Pocket PC May Not Make the Security Grade

October 2002

Microsoft's Pocket PC 2002 software does not address critical security issues and could make sensitive corporate data stored on PDAs and desktop PCs vulnerable to theft and loss, market analyst Gartner warns in a recent research note.

Companies that use Pocket PC-based devices should turn to third-party products to protect their data, the research note says.

Security shortcomings associated with Pocket PC are slowing adoption of handhelds based on the software by many companies, the research note says.

Among the vulnerabilities that Gartner's research note identified with Pocket PC, the default setting does not require a password and passwords and the password policy cannot be synchronized with a desktop PC. In addition, configuration settings of Pocket PC-based devices cannot be secured and when the system is reset all settings are lost.

Other areas of vulnerability include:

- the ability to install a Pocket PC device on a desktop PC without requiring a password, which gives the device the ability to access data in Outlook, as well as other applications;

- users cannot encrypt files with the Crypto API that is included in Pocket PC;

- no security is provided for removable storage devices, such as memory cards;

- and the software lacks policy features that could be used to restrict a user's ability to run applications on a Pocket PC-based device.

Source...

 

With Dionach you get:

• An efficient, friendly and flexible service
• To talk directly to the experts
• Straightforward assessment reports that get to the point
• Complete confidentiality and utmost discretion