Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
Four crazy tech ideas from Google's Solve for X project
Obama 2012 campaign playlist revealed courtesy of Spotify
Oracle buying Taleo for US$1.9 billion in direct hit at SAP
Amazon attacks Apple: You get 3 Kindle products for price of iPad 2
Pre-rendered pages highlight latest Google Chrome release
Microsoft exec: Lync-Skype integration a 'compelling opportunity'
The future of hypervisors
/

Pocket PC doesn't make security grade, Gartner says

Today's breaking news
Send to a friendFeedback


Microsoft's Pocket PC 2002 software does not address critical security issues and could make sensitive corporate data stored on PDAs and desktop PCs vulnerable to theft and loss, market analyst Gartner warned in a recent research note.

Companies that use Pocket PC-based devices should turn to third-party products to protect their data, the research note said.

Microsoft officials contested the accuracy of Gartner's analysis of Pocket PC's security. "Gartner mistakenly blames the Pocket PC for potential security breaches that are in reality related to insecure usage of desktop PCs," said Microsoft spokeswoman Bridget Yau, in an e-mail.

Improving security has been a major focus for Microsoft since January, when the Redmond, Wash., company's chairman and chief software architect, Bill Gates, said building an environment of "trustworthy computing" should be Microsoft's top priority, eclipsing the addition of new features to its product line.

But while Microsoft has put the security of many of its flagship products, such as the Windows operating system, Office and Visual Studio .Net, under the microscope, Pocket PC is not yet part of its Trustworthy Computing initiative and ignores critical security issues which will not be addressed until the release of the next version of the software, expected in 18 months to 24 months from now, Gartner said.

Security shortcomings associated with Pocket PC are slowing adoption of handhelds based on the software by many companies, the research note said.

Among the vulnerabilities that Gartner's research note identified with Pocket PC, the default setting does not require a password and passwords and the password policy cannot be synchronized with a desktop PC. In addition, configuration settings of Pocket PC-based devices cannot be secured and when the system is reset all settings are lost.

Other areas of vulnerability include:

  • The ability to install a Pocket PC device on a desktop PC without requiring a password, which gives the device the ability to access data in Outlook, as well as other applications.

  • Users cannot encrypt files with the Crypto API that is included in Pocket PC.

  • No security is provided for removable storage devices, such as memory cards.

  • The software lacks policy features that could be used to restrict a user's ability to run applications on a Pocket PC-based device.

    Microsoft's Yau disputed whether a Pocket PC device can be easily installed on a computer and used to download data from applications such as Outlook, calling Gartner's claim "incorrect."

    "A Pocket PC cannot be installed onto a password-protected PC without using the PC's password to secure access," she said. "A PC without password protection is at a much greater risk of data loss to high-capacity storage cards than with a Pocket PC."

    For other areas of concern, both Microsoft and Gartner agreed that third-party applications can be used to address many of the security vulnerabilities identified in the research note. But Gartner said that relying on third-party products was not a sufficient answer for many corporate users and urged Microsoft to take steps to improve the security of Pocket PC.

    "These (third-party) solutions come at additional cost and are sometimes not available in local languages," the research note said.

    "Many larger enterprises, such as banking and financial institutions, have very strict policies when it comes to acquiring software, requiring extensive audits of the software, vendor viability and support options - often taking more than three months to be approved," it said.

    The IDG News Service is a Network World affiliate.

    RELATED LINKS

    Error 404--Not Found

    Error 404--Not Found

    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

    10.4.5 404 Not Found

    The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

    If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.

    Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

    Get Copyright Clearance
    Request a reprint or permission to use this article.


  • NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
    Click here to sign up!
    New Event - WANs: Optimizing Your Network Now.
    Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
    Attend FREE
    Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.