09-09-2002, 03:00 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Security on the Pocket PC - good or not?
http://www.vnunet.com/News/1134871
Pocket PC 2002 devices got a boost in security features over the Pocket PC 2000. They center primarily around device access with a power on password, which also protects the data if you try to access it from a PC via an ActiveSync connection. But at least one Gartner analyst disagrees. "Analyst Gartner has slammed Microsoft's Pocket PC 2002 handheld operating system (OS) as unsuitable for enterprise computing, warning that it lacks even basic security features."
There is room for improvement in the Pocket PC's security model, no question. There is room for improvement in every OS's security model. But "unsuitable for enterprise computing?" Come on! True, you cannot lock down a Pocket PC like you can a desktop yet, but does that make it unsuitable? Do you have any clue how many enterprises still use Win98/ME? Talk about unsecure. If you have the need for high security, you still have to tweak Win2K Pro/WinXP Pro to get that high level of security. With a Pocket PC you can get much of that security with third party addons.
The bottom line is the Pocket PC currently has one of the best, if not the best, security models around for a handheld. Set a password on your Pocket PC 2002 and do a soft reset. Now, put in the wrong password about 5-6 times. Pretty cool eh? I doubt anyone will be guessing your password before the contents are so obsolete as to be worthless.
|
| |
|
|
|
09-09-2002, 03:06 PM
|
|
Pontificator
Join Date: Feb 2002
Posts: 1,023
|
|
Quote:
|
I doubt anyone will be guessing your password before the contents are so obsolete as to be worthless.
|
I don't have 2002, but this doesn't exactly sound like a "try this at home" thing. What's it do anyway? :?
|
| |
|
|
|
09-09-2002, 04:34 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Quote:
|
Originally Posted by Rirath
I don't have 2002, but this doesn't exactly sound like a "try this at home" thing. What's it do anyway? :?
|
It won't harm your data. Each time you guess wrong after the first 3-4 tries. the PPC mandates you must wait a few seconds longer before accepting your next guess. After 15-20, the wait gets long and evenutally would be hours between tries. Very effective against brute force attempts assuming your passkey isn't something simple like the year of your birth, last 4 digits of your SS#, etc. that a thief might know.
|
| |
|
|
|
09-09-2002, 05:05 PM
|
|
Theorist
Join Date: Apr 2004
Posts: 262
|
|
Personally I think the security on my pocket pc is good enough. I rely on the standard password system because imo it is indeed protected enough against brute force hacking.
What kind of third party apps do you guyz use for security ?
|
| |
|
|
|
09-09-2002, 05:19 PM
|
|
Intellectual
Join Date: Feb 2004
Posts: 139
|
|
I'll never forget last year around this time when I was flying home from Comdex. I was using my Jornada on the plane and thought "you know, I have a lot of personal info on here like my MS Money files, etc. ... maybe I should password protect it". I set a 4 digit PIN and then fell asleep on the flight. When the flight landed, I got off the plane and FORGOT my PDA in the seat pocket. After returning to my seat 10 minutes after getting off the plane, my Jornada was gone forever, stolen by the cleaning crew. 
I know for my purposes (i.e. peace of mind regarding my personal data), the PPC security was worth its weight in gold ... assuming we calculate the weight of the person who coded the security routine. 
__________________
Wes SalmonSoftware Test EngineerMicrosoft Mobile and Embedded Devices
|
| |
|
|
|
09-09-2002, 05:20 PM
|
|
Pontificator
Join Date: Feb 2002
Posts: 1,043
|
|
I did the beta series for SFR (a German developer) of their image-based password program. While the betas were a bit stressful (forget your password tap-point series and a hard reset is inevitable!), the end product is pretty solid. However, I don't work for anyone else, and no one except my kid has access to my devices, so I don't use a password of any kind. Nothing to hide anyway. If there were, I'd more likely be encrypting individual data files rather than locking the device. And with a hard reset making a stolen or lost PPC usable as-new, I'd frankly rather have my name and address accessible!
http://www.viskey.com/viskeyce/index.html
__________________
Gerard Ivan Samija
|
| |
|
|
|
09-09-2002, 05:28 PM
|
|
Ponderer
Join Date: Mar 2002
Posts: 50
|
|
I find this article hard to take. Why didn't they consider 3rd party utilities that offer encryption and additional security over the whole system. Further there are utilities like Tweaks 2k2 which offer the ability to not allow users to install apps.
Further throwing in the red herring about the Palm OS 5 offering this security and then not pointing out the lack of security in the Symbian OS makes me believe that this article is biased. Further the article should be beating up every smart device out there since they all contain data we want kept confidential.
Overall the important point I take away from an article like this is that users need to use security to be secure. They cannot depend on anyone else to do it for them.
|
| |
|
|
|
09-09-2002, 05:30 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Quote:
|
Originally Posted by denivan
What kind of third party apps do you guyz use for security ?
|
I use the PPC built in security and then keep my most sensitive info in a 128bit encrypted ewallet file with an insanely long password.
Also, see http://www.pocketpcthoughts.com/foru...pic.php?t=1499 for other common sense no-no's, like storing anyting sensitive on a CF card.
|
| |
|
|
|
09-09-2002, 06:08 PM
|
|
Intellectual
Join Date: Feb 2004
Posts: 139
|
|
Quote:
|
Originally Posted by Ed Hansberry
I use the PPC built in security and then keep my most sensitive info in a 128bit encrypted ewallet file with an insanely long password.
|
And that password wouldn't be "In5aNe1Y-Lo|\|g_pa$Sw0rD" would it? 
__________________
Wes SalmonSoftware Test EngineerMicrosoft Mobile and Embedded Devices
|
| |
|
|
|
09-09-2002, 06:25 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Quote:
|
Originally Posted by Wes Salmon
And that password wouldn't be "In5aNe1Y-Lo|\|g_pa$Sw0rD" would it? |
Dang it! Now I have to go and create another one. :bad-words:
|
| |
|
|
|
|
|
|
Linear Mode
