06-12-2005, 02:00 PM
|
|
Developer & Designer, News Editor Emeritus
Join Date: Aug 2006
Posts: 12,959
|
|
Analysts Say Windows Mobile 5.0 Fails to Deliver Adequate Security
Windows Mobile 5.0 and the recently-announced MSFP pack a punch when it comes to security enhancements, but a pair from Gartner beg to differ (again). In a June 9 report, the pair claim that the security improvements "are insufficient and do not meet basic enterprise security needs," and that MSFP "does not go far enough with security for enterprise-wide deployment." In a later report dated June 10, Gartner claims that MSFP will make mobile e-mail "a good enough solution for some organisations" (but obviously not suitable for enterprise-wide deployment). It seems that the message Gartner tries to convey here is that Windows Mobile 5.0 only offers a basic security solution. But in these reports, they appear to have stupidly adopted the same old critical attitude that saw them attack the Pocket PC platform back in 2002, so these reports may well be clouded with elements of bias. Biased or not, I guess the bottom line here is whether they're right? You decide.
|
| |
|
|
|
06-12-2005, 02:31 PM
|
|
Mystic
Join Date: Aug 2006
Posts: 1,734
|
|
It seems their objections are primarily that storage cards are not protected in any way. They have a point, but the solution (encryption of the card) would make things a lot more complicated e.g. you wont be able to use any random card reader to copy documents from a desktop. There are of course 3rd party solutions, but they argue that this should be built in.
With increasing ROM sizes this can become less of an issue if people can remember to keep sensitive documents in BIS. I also dont know if WM has a policy enforcement built in to ensure this happens.
Surur
|
| |
|
|
|
06-12-2005, 04:24 PM
|
|
Thoughts Media Review Team
Join Date: Aug 2006
Posts: 599
|
|
There are still shortcomings in this platform compared to, say, RIM. For example, the RIM management software allows you to explicitly manage the devices that are used to access the email. This cannot be done with the MS platform - you can only control which user accounts are permitted to remotely access email. That isn't the same thing.
Also, the RIM software allows you to deploy settings, etc, to the device. The MS version allows you to enforce a password policy, but that is about it. It doesn't let you set the user name, company name, etc. (The list is longer but this is off the top of my head).
The RIM software lets you see when the device was last "seen". This was useful for me recently when I was trying to diagnose reports from users that they weren't getting updates via their BB devices.
I'm not knocking the MS platform here - I think that this release is a significant improvement over the last attempt. It delivers sort-of push email without the need for SMS messages (at last!) and it also delivers a remote device wipe command.
The security and management of the devices does still need improving, though. Part of the problem is that I don't think that either MS or the manufacturers are thinking of these as enterprise devices.
--Philip
|
| |
|
|
|
06-12-2005, 04:48 PM
|
|
|
06-12-2005, 05:58 PM
|
|
Ponderer
Join Date: Feb 2002
Posts: 67
|
|
The only thing "stupid" about this is your statement that it's stupid. Do you have any idea what organizations have to deal with regarding security? If you did you wouldn't have made this comment.
|
| |
|
|
|
06-12-2005, 06:02 PM
|
|
Developer & Designer, News Editor Emeritus
Join Date: Aug 2006
Posts: 12,959
|
|
Quote:
|
Originally Posted by tthiel
The only thing "stupid" about this is your statement that it's stupid. Do you have any idea what organizations have to deal with regarding security? If you did you wouldn't have made this comment.
|
Uh... are you talking to me? :|
|
| |
|
|
|
06-12-2005, 06:12 PM
|
|
Pupil
Join Date: Apr 2005
Posts: 43
|
|
Love reports like this ... as of course security is a consideration for most of us when buying PDAs !!!
If ya going to alow your staff to carry data around on a handheld locking that down is near impossbile at the momment on any platform.
|
| |
|
|
|
06-12-2005, 08:13 PM
|
|
Pontificator
Join Date: Feb 2002
Posts: 1,043
|
|
Why is Gartner so very full of crap? They're all over WM5.0 for being un-secure lost/stolen devices/cards are concerned... but then with VoIP they are apparently quite relaxed:
"On the use of wireless Internet access through Wi-Fi, Gartner said enterprise can equip and educate mobile workers with the tools and knowledge to mitigate the threats and increase productivity via hot spot usage."
So, workforce education is relevant with wireless data transfer (something any newb should be told immediately is NEVER use a 'hot spot' for banking or other security-critical internet work), says the great and wise Gartner team. But an SD card, that's scary. A basement-dwelling European script kiddie hacks into 90+ US governments networks and does a pile of damage, using downloadable toys any nerd could use, BECAUSE OF WIRED CONNECTIONS. The US government is less inherently secure than any SD or CF card... UNLESS it happens to be in a wired or wirelessly connected device on a public network.
Basically Gartner's head is up it's collective @$$. A little education goes a long way. Tell employees they'll be fired for losing their devices and storage cards and watch as losses suddenly stop. Tell them to use only secured connections for sensitive communications and to encrypt any sensitive data, or risk disciplinary measures. Resco Explorer and lessons in how to use encrypted ZIP or RXF formats - or something like F-Secure, or whatever - should be basic for any deployment of sensitive data and PPCs. Leaving it up to Microsoft is a joke, same as leaving it up to Palm or Blackberry or whatever cellphone. These are consumer electronics first, corporate devices second, and as such any expectation of no-brainer security is coming from a bizarre thought process such as only a leeching pretense of a consulting firm such as Gartner can display. Reminds me of Fraser Institute reports locally... a mouthpiece for what right-wing governments and profit-first, ethics-last companies want to hear... and as one journalist called it: "coin-operated consulting."
__________________
Gerard Ivan Samija
|
| |
|
|
|
06-12-2005, 08:49 PM
|
|
Pontificator
Join Date: Mar 2002
Posts: 1,329
|
|
Quote:
|
Originally Posted by Gerard
Basically Gartner's head is up it's collective @$$. A little education goes a long way. Tell employees they'll be fired for losing their devices and storage cards and watch as losses suddenly stop. Tell them to use only secured connections for sensitive communications and to encrypt any sensitive data, or risk disciplinary measures. Resco Explorer and lessons in how to use encrypted ZIP or RXF formats - or something like F-Secure, or whatever - should be basic for any deployment of sensitive data and PPCs. Leaving it up to Microsoft is a joke, same as leaving it up to Palm or Blackberry or whatever cellphone. These are consumer electronics first, corporate devices second, and as such any expectation of no-brainer security is coming from a bizarre thought process such as only a leeching pretense of a consulting firm such as Gartner can display. Reminds me of Fraser Institute reports locally... a mouthpiece for what right-wing governments and profit-first, ethics-last companies want to hear... and as one journalist called it: "coin-operated consulting."
|
Yah because every device that is stolen or lost was intentional. :roll: Get freaking real. Windows Mobile has never been the secure. It still sits in the realm of windows 9x type security. Where is the encrypted file system? where is the built in firewall? (That many companies require.) where is group policies that can be admined from AD. Etc, etc, etc. I think someone is a tad too much of a fanboi to realize that Windows Mobile is about as secure as Windows 9x.
As for the consumer / corp excuse. Thank GOD that MS doesn't treat the desktop/laptop market the same way. :roll: the fact is 90% of the feature in the Pocket PC is designed around the corp market. What you think home consumers use remote desktop on a day to day basis? Do you think home users use VPN? Do you think push mail addin for 2005 was for home users? Windows mobile is targeting the enterprise first. Consumers are a far second.
__________________
PDA History: Palm Pilot 5000 -> Apple Newton 2100 -> Casio E-11 -> iPaq 3650 (64MB Upgrade) -> iPaq 3700 -> Casio EM-500 -> HP Jornada 568 -> HP iPaq hx4705 www.spreadfirefox.com |
| |
|
|
|
06-12-2005, 11:22 PM
|
|
Pontificator
Join Date: Feb 2002
Posts: 1,043
|
|
Windows Media Player is corporate-focused? Notes? Pocket Word? Pocket IE? Gimme a break. If they wanted to properly support corporate workers, 10MB of ROM would be tied up with a proper port of Word for starters. Ditto for Excel. And File Explorer, seriously, could they have made a more Palm-ish, joe-consumer file manager? Where's the native database application? No PPC previously sold has VPN as native, so suddenly it becomes 90% corporate-focused with WM5 because suddenly it's there? Don't try to tell me the buggy Terminal Services thing counts...
__________________
Gerard Ivan Samija
|
| |
|
|
|
|
|
Linear Mode
