The
report in question, from
J. Gold Associates, noted that although Microsoft's direct push software encrypts data while it is in transit, no encryption is available once that data reaches the handheld device. Thus, J. Gold says, information is exposed to "anyone able to get his or her hands on one of the devices and defeat its password system," according to eWEEK.
Microsoft, on the other hand, contends that Windows Mobile 5.0 "provides users with the right balance of security and usability," according to eWEEK. Microsoft's push email system "works for most organizations" and if users feel the need for more security, "our partners can provide that," a Microsoft spokesperson told eWEEK. Such tools are available from vendors such as
Sybase,
Utimaco, and
Credant, among others.
Push email is certainly not the only security concern for mobile device users. Last month, for example, Kaspersky Lab warned that Windows CE, which forms the basis of Windows Mobile, is
"extremely vulnerable" to malicious software attacks, citing a lack of resource protection as the principal problem. Microsoft countered, however, that these findings were not problems with Windows CE, but rather with some applications that run on top of the kernel. In any case, multitasking enhancements in the
third generation kernel of Windows CE 6.0, which will be rolled into a future generation of Windows Mobile, may contribute to enhanced mobile device security.
Read the complete eWEEK article
here.
Related stories:
