How to apply security on Windows Mobile

[AGAMEMNON]

Just few days back our company had bought an application which runs on hand held devices with Windows Mobile 5.0 operating system. Now i would like to know that how to apply security on Windows Mobile? I think that I should able to define users and assign permission as we do on Windows XP or Windows 2003. Does any body have any idea about it? Or is there any other way to do so? Any help you can provide would be greatly appreciated. Thanks.

[Milton.J]

The Windows Mobile documentation uses a set of security terms that have specific meanings, and understanding these terms will help you understand security on Windows Mobile devices. Microsoft Windows Mobile 6 and its predecessor, Windows Mobile 5.0 with the Messaging and Security Feature Pack (MSFP), include many features that help you secure corporate infrastructure with minimal difficulty and with minimal inconvenience for your users.

[Spyrus]

The most obvious is that Windows Mobile devices do not have a logon concept, and therefore there isn’t a concept of the current user. Trend Micro Mobile Security protects smartphones and PDAs from data loss, infections, and attacks from a central enterprise console that can also manage desktop protection.Mobile devices are generally considered personal productivity tools, not something that one logs on to like a workstation. A trusted process can call any API and write to any registry key. There are essentially no limits on what it is allowed to do. A normal process is forbidden from calling certain APIs and writing to certain registry keys. For the list of APIs and registry keys, see the "Trusted APIs" topic in the Windows Mobile SDK documentation. Even if there were a concept of user identity, the overhead of maintaining per-item permissions through ACLs would put a tremendous strain on the limited resources of these devices.

[Snake08]

Using Microsoft Exchange Server as the messaging platform further increases the security options available. Encryption and authentication defends data integrity on lost or stolen devices. The anti-malware features block viruses, worms, Trojans, and SMS text message spam. You can use Windows Mobile, Exchange Server, and some network security best practices as a foundation for protecting your company’s mobile devices.

[Zachary]

Normal execution mode is designed to reduce the amount of code that needs Trusted execution access to the device. I think, you should should use "Spb Kiosk Engine" tool which lock device like a real kiosk that user could only interact with related business application. The fact that a service provider determines the device security policy rather than the organization using the device presents very different challenges from the familiar workstation and portable computer environment. By using Normal mode to run an application, you can reduce the risk that an error-prone application can cause accidental damage on the device.As you’ll see shortly, making Windows Mobile a secure platform is achieved through a combination of operating system features, developer tools, and trusted third parties enforcing standardized security polices across organizations.

[Big Fish]

The last permission tier, blocked, is provided primarily for completeness. No application executes at the blocked tier because the blocked tier applies to those applications that are not allowed to execute. Most applications run at the normal tier. Windows Mobile helps prevent unauthorized access to the device itself through PIN authentification and password protection, device timeout locking, and the ability to "wipe" or erase the device’s memory either locally or remotely if it is lost or stolen. These applications cannot call any trusted APIs, write to protected areas of the registry, write to system files, or install certificates. The complete list of trusted APIs, protected registry areas, and file system protections is available in the Windows CE Platform documentation.