Log in

View Full Version : Why Was WiFi Removed From ActiveSync 4.x?


Ed Hansberry
11-10-2006, 03:00 PM
<a href="http://blogs.msdn.com/windowsmobile/archive/2006/11/08/wifi-did-you-do-that.aspx">http://blogs.msdn.com/windowsmobile/archive/2006/11/08/wifi-did-you-do-that.aspx</a><br /><br /><i>"Having survived explaining why the X button doesn’t close apps, I’ve been emboldened to take on the completely radioactive subject of why WiFi ActiveSync was removed from ActiveSync 4. I’m sure that I won’t come out of this one unscathed. The people affected by this are really angry. And, though I didn’t have anything to do with the decision, I’m guessing that you’re going to take your frustrations out on me anyway. But, hey, someone needs to explain why these things happen. That someone might as well be me."</i><br /><br />Mike Calligaro goes on to give a history lesson of how ActiveSync got the ability to do WiFi, but I am not sure it is accurate. He makes it sound as if WiFi was an extension of Ethernet and Ethernet came about shortly after USB, which was the successor to serial. The problem with that chronology is even ActiveSync's predecessor, Windows CE Services, allowed network connections. I used to plug my modem into a Philips Nino 320 and dial into our network at the office. The Nino would find my logged in PC just fine and synchronize over a blazing 19,200 modem connection. 8O It also worked when AS 3.0 came out. It seems network connections were there from at least the days of Windows CE Services 2.x. I don't think WinCE Services knew the difference between a modem and Ethernet card from a client perspective, it just happily allowed TCP/IP connections from the outside.<br /><br />Anyway, it gets back to security. ActiveSync doesn't encrypt data with the desktop like it does with Exchange Server, so someone could steal your data as it was being transmitted, and you simply cannot be trusted to make a decision on that. You can turn off your firewall in Windows. You can choose not to install antivirus software and antispyware software. You can turn off Automatic Updates. You can disable the antiphishing filter in your browser. You can run around your house nekkid with scissors, but the one thing you absolutely, positively cannot do is sync with your PC in your kitchen from the bedroom because someone might be in your basement lurking stealing your data, or if you are in a small office, you can't sync with your PC in your office from the conference room because one of the five people you work with might be listening in on that transmission, and heaven forbid you are at Starbucks and initiate an encrypted VPN connection to your home PC and sync through that secure connection.<br /><br />Wait. Two things you can't do. You can't be allowed to close applications in less than 7 taps. I'm sorry, but to date, I still haven't heard a valid reason to totally rip out this feature in ActiveSync. I can understand it being missing from ActiveSync 4.0, as for the most part, that was a rewrite and some things didn't make it in, like device backup. However, that was over a year ago. You can't even wirelessly sync with your Windows Vista machine unless it is via bluetooth from 30 feet away. It simply isn't a priority. I guess if wireless syncing is important to you, you need to stick with ActiveSync 3.8 (which, by the way, has been removed from Microsoft's site) and a WM2003SE device, or install Exchange Server. :?

Brad Adrian
11-10-2006, 03:27 PM
You mention (in passing) synching with Vista via Bluetooth... Don't most people have a lot of trouble getting Bluetooth synching to work? Or, has that somehow improved with Vista?

Jason Lee
11-10-2006, 04:00 PM
You mention (in passing) synching with Vista via Bluetooth... Don't most people have a lot of trouble getting Bluetooth synching to work? Or, has that somehow improved with Vista?

I used to have trouble first getting a bluetooth sync up and running but that was with the widcomm stack. It is soo easy with a device using the MS stack.

I wonder if removing wifi sync has anything to do with direct push being available and the carriers getting to charge for that data?

ppcinfo
11-10-2006, 04:26 PM
I wonder if a 3rd-party application could be created to allow for syncing over a network? A small "syncing" application would run on a Desktop PC on a network, and a small application on the Mobile Device to connect and do the syncing of appointments, contacts, tasks, etc. Does such an application exist currently?

ppcinfo

SteveHoward999
11-10-2006, 04:30 PM
So did I miss something here? I only synched wirelessly when I was at home, using my home wireless network to access my laptop directly. Neither the laptop or the pda would access the web to achieve this. At least ... not so far as I was aware.

If I had set things up so that I could wirelessly sync with my laptop from any access point through vpn or whatever then I could see the point of all this panic about insecure connections etc.

Or am I showing my ignorance here?

x51vuser
11-10-2006, 05:46 PM
It does not make sense .....
If syncing over WiFi was removed because data is not encrypted so it should be also removed over Bluetooth.
Is sync over Bluetooth encrypted ?

Janak Parekh
11-10-2006, 05:57 PM
Is sync over Bluetooth encrypted ?
Well, the argument is that a) Bluetooth encrypts the connection and b) it's serial, so someone can't tap over IP and watch the traffic going by.

Anyway, Ed - I agree with you. Here's a simple fix to half his argument: prevent AS 4.x from doing LAN/WiFi sync outside the local subnet. That will solve 50% of security issues.

As for the other 50%, I am utterly unconvinced that implementing encryption is so extremely hard. The Pocket PC already has SSL support, as does the desktop. Are you telling me that building an infrastructure to exchange certificates is infeasible? I can't believe I'm saying this, but at this point I'd prefer if Microsoft just honestly came out and said "this is not a priority for us, we don't care what you want, it's not coming back". The whole AS WiFi discussion has become a farce.

--janak

mscdex
11-10-2006, 05:57 PM
Can't even sync over wired Ethernet. :roll:

Sven Johannsen
11-10-2006, 06:45 PM
Can't even sync over wired Ethernet. :roll:yup, it's IP sync that went away, not just WiFi sync, though that is the common manifestation. Wired Ethernet sync loss will be noticed less and less as fewer and fewer devices support CF or PCMCIA slots for network adapters.

Jason Dunn
11-10-2006, 07:15 PM
While I admire Mike for his courage to tackle this issue, the end result is the same: in the insular, myopic Microsoft world where everyone has unlimited GSM/CDMA data connections, and everyone syncs against an Exchange server, and no one installs third party apps that need files that sync back to the desktop...this isn't a problem at all, so why would they fix it? :?

Airscanner
11-10-2006, 07:46 PM
Ironically, disabling wifi sync actually created a security nightmare, at least for a little while. Seth Fogie wrote a bit about it here:

http://airscanner.com/downloads/airfix/airfix.html

His freeware tool at least allows you to use a remote debugger now. But you're still out of luck for wifi sync :(

Brad

PPCRules
11-10-2006, 07:52 PM
I was amused as Mike spoke of the ActiveSync 'team' (which to me connotes more than one person). As Ed points out above, it's been over a year now since AS4. What developments HAS this supposed 'team' delivered in that time? And extrapolating from that, it doesn't matter where 'secure' WiFi sync is on the to-do list, it isn't going to ever be worked on (or, at least not until someone else does come up with a thrid party solution).

So I suspect this 'team' is just developers from other areas who are pulled together as needed when something comes up that is deemed a priority.

CTSLICK
11-10-2006, 08:07 PM
Why one would try to defense the indefensible is beyond me.

The conspiracy theorist in me says that ActiveSync will not become a priority for MS until they can sell it as a service. The possibility of selling ActiveSync as a service moves closer with the growth of higher speed connectivity (EVDO etc) for connected devices, the decline in sales (and availability) of non-connected devices and the advent of Office Live. Exchange Servers for everyone...if only via Microsoft Online. Google is missing an opportunity here.

davea0511
11-10-2006, 08:14 PM
Why one would try to defense the indefensible is beyond me.
I couldn't agree more. It's insulting for him to explain why his "team" understands our needs and risks far more than we ourselves do - especially when all he's doing is covering up the fact that they're really just taking the easy/lazy way out of the potential wifi-security problem: by crippling wifi instead of encrypting the active-sync data.

Next time I want a condescending slap in the face I'll go to the argument clinic. Same thing.

davea0511
11-10-2006, 10:41 PM
I'd also like to add. Why can't they respect us enough to at least give us the option - including a little warning that wifi leaves our data exposed? That's what HTC is going to do with the "close button" issue. You can toggle that feature in the settings.

At least that shows a little respect for their clientelle. That's where I go wrong though isn't it? Thinking they might respect their clientelle ... the gullible fool that I am ... that we all are each time we buy microsoft software.

T-Will
11-10-2006, 10:43 PM
You can run around your house nekkid with scissors, but the one thing you absolutely, positively cannot do is sync with your PC in your kitchen from the bedroom because someone might be in your basement lurking stealing your data...

"im in ur basement stealing ur unencrypted datas" :lol:
http://img.photobucket.com/albums/v64/t-will/Forums/stealinginternet.jpg

T-Will
11-10-2006, 10:52 PM
Is there a way to setup Bluetooth sync where when you walk into the room with your computer, it detects the Smartphone/Pocket PC and automatically connects and initiates a sync?

BevHoward
11-10-2006, 11:02 PM
small tech point here...

wifi is ethernet... same network topology, simply without the wires.

What was removed from ASync 4 was the LAN "network sync" or ethernet/RAS capability checkbox that has been there at least since network cards were generally available for ppc's.

Those of us who synced via CF wired nic cards, simply switched connections to wifi when that was available... activesync didn't have any way to notice the topology change.

hth,
Beverly Howard [MS MVP-Mobile Devices]

SassKwatch
11-11-2006, 12:08 AM
Though it pains me unmercifully to defend *anything* revolving around ActiveStink, maybe this might offer a different perspective......

I work in healthcare at a LARGE teaching institution where the 'I.T. Dept' is anything but a single dept. In fact, it's probably almost as specialized a collection of depts as is the patient care side of the institution. And the 'Network Services' and 'I.S. Security' arms of I.T. have used HIPAA regulations like a hammer over the last few yr to control network access. And though I've encountered situations where I've thought they may be using those regulations in an overly heavy-handed manner, I can't entirely blame them either. When there are potentially several thousand devices with network access out there, it probably takes a bit of a heavy hand to protect the patient privacy rules dictated by HIPAA.

And quite honestly, I'm actually quite amazed they allow WM devices network access *at all*. Because let's face it, there really is no security on these devices. Any setting a sysadmin can set to 'control' device activity on the network can easily be undone by *anyone* with the requisite knowledge....or just a little curiosity. So, a doctor, nurse, or any other clinician can be as devious with the device as they choose to be.

And that leaves the IT folks with the ability to control the device activity from only the network side. And I don't doubt that's a problematic task in such a large environment.

So maybe, just *MAYBE*, removal of WiFi sync from AS is a sign of MS succumbing to the pressures of large corporate IT admins.(??) Because if the situation I describe exists in one example of a large network environment, it could probably exist in numerous other examples in healthcare, financial institutions, govt agencies, yada yada Yoda.

And there once was a time when all these large 'vertical markets' type places were supposedly where pda type devices were supposed to change the world. But, at least at our institution, that never came even remotely close to being reality. And maybe the complete lack of any *real* device security was at least a contributing factor to WiFi sync being removed.(??)

Now, I realize that even *IF* the above is *somewhat* true, it won't make non_American, non-healthcare users of these devices very happy. But as Elton John said, "Don't Shoot Me, I'm only the Piano Player'.

Please excuse me while I go seek out an excorsist to rid me of these ActiveStink Defender tendencies. :)

SteveHoward999
11-11-2006, 12:42 AM
Surely network assess is controlled from the network side, not the device side? So who cares what jiggery-pokery people get up to with their pocket toys, if network admin never gave them access then they don't get access, right? And network admin can control just how much access too.

So pfffft. All the excuses so far still don't add up to anything but a piece of damp lettuce.

Gimme back the option to use wi-fi with my device on my home network that I administer myself.

Mick
11-11-2006, 02:23 AM
Yet another example of M$ arrogance--I simply don't buy the "security" argument.
Perhaps it's time to seriously consider an upgrade to Linux, and be done with bloatware.
Mick

SassKwatch
11-11-2006, 02:58 AM
Surely network assess is controlled from the network side, not the device side? So who cares what jiggery-pokery people get up to with their pocket toys, if network admin never gave them access then they don't get access, right? And network admin can control just how much access too.

For the most part, that is very true. But with desktops/laptops in a large environment, there are frequently multiple domain groups and individuals are added to those groups. IF the groups aren't available on the device, they don't get the requisite access.

From a personal perspective, I'd like nothing better than to have the capability available as much as everyone else.

But the reality is, WM devices are security holes that (I suspect) many network administrators don't especially appreciate.

And maybe none of this has absolutely anything to do with the reason MS deactivated the function, but it wouldn't entirely surprise me either.

Peseta
11-11-2006, 03:07 AM
If their opinion is that wifi is insecure and there would be any consistency, shouldn't M$ remove any possibility of using wifi with Windows as all data on my PC is apparantly at risk because I might use unprotected wifi?

And what with all those PC's connected to internet (with any form of connection): the danger, the danger ...

Oops, I could give them ideas ... :bangin:

alex_kac
11-11-2006, 03:22 AM
I was amused as Mike spoke of the ActiveSync 'team' (which to me connotes more than one person). As Ed points out above, it's been over a year now since AS4. What developments HAS this supposed 'team' delivered in that time? And extrapolating from that, it doesn't matter where 'secure' WiFi sync is on the to-do list, it isn't going to ever be worked on (or, at least not until someone else does come up with a thrid party solution).

So I suspect this 'team' is just developers from other areas who are pulled together as needed when something comes up that is deemed a priority.
Well they have made ActiveSync 4.1, 4.2, and 4.5 + the Vista sync.

halr9000
11-11-2006, 04:10 AM
Here is the way I see it:

Microsoft announced their so-called security initiative a year or three ago, and right afterwards, disabled wifi sync. You might recall, this was where they had press releases talking about how they were changing the way they were coding, tools, performance goals, etc all to revolve around security (because they were getting ripped about the lack thereof).

I have no evidence to prove this, but I think what happened was that some supervisor looked into what it would take to really secure wifi sync and after having a good look at the code decided it would be a huge job to redo some endemic design flaws. Supervisor said to his boss something like "it'll take 3,000 man-hours to do it right". The reply was something like, "uhh, let's just disable it. I'll have Marketing spin some reasons and tie it into our new security initiative". I'm sure that the decision was intended to be revisited later, but as their enterprise customers (who have a large influence on future roadmap decisions) all were using Exchange so wifi sync wasn't on their radar. Add to the fact that "everyone knows" that WEP can be broken as easily as an egg and that WPA/WPA2 wasn't popular yet (not to mention not included in Windows Mobile!) and that basically explains it.

I really thought they would fix this with whatever AS-in-Vista is called, but here we are with Beta 2 and I don't see wifi sync.

For the record, I just did a new Vista beta 2 build, plugged in my Sprint PPC-6700 via USB and...nada. Way to go Microsoft! WMDC is a chip off the old Activesync block! :evil:

GF
11-11-2006, 04:59 AM
It is really pissed me off. For ActiveSync, M$ can't fix the security issues, they've just simply disabled. Like AS and Close button, I don't mind the default settings are disabled and minimized but we should have the option to choose what we want. I WANT THE RIGHT TO CHOOSE.

JesterMania
11-11-2006, 05:23 AM
Well, WiFi sync is gone and gone for good, no matter how much some of us want it back. The question here is: Can there be a 3rd party to fill this gap? Making a sync program from scratch can be done (Missing Sync for Mac OS), so who will be the one to create a 3rd-party ActiveSync addon/replacement? :wink:

isajoo
11-11-2006, 06:39 AM
could they not just make two versions of activesync, home/personal use and business/public groups verions. that way all profession can install correct versions on their servers. we can call then activesync 3.8 for home users and activesync 4 for scared/lazy IT administrators. so just make activesync 3.8 work for wm5. gives people the choice and they dont have to really fix it. no?

mscdex
11-11-2006, 09:52 AM
could they not just make two versions of activesync, home/personal use and business/public groups verions. that way all profession can install correct versions on their servers. we can call then activesync 3.8 for home users and activesync 4 for scared/lazy IT administrators. so just make activesync 3.8 work for wm5. gives people the choice and they dont have to really fix it. no?

AS 3.0 works with Vista (last time I tried) :P

unxmully
11-11-2006, 11:37 AM
I was amused as Mike spoke of the ActiveSync 'team' (which to me connotes more than one person). As Ed points out above, it's been over a year now since AS4. What developments HAS this supposed 'team' delivered in that time? And extrapolating from that, it doesn't matter where 'secure' WiFi sync is on the to-do list, it isn't going to ever be worked on (or, at least not until someone else does come up with a thrid party solution).

So I suspect this 'team' is just developers from other areas who are pulled together as needed when something comes up that is deemed a priority.

I suspect the real reason we won't see any improvements in ActiveSync is that its now a dead product and we'll all need to upgrade to Vista and use whatever the tool included in that is called instead.

phmurphy
11-11-2006, 05:15 PM
There really is a lot of duh-mness is some of the PDA OS from MS.

So.. as the Healthcare person commented there is an absolute positive need for security. How about only passing pre-encrypted password protected files in the first place - Duh#1. You probably are using some proprietary software and you can build in encryption, and vitually all of the MS Office type files have password protection. Even though the PDA Excel program doesn't have password capability, there are other add-ons such as PTab that do.

Here is what I think, you can add this to the kooky conspiracy theories. MS is contracting out the programing to (fill in the blank) India and they don't have the ability to rework the software without a large time spent getting trained and up to speed. They are highly talented, but just can't easily cope with someone elses code.

Theory 2 - As mentioned elsewhere, the PDA ain't where the bucks are. I think Gates is enamored with the Tablet now, so we PDA'ers suffer. I do fieldwork and although I would like a large screen, the weight and short battery life of larger devices kills them for me, but not for all of those who are already lugging notebooks and can plug in almost anywhere.

Theory 2.1 - As mentioned elsewhere, the PDA ain't where the bucks are. I think Gates is enamored with the PDAPhone now, so we PDA'ers suffer.

Theory 3 - Lazy bums

Theory 4 - They think the public is too dumb to live. They might be right, since we actually are continually voting to have term limits for politicians. That is an amazing concept that goes something like this - We want to vote to remove politicians in the future because we will be too stupid in the future to vote for someone else. The only good thing about passing term limits is that we know for sure that we are already stupid. Perhaps we have revealed how stupid we really are and MS found out.

So is MS the stupid one, or are we? We can be certain who has the power to make the software that most of us use. Write Bill a letter, maybe that will work. Now now now, don't be stupid. :devilboy:

Pat

Janak Parekh
11-11-2006, 11:16 PM
Though it pains me unmercifully to defend *anything* revolving around ActiveStink, maybe this might offer a different perspective......&lt;snip> So maybe, just *MAYBE*, removal of WiFi sync from AS is a sign of MS succumbing to the pressures of large corporate IT admins.(??)
If so, then Microsoft's Mobile Devices team is even lamer than I thought. For large corporations, there's Windows Policies. ActiveSync should be manageable from there, including controlling/turning off certain sync mechanisms to even controlling what partnerships someone can have. Besides, Microsoft's recipe for large corporations is not to have ActiveSync at all, and to use Exchange.

Your idea is interesting, but I don't think that's it.

--janak

Janak Parekh
11-11-2006, 11:19 PM
I have no evidence to prove this, but I think what happened was that some supervisor looked into what it would take to really secure wifi sync and after having a good look at the code decided it would be a huge job to redo some endemic design flaws. Supervisor said to his boss something like "it'll take 3,000 man-hours to do it right". The reply was something like, "uhh, let's just disable it. I'll have Marketing spin some reasons and tie it into our new security initiative".
If you read Mike's post carefully, that's basically what he says (i.e. that there's feature prioritization and that putting WiFi back in will take work, and it's a compromise as to what actually gets into the product). So while you don't have evidence, I don't think it's needed. ;)

My criticism is that I don't buy the 3,000-man-hour argument. I've mentioned before that I'd like a technical description as to what needs to be done, but none has ever been forthcoming. :?

For the record, I just did a new Vista beta 2 build, plugged in my Sprint PPC-6700 via USB and...nada. Way to go Microsoft! WMDC is a chip off the old Activesync block! :evil:
Beta 2 is pretty old, but my gut suggests I don't expect WMDC to be that different from AS, except perhaps in UI. After all, the underlying device-side code hasn't changed...

--janak

mmidgley
11-11-2006, 11:26 PM
alex_kac wrote:
> Well they have made ActiveSync 4.1, 4.2, and 4.5 + the Vista sync.

but has much changed? if you exclude bug fixes... what do you get? not much that warrants these version number changes.

unxmully wrote:
> I suspect the real reason we won't see any improvements in ActiveSync is that its now a dead product and we'll all need to upgrade to Vista

sadly, i think this is probably accurate.

m.

TTown
11-12-2006, 06:45 AM
If Microsoft keeps making moves like this, the buying public is going to second guess whether they should upgrade their software. The reason we upgrade our software is to make it better, more features and/or more secure. If Microsoft keeps limiting their features in future realeases, the public is going to catch on and stop buying their software. Is the software business going to go the way of the car business? Before you know it, a foreign software maker is going to listen to its market, come in with a better product and chip away at Microsoft's market share. Just a conspiracy theory. :devilboy:

ebrandwein
11-12-2006, 03:25 PM
Corporate speak for "we stripped out the cool stuff rather than fix it" Shame too, it was a very useful feature.

martin_ayton
11-13-2006, 11:10 AM
Having read through the comments on Mike's original article, especially Mike's additional clarifications, I'm now wondering if I missed the point by being focused on my PPC. I think that Mike is actually saying that unencrypted data that people can listen in to is not the real issue here; the real issue appears to be that having a version of AS which allows sync-over-IP installed on your PC opens a big back door into your PC which allows easy inspection and alteration of your Outlook data and some files whenever the man in the black hat feels like playing with your stuff.

Opening your PPC up to the world is one thing. Opening your PC, or your company's PC, up to everyman is a different thing altogether, and I can imagine Microsoft's lawyers getting the screaming heebie-jeebies when they heard about it. I still don't like it, and I think it can and should be fixed, but I can - finally - understand Microsoft's decision in this case.

That is... assuming that I understood this correctly. Did I?

Fuego
11-13-2006, 11:30 AM
Yes, it's the old alternate gateway with VPN and secondary NIC issues, but like Janak Parekh above I cannot undertsand why it cannot be controlled with system group policies, unless you're a corporate entity that doesn't even know that they exist - and there are those around!

Janak Parekh
11-13-2006, 11:30 PM
Having read through the comments on Mike's original article, especially Mike's additional clarifications, I'm now wondering if I missed the point by being focused on my PPC. I think that Mike is actually saying that unencrypted data that people can listen in to is not the real issue here; the real issue appears to be that having a version of AS which allows sync-over-IP installed on your PC opens a big back door into your PC which allows easy inspection and alteration of your Outlook data and some files whenever the man in the black hat feels like playing with your stuff.
There are actually multiple security issues. One is the fact data is sent unencrypted, the second is the fact that ActiveSync does no connection verification. However, both can be mitigated with a firewall. For example, when I'm at home, I'm behind my firewall/NAT box. Why couldn't I then support sync only when at home? Similarly, Windows Firewall could be used to selectively control access to the ActiveSync service. And in a corporate environment, one could support VPN if necessary.

--janak

amc3141
11-20-2006, 07:02 PM
. . .
AS 3.0 works with Vista (last time I tried) :P

Really????, hmmm . . .

. . . I havent upgraged my samsung i730 to WM5 becuase Vindigo needs over the network sync to update movie &amp; concert times, restaurant reviews, etc . . .

will WM5 work with active sync 3.X?

Janak Parekh
11-21-2006, 11:19 PM
will WM5 work with active sync 3.X?
No, it won't. :(

--janak