Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Mobile Security Software Fails the Test

Posted by ryuzaki0 on from the running-the-gauntlet dept.

boebert_ms writes "Windows Mobile security software is insecure and buggy, according to a report from Airscanner. In a paper posted at msmobiles.com, roughly 20 different Windows Mobile programs (e.g. MS Money, Password Master 3.5, etc) were examined and found to have a wide range of issues from broken protection schemes to poor encryption algorithms, and more. The paper goes into some details about each program and their flaws and also provides some tips on how to protect your data."

3 of 106 comments (clear)

  1. Not MSFT Bashing by Jazzer_Techie · · Score: 5, Informative

    Those who actually RTFA will find that most of the complaints have nothing to do with Microsoft or Windows Mobile itself. (The exceptions are MS Money and complaints about the lack of a Task Manager / msconfig / regedit etc.) The issue is that vendors are writing 'security' software (password managers, antivirus) using terrible methods. In analyzing these programs, they found passwords stored as plaintext, some ROT-N encrypted, and other very poor methods of 'securely' storing data. OS security matters, but in this case it wouldn't matter if you were running OpenBSD, assuming you had chosen to (and could) run these programs.

  2. Re:That why Linux is pretty cool on embedded devic by Tim+Browse · · Score: 4, Informative

    Actually, what is pretty cool is that you can be modded +4, Insightful when you clearly haven't read the article (or even the summary, actually).

    Hint: the article is not about security vulnerabilities in Windows Mobile, it's about security problems in the apps people run on it, with the apps using poor/no encryption, or leaking data/passwords into the registry, etc. Most of these apps are not written by MS (although the example of MS Money, and it's 'pmoney' algorithm is amusing, if a little familiar).

  3. Re:tip #1 by Sancho · · Score: 4, Informative

    I chose Windows Mobile primarily for its ability to multitask. Specifically, I want to be able to maintain an SSH connection while I'm switching to another app to look something up. That is something that Palms cannot handle at this point.

    We keep hearing promises from PalmOne that they'll have a multitasking version of the OS out "soon", but it never seems to happen. I used a phone with a broken screen for almost a year, betting (wrongly) that Palm would have their solution out. They never did, and I went with the PPC6700 from Sprint (running Windows Mobile 5.0).

    I'm not unhappy, but that's about all I can say about it. It's an adequate OS, but it has quirks. I'd probably sell it in a heartbeat if a Palm solution came out which met all my needs.