Very Computer

Gartner slams Pocket PC security
By Peter Williams [09-09-2002]
http://www.vnunet.com/News/1134871

+Microsoft rejects analyst report as 'mischaracterisation'
+
+Analyst Gartner has slammed Microsoft's Pocket PC 2002 handheld
+operating system (OS) as unsuitable for enterprise computing,
+warning that it lacks even basic security features.
+
+In a new report, the analyst disputes Microsoft's contention that
+Pocket PC is designed as a platform for enterprise solutions.
+
+It said that enterprises face a significant risk of exposure due
+to these security shortcomings, and advises them to install
+third-party security software.
+
+In its report What does trustworthy computing mean for Pocket PC?,
+the analyst said: "Some of the most basic security features
+required by an enterprise are noticeably lacking in the Pocket PC."
+
+Among the basic security weaknesses listed by the report are:
+
+  * A default setting of no password, and password handling
+    which is inconsistent with other Windows products, meaning
+    that, once access is gained, every application is run without
+    restriction
+
+  * The Pocket PC configuration is modifiable at any time so
+    that enterprises cannot be sure of settings, even after an
+    administrator has configured them
+
+  * Unauthorised or unknown Pocket PC devices are installable on
+    a machine without requiring a password or new connection,
+    after which they can access Microsoft Outlook data and other
+    files.
+...
+The report also warned of a knock-on security effect on other
+enterprise operating systems - especially Windows 2000 and XP -
+caused by the Pocket PC opening up access to data that would
+otherwise be protected.
+
+But Pocket PC's competitors do not fare well for security either.
+Symbian and Symantec are working on a more secure version of
+Symbian OS used widely in mobile phones, while Palm OS 5 supports
+128-bit file encryption.

In point of fact, there is only one class of PDA OS on the market
with the current potental for any real level of enterprise level
security...
http://www.linuxdevices.com/articles/AT8728350077.html

In fact the lack of security in the whole Microsoft line of
products makes it look increasingly unsutiable for use in an
enterprise enviroment...

"Duh - Microsoft: "Our products aren't engineered for security""

"Despite Security, Microsoft pitches 'no separate app server' approach"

[ Actually, I'm surprised Erik F. did not comment on that thread ]

"Unpatched IE security holes"
http://www.pivx.com/larholm/unpatched/
+ 4 September 2002: There are currently 18 unpatched vulnerabilities.

David Mohring - Hmmmm, interesting google trawling ...
http://www.google.com/search?q=Microsoft+Desktop+enterprise -> about 763,000
http://www.google.com/search?q=Linux+Desktop+enterprise  -> about 437,000

Question is, what can Pocket Windows do that PalmOS can't?

Matthew Gardiner

--

(o<    
//\   Powered by SuSE Linux  
V_/_  Virusproof. Crashproof.
 10:52pm  up 15 days,  4:41, 24 users,  load average: 1.18, 1.23, 1.26
processes 1442084

You should talk about some advantages that Linux might actually still have,
such as price, security, or the ability to run on 286es.  The stability
argument is dead and your continued use of it puts you and Linux in a bad
light.

BTW, I recently encountered a kernel panic.  Should I now start claiming
that kernel panics are commonplace in Linux the way that Linvocates claim
that BSODs are commonplace in the latest versions of Windows?

-----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
   http://www.newsfeed.com       The #1 Newsgroup Service in the World!
-----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----

Quote:> You Linvocates need to start talking about something other than
> stability. Linux has nothing on the latest Windows offerings as far as
> stability goes (well, at least for normal people; I know how hard it is
> for you "tech-savvy" Linux users to get Windows to even simple things
> like printing.)

Quote:> You should talk about some advantages that Linux might actually still
> have,
> such as price, security, or the ability to run on 286es.  The stability
> argument is dead and your continued use of it puts you and Linux in a
> bad light.

Quote:> BTW, I recently encountered a kernel panic.  Should I now start claiming
> that kernel panics are commonplace in Linux the way that Linvocates
> claim that BSODs are commonplace in the latest versions of Windows?

Peter
--
Get the new Windows XP. Now with eXtra Problems included

Doesn't it make you feel so much more comfortable to lose your work to a
reboot than a simple lockup?

For the record, I've never had problems getting winders to print. Keep
running without lockups, handle various other hardware, see drivers and
some other things, yes. But printers always worked for me just fine.

Quote:> You should talk about some advantages that Linux might actually still
> have, such as price, security, or the ability to run on 286es.  The
> stability argument is dead and your continued use of it puts you and Linux
> in a bad light.

Quote:> BTW, I recently encountered a kernel panic.  Should I now start claiming
> that kernel panics are commonplace in Linux the way that Linvocates claim
> that BSODs are commonplace in the latest versions of Windows?

I've had lockups in winders, verified hardware was OK and still had more
lockups. I've only had that in linux when I did something goofy with
software.

I've had lockups in windos that was only solved by reinstalling. I only
had that situation in linux when I was new and didn't have the slightest
idea how to fix it (another of those "doing something goofy" deals).

--
Support organized crime: buy Microsoft products.

Quote:

> The BSOD line is tired, and these days is FUD.

Quote:> You Linvocates need to start talking about something other than stability.
> Linux has nothing on the latest Windows offerings as far as stability goes
> (well, at least for normal people; I know how hard it is for you
> "tech-savvy" Linux users to get Windows to even simple things like
> printing.)

When a top of the line computer has to resize a .5 gig swapfile  /w 256
meg ram because the working printer has to print a photo-quality
picture, there's a problem.

Quote:> You should talk about some advantages that Linux might actually still have,
> such as price, security, or the ability to run on 286es.  The stability
> argument is dead and your continued use of it puts you and Linux in a bad
> light.

Quote:> BTW, I recently encountered a kernel panic.  Should I now start claiming
> that kernel panics are commonplace in Linux the way that Linvocates claim
> that BSODs are commonplace in the latest versions of Windows?

Quote:> -----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
>    http://www.newsfeed.com       The #1 Newsgroup Service in the World!
> -----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----

--
 -| Bob Hauck
 -| To Whom You Are Speaking
 -| http://www.haucks.org/

Quote:>On Wed, 11 Sep 2002 11:30:46 +1000,

David Mohring - Zaurus, for when you really need Apache on the move.

--
General Protection Fault

  1:30pm  up 18:50,  2 users,  load average: 0.07, 0.05, 0.01
Linux nitrogen.ertw.com 2.4.9-34 #1 Sat Jun 1 06:32:14 EDT 2002 i586 unknown

Quote:>On Wed, 11 Sep 2002 09:27:13 GMT, Bob Hauck assert()ed:
>> On Wed, 11 Sep 2002 11:30:46 +1000,

Palm OS Password Lockout Bypass
http://www.atstake.com/research/advisories/2001/a030101-1.txt

Apparently things have improved with the release of PalmOS v5, but
at the OS level, it is still way behind what Linux PDA is capable
of providing. See
http://www.atstake.com/research/reports/acrobat/security_analysis_pal...

David Mohring - Sincere Security

Quote:> David Mohring - Sincere Security

--

It's still legal to go .sigless.