Pocket PC magazine, January 2004
Page 7
All of the inspection data is now real-time and we have provided a Web site where the builder can go to see if an inspection has passed or failed and, if it failed, to see the correction items. This eliminates the 24-hour lag time we used to have when corrections lists were not entered until the day following an inspection. This has also freed up time from answering builders' questions over the phone. one.
After testing, the system was put into place with all five building inspectors at a cost of under $8,000. We have had the new system using the iPAQs for about six months now and it has helped us streamline our processes a great deal. Our customers are very pleased with it as well.
* * *
Bill D. Bell has a Master of Public Administration degree from Brigham Young University. He has spent three years as a building inspector, one year as a plans examiner, and six years as the chief building official of Orem, Utah. He is also Webmaster for both the Utah Chapter of International Code Council and for his Building Safety Division's city Web page. He can be contacted at at bdbell@orem.org.
DIRECTIONS
by Chris De Herrera
Is Windows Mobile 2003 More Secure?
After spending quite a bit of time reviewing the features of Windows Mobile 2003 in my last articles (Nov. 2003, pp. 1418, 4651), I decided to focus on how Microsoft has changed their security. Now maybe you think that Windows Mobile 2003 is more secure because it offers more security features such as 802.1x and IPSec; however, there are a number of areas in the new OS that are no more secure than in Pocket PC 2002.
Whether you're an administrator or user of Pocket PCs, you need to understand the potential risks associated with their use. So let's look at the security that is provided out of the box and how it is implemented.
Power-on password
The power-on password is a good way to protect your Pocket PC's data from being read or copied by others. This feature has remained the same as it was in Pocket PC 2002. You can use a four-digit password or a much stronger alphanumeric password to protect your data. With Windows Mobile 2003, Microsoft added a new feature: a hint can now be displayed to help you remember your password.
One other important aspect of the power-on password that administrators need to know is that there is no back door into the system. So if the user forgets his password, or leaves the company and does not tell it to you, all you can do is a hard reset.
Storing passwords
As you may be aware, Microsoft allows you to easily store both network and Internet passwords on your Pocket PC—you've been able to do this since Pocket PC 2000. With Windows Mobile 2003, Microsoft now stores the passwords in a special file system which prevents unauthorized access.
However, Windows Mobile 2003 still presents the same difficulties that prior versions did when it comes to managing the stored passwords. Microsoft does not provide a way to change passwords or save them. The only way to change a stored password is when the system prompts you that an existing password no longer works. Furthermore, the only way to delete a stored username and password is to hard reset your device—ouch!
Other passwords can also be stored on your 2003 device, such as your Exchange 2003 or Mobile Information Server password, your VPN password, and your POP3/IMAP4/ SMTP password. Since Microsoft does not allow an administrator to prevent users from storing passwords on their devices, this could present a significant security issue if the passwords were to be extracted from the device, even in an encrypted state.
Web security
When it comes to Web site access, Windows Mobile 2003 expands the security that was supported in Pocket PC 2002. You can now easily store your own digital certificates on your Pocket PC. Just copy the certificates onto the Pocket PC, click on them in File Explorer, and they will be installed.
Areas in which Microsoft has not improved security are scripting, ActiveX controls, and installation of programs via CAB files. All versions of the Pocket PC operating system allow ActiveX controls to be installed, and scripts (such as JScript) to run, without prompting the user. And just clicking on a CAB file on a Web site will install it. However, you can eliminate these abilities to run scripts, install ActiveX controls, and install applications by using RegKing 2003 (www.doctorce.com/regking.htm) or another similar third-party security application.
Are there profiles?
A part of the Pocket PC 2002 operating system that's been extended with Windows Mobile 2003 is the support for user profiles. This functionality shows in the directory structure of the Pocket PC and in the storage locations of documents and features. But so far the concept of profiles has not expanded to allow multiple users to utilize Windows Mobile 2003 with separate authentication, as users can do on Windows.
Does Windows Mobile 2003 support policies?
Microsoft has been using "policies" since Windows 95 to allow network administrators to define default security values for users when they first log in to a network. Microsoft has not added any similar functionality to Windows Mobile 2003. However, while reviewing the registry, I did find that there is an option to control whether or not applications can be installed by the user on the Pocket PC. This registry setting enables an Administrator icon in Settings which prompts for a strong password before installing applications. RegKing 2003 can enable this feature.
Really want to be secure?
Some companies require that security be evaluated prior to implementing new systems. However, when you consider what kind of data is being stored on them, it's clear that all network administrators should review the security of their devices. To make sure you are secure, I highly recommend that you test each function you are securing to understand how it works and what you can do to control it. Administrators need to know that there are specialized applications that can be used to increase the security of the Pocket PC. Some you must purchase, while others, such as RegKing 2003, are free. You can make your Windows Mobile 2003 devices much more secure than when they were taken out of the box.
Secure Computing initiative?
I wonder what happened to the Pocket PC when it came to Microsoft's Secure Computing initiative, which was designed to make Microsoft's products more secure. I can easily see multiple ways in which Microsoft could have made the Pocket PC secure by default to minimize risks right out of the box, just as Windows Server 2003 does (and it shipped before Windows Mobile 2003 by 3 months). Clearly Microsoft must do more to make the Pocket PC inherently secure as soon as a user takes it out of the box. I just hope they will take security as seriously with Windows Mobile as they do with their server and desktop operating systems.
The future
I hope that we will see Microsoft offering complete control over the usernames and passwords that are stored on the device, especially allowing us to delete them. Also, I think that adding the functionality to disable potential security risks such as the ones I have outlined here would be beneficial to users and administrators alike.
* * *
Chris De Herrera is a special correspondent and contributing author for Pocket PC magazine. He maintains one of the best Windows CE sites (www.cewindows.net) and discussion boards (www.cecities.com). Chris is a Microsoft PocketPC.COM Contributor on Microsoft's Windows CE Web site. Chris is a Microsoft Most Valuable Professional for Windows CE and writes articles on Windows CE for his own Web site and for other mobile computing publications. Chris regularly participates in various newsgroups (including Microsoft.public.windowsce). You can reach Chris at TechEd@CEWindows.net.
Third Annual Pocket PC magazine Best Software Awards 2003
by Hal Goldstein
Pocket PC magazine's Best Software Awards celebrate the efforts of developers whose products increase the enjoyment and productivity of Windows Mobile Pocket PC and Smartphone users. This year the annual awards celebration was sponsored by Microsoft Windows Mobile and Intermec and held on October 22 in Las Vegas, in conjunction with Pocket PC Summit and CTIA Wireless IT and Entertainment.
The ceremony is the culmin
ation of a five-month process that began with over 2000 products and involved over 60 Windows Mobile expert judges worldwide. These products can be found at Pocket PC magazine's Encyclopedia of Software and Accessories (www.PocketPCmag.com/_enc/encyclopedia.asp).
We divided the awards into four categories. Only products and versions released by July 31, 2003 were eligible.
Pocket PC End User Software: Over 400 products in 66 categories were nominated by the Pocket PC magazine staff and the Board of Experts.
Smartphone End User Software: Stephan Schmidt of the Smartphone 2002 Web site (www.smartphone2002.info) led a team of Windows Mobile Smartphone experts determining nominations, finalists, and winners.
Developer Software: Christian Forsberg of the Business Anyplace Web site (www.businessanyplace.net) and Bob Katayama of the Han-D-Solutions Web site (www.han-d-solutions.com) headed the team of developer software experts that selected nominations, finalists, and winners.
Enterprise Mobility: Nathan Clevenger of Clevrware (www.clevrware.com) was in charge of the group soliciting nominations and determining winners for the best Pocket PC Enterprise Mobility solutions (www.mobiledev.org/ppc_award_nom.asp).
Over 60 judges in Pocket PC and Smartphone software from around the world voted and joined our Board of Experts to determine the award winners. These experts are prominent Web site associates, Microsoft Pocket PC MVPs, Pocket PC magazine support forum contributors, and Pocket PC magazine writers (see Pocket PC magazine Board of Experts sidebar). Judges' comments about the software will be seen in subsequent issues of Pocket PC magazine during 2004.
Finally, as is our custom each year, we have selected the winners of the 2003 Pocket PC Community Outstanding Achievement Awards.
Best Pocket PC Software
* * *
Communication
Phone and Fax
WINNER
Spb GPRS Monitor
Spb Software House
www.softspb.com
This software lets you measure the amounts of data transfers via your GPR, Wi-Fi, CDMA, or GSM network connection and calculate network usage costs.
Spb GPRS Monitor (above)
Finalists
IP Dashboard Network Monitor
www.hudsonmobile.com
pocket PhoneTools 4 Pro
www.bvrp.com
Running Voice GSM
www.pocketpresence.com
* * *
Synchronization
WINNER
MightySync
MyDocsUnlimited
www.mydocsunlimited.com
Allows you to synchronize any file or folder anywhere on your desktop PC or LAN with your Pocket PC.
MightySync (above)
Finalists
Intellisync
www.pumatech.com
Peacemaker Professional
www.conduits.com
* * *
Games
Action
WINNER
Bust'em
Digital Concepts
www.dig-concepts.com
A Breakout-type arcade game in which you have to break the bricks with a ball.
Bust'em (above)
Finalists
G-Pod
www.aimproductions.be
Spawn
www.ziointeractive.com
* * *
Board
WINNER
Scrabble
Handmark, Inc.
www.handmark.com
A version of the popular Scrabble game in which you make words crossword-style from letter tiles.
Scrabble (above)
Finalists
KSE Backgammon
www.ksesoftware.com
Monopoly
www.handmark.com
* * *
Card
WINNER
GameBox Solitaire
PDAmill
www.pdamill.com
A collection of 10 solitaire card games: Blind Alleys, Canfield, Chinese, East Haven, Fourteen Out, Freecell, Golf, Klondike, Pyramid, and Pyramid Golf.
GameBox Solitaire (above)
Finalists
King Sol
www.rapturetech.com
* * *
Casino
WINNER
Full Hand Casino
Hexacto Games Inc.
www.hexacto.com
A casino game in which you can play blackjack, roulette, video poker, and slot machine.
Full Hand Casino (above)
Finalists
Black Jack Pro
www.g3studios.com
* * *
Chess
WINNER
PocketGrandmaster
Clevergames
www.pocketgrandmaster.com/english/index.html
A chess game with a configurable board. Moves can be replayed. The game has a chess clock and an analysis mode for tutoring, problem solving, and hints, and offers different playing modes for both tournament and blitz games.
PocketGrandmaster (above)
Finalists
Kasparov Chessmate
www.hexacto.com
Mobile Chess
www.pocket-games.com
* * *
Emulators
WINNER
Pocket C64
Clickgamer Technologies Ltd.
www.clickgamer.com
A game emulator which runs classic Commodore C64 games. Features fast graphics and 16-bit sound with live adjustment of user preferences.
Pocket C64 (above)
Finalists
Mame CE3
www.mameworld.net/mamece3
* * *
Kids
WINNER
Kids' Alphabet
Zaz
www.pocketpckids.com
Kids' Alphabet is a flashcard game that teaches kids the letters of the alphabet.
Kids' Alphabet (above)
Finalists
Boubou Animals
www.pocketgear.com/software_detail.asp?id=10334
* * *
Puzzle
WINNER
Shanghai Pocket Essentials
LandWare, Inc.
www.landware.com
A solitaire version of the popular mah-jongg game based on Activision's Shanghai Mah-Jongg series.
Shanghai Pocket Essentials (above)
Finalists
BrickSlider
www.ballshooter.com
The Emperor's Mahjong
www.hexacto.com
* * *
Racing
WINNER
Gangsta Race
Garga Games
www.gargagames.com
A speed-and-skill action race game with variable gameplay. You can race on 10 original tracks in world-famous locations.
Gangsta Race (above)
Finalists
Motocross Stunt Racer
www.dig-concepts.com
* * *
Role Playing
WINNER
Everquest: Attack On Qeynos
Sony Online Entertainment, Inc.
http://eqpocket.station.sony.com
Take on the role of an adventurer whose goal is to rescue the city of Qeynos from a betrayal by its Gnoll neighbors.
Everquest: Attack On Qeynos (above)