/index.html

I find this article hard to take. Why didn't they consider 3rd party utilities that offer encryption and additional security over the whole system. Further there are utilities like Tweaks 2k2 which offer the ability to not allow users to install apps.

Further throwing in the red herring about the Palm OS 5 offering this security and then not pointing out the lack of security in the Symbian OS makes me believe that this article is biased. Further the article should be beating up every smart device out there since they all contain data we want kept confidential.

Overall the important point I take away from an article like this is that users need to use security to be secure. They cannot depend on anyone else to do it for them.

What kind of third party apps do you guyz use for security ?
I use the PPC built in security and then keep my most sensitive info in a 128bit encrypted ewallet file with an insanely long password.

Also, see http://www.pocketpcthoughts.com/forums/viewtopic.php?t=1499 for other common sense no-no's, like storing anyting sensitive on a CF card.

I use the PPC built in security and then keep my most sensitive info in a 128bit encrypted ewallet file with an insanely long password.
And that password wouldn't be "In5aNe1Y-Lo|\|g_pa$Sw0rD" would it? ;)

And that password wouldn't be "In5aNe1Y-Lo|\|g_pa$Sw0rD" would it? ;)
Dang it! Now I have to go and create another one. :bad-words:

I find this article hard to take. Why didn't they consider 3rd party utilities that offer encryption and additional security over the whole system. Further there are utilities like Tweaks 2k2 which offer the ability to not allow users to install apps.


I don't fault Gartner for this since they wrote a report on the Pocket PC and not Pocket PC + 3rd party applications, but I wonder why vunet didn't see fit to point out availability of 3rd party security applications? Especially since they tossed in the blurb on OS5's encrypted filesystem capability and the nebulous statement on future security additions to Symbian devices.

However, I have to agree with Gartner. I don't think the Pocket PC -- sans 3rd party applications -- is suitable for the enterprise. The few security features that it does have are not turned on out of the box. That being said, any enterprise-level company that deploys any mobile device without considering the security implications has only themselves to blame if they get hosed... it is not the fault of Microsoft or the Pocket PC OS.

I don't think Gartner would sell many reports if they didn't stir the pot every now and then. ;)

Overall the important point I take away from an article like this is that users need to use security to be secure. They cannot depend on anyone else to do it for them.

Exactly. Outside of OpenBSD I can't think of anything that I could point to and say "Right out of the box, this is secure."

And with a hard reset making a stolen or lost PPC usable as-new, I'd frankly rather have my name and address accessible!
http://www.viskey.com/viskeyce/index.html

My PocketPc is password protected, but when I turn it on there is a message displayed with my adress and stuff, so people can still return it. This is standard in PPC2002.

However, I have to agree with Gartner. I don't think the Pocket PC -- sans 3rd party applications -- is suitable for the enterprise. The few security features that it does have are not turned on out of the box. That being said, any enterprise-level company that deploys any mobile device without considering the security implications has only themselves to blame if they get hosed... it is not the fault of Microsoft or the Pocket PC OS.


There isn't a single Microsoft OS that is secure right out of the box. On a Windows 2000 server, the default file system security is Everyone - Full Control.

I agree with your statement about any Enterprise computing. companies need to do their homework, to ensure that their security needs are met. I think for the average company, you can make it as secure as you need to with the tools available. The only thing missing is secure email (i.e. SSL IMAP and encryption/digital signatures.)

There isn't a single Microsoft OS that is secure right out of the box.
True - but Linux isn't secure out of the box/download either. You need to work to properly secure ANY OS.

How about instead of FAT32 for a file system on removable storage MS gets off their butts and implements NTFS support, ACL's, and encryption. Right now as it stands there is NO security, out if the box, on CF cards. Better yet how about group policies that would allow me to restrict what some "its my device so I can put what I want on it" user installs on their system. Right now the Pocket PC is as secure as Windows 9x which isn't saying a whole heck of a lot.
Ya know maybe its me watching to many x-files episodes but I'm getting seriously paranoid about MS. I'm thinking they are intentionally making products that lack lacking major features just so users have a reason to upgrade in the future.