Quick (and possibly stupid) question; would it be safe enough to enter account and password details for sites browsing on the Diamond?
On my desktop computer, I have a firewall, antivirus and spamscanners, so I feel relatively safe. But other than the physical router, what security do I have while browsing on the Diamond? Has anybody had any problems? Or are keyloggers, spam and virusses still not available for Windows Mobile devices?
Cheers,
FTrippie
firewall would be a useful addition to your software
A little while ago there was some discussion about virus threats etc on PDA's.
I wrote a little on the subject then:
http://forum.xda-developers.com/archive/index.php/t-334389.html
You can buy products like the McAfee Mobile Security suite which has a lot of protection (although it has no formal accreditation).
It is about understanding the range of threat vectors that you leave open. If you understand these you can make an informed decision on what an acceptable level of risk is.
There are many ways to attack a PDA...too many to list in this post.
It is quite easy to launch a subnet attack on a PDA from a SIM in a 3G laptop - A local fw sensibly configured will protect against most subnet attacks.
AV protection will protect against the few virus threats that exist today
Sensible usage and connection procedures will protect against most attack types.
I think that at the moment the real risk to you is low but you always need to review the threats in the market (Start with a google search on WM threats).
If you store credentials then they could be extracted but I have come across no real instances of this as yet. Having said that I would not use my PDA to purchase items online.
Credentials stored on a PDA are at greater risk of compromise than those on a laptop say as the OS is not as sophisticated and it is easy to extract key data even after a hard reset...not to mention the access password is easier to gain by video than a laptops...
All the best,
Sam.
Thanks Sam,
Quite clear. I understand the danger of storing stuff, even on laptops and desktop I prefer to keep them encrypted, even more so on the PDA.
But yes, my main concern is web browsing. I would like to check into bank sites, webmail and those kind of things which all require logging in.
Cheers,
FTrippie
Related
Hi,
I've been thinking to set up my own exchange server. i looked into it, but it seems pretty hard. Does anybody have a good step-by-step installation guide. most guides assume a complete network infrastructure is already in place, but for me that is not the case.
once exchnage is working i found this thrad to set up push email.
http://forum.xda-developers.com/viewtopic.php?t=45008
the first question I have for you is do you have a static IP from your ISP??
If so then you are in really good shape
you also need a domain name
a copy of server 2003
a copy of exchange 2003 sp2
madcow_mda said:
Hi,
I've been thinking to set up my own exchange server. i looked into it, but it seems pretty hard. Does anybody have a good step-by-step installation guide. most guides assume a complete network infrastructure is already in place, but for me that is not the case.
once exchnage is working i found this thrad to set up push email.
http://forum.xda-developers.com/viewtopic.php?t=45008
Click to expand...
Click to collapse
That would be quite an undertaking. Don't think this is the right forum though...
You will need a static IP, true. SBS 2003 would be your most cost effective solution. Typically a dual proc computer with 2GB ram, good firewall with antivirus recomended. Then as mentioned you need a domain name, configure your MX record and reverse DNS. There's step-by-step guides readily available. Not really rocket science but I do it for a living. For the average Joe I'd suggest going with a hosted Exchange account.
Steven
Alright I will put up my 2 cents. First I don't want to insult any of the other answers you got, sorry if I do.
1. You should find a different forum, a book, and an online tutorial.
2. You need a PC that can run server 2003. If this is not going to be a production server (if its just for you to play with) then you don't need all that muscle. I have run 2003 on a 500mhz machine with 256 or 512 of ram (can't recall) It was a domain controller and mail server (this was just to play with obviously, NOT FOR PRODUCTION) Also ATLEAST a 20GB HD although I think you could do it with 10GB (but don't unless you HAVE to)
3. You don't NEED a static IP, although it would make things easier. You can use a DDNS service to help get around the static IP (DDNS = Dynamic Domain Name Service). I can't recommend any because I have never used them but GOOGLE will prove useful for finding a keeper.
4. A domain name will be nessacary if you use DDNS (if you have a static IP then theoretically you could access the Exchange server by IP address *I have never done that so that's why it theoretical.) You can get a domain name VERY cheap nowadays. I think http://www.godaddy.com had good pricing last time I checked.
5. SBS (Small Business Server) 2003 would do you just fine. However 2003 standard and Exchange will also work fine. You can always get SP2 for exchange on Microsoft's web site.
I think that's what you would need (I may have over looked something) to get started. After that just some dedication and research and you will be up and running in no time.
Have Fun; Lew
P.S. I'm not responsible for you breaking anything you may break while attempting this project (and all that good stuff.) This includes your Wizard, your "server", your internet connection, any nearby cars, or your relationships. That being said I have never seen any of that happen (except for of course loosing a relationship while setting up a large corporate Active Directory and Exchange server farm, this I HAVE seen.)
Well written Lew. Curious on point 4 however as MX records must point to the FQDN of a valid A record per RFC's ...
I do concur on the rest though. I've done this on older computers... sometimes I just forget where I am (and what I've got to support)
Steven
(and you did answer this much better than I)
Now that you mention it, your right. You do need a Domain name. I forgot about the MX pointer. MX records are part of DNS that points to the authorized mail server for the domain name. It points at an established "A" record. So you will need a Domain name =)
Thanx for pointing that out Dr Puttingham, I forgot about that.
Later; Lew
lew you did cover all of the necessary items but as far as the static is concerned I said you needed one because those ddns services are not as good as most people think as I have looked into it and also configured them and most require additional fees based on bandwith and other requirements
also server will run on a laptop too
being in the military we have had to make d600's servers due to lack of equipment
hmmm thanks for all the replys. that does sound like a hell of lot of figurin out that i have to do.
but one thing? if i register at www.dyndns.org and i have a name like something.homeftp.org then isn't that my domain? i alwys thought so, but im getting the idea that this is not the case.
i have an account there to access my ftp server, but now i have a windows mobile 5 device and i would like to sync over internet and an exchange server is the only option.
furthermore:
im planning on running it one a PIII600 with 512MB RAM and 40GB. since the only thing it will be doing is exchange and ftp. i have been looking at some guides, but none so far seem to have a router implemented. they all use large servers. will it be a problem if the server is behind my router? (i know i can turn the server into a router by adding a second network card, but i would like to use the wireless capabilities of my router)
o yeah, which forums would you suggest?
Well, I'd go with SBS 2003 Standard Edition as it's about $500 or $600. Seperately Standard Server 2003 and Exchange 2003 cost about that much. You get get a 180 day trial evaluation copy from http://www.microsoft.com/windowsserver2003/sbs/evaluation/trial/default.mspx
Yes you'd typically keep the server behind the router and open up a few ports on the router. You can definetly use the PIII600 but don't forget the antivirus!
Good tech docs are at http://www.microsoft.com/windowsserver2003/sbs/techinfo/productdoc/default.mspx but there's also alot more you can find Googling.
I personally hang out at http://groups.yahoo.com/group/exchange-2003/
Once again I'd look into a Hosted Exchange though ....
That's all the info I can really offer here on this forum, hope I was of some help.
Steven
This time I’m asking for help
As you probably know, in real life, I’m an IT consultant giving advice to companies on networking architectural, databasing, TCP/IP, programming and last but not least mobile computing questions.
My new task is giving advice (writing a complete booklet on) on in which direction a given company should go: Microsoft Terminal Servers (with, possibly, Citrix Metaframe) or just “webizing” their in-house, custom-written current applications (whenever possible) - that is, converting it to be Web/ client-side (Ajax / JavaScript / ActiveX) and server-side (Java / ASP etc.).
For this, I’m looking for case studies. For the two distinct cases, I’ve found several case studies (that is, I don’t really need case studies that only discuss why a given company abandoned fat clients and went for, say, Citrix); I’d still need case studies that directly compare the two alternates and explain why a given company decided for one or the other and what influenced their decisions.
That is, if you know of, for example, magazine articles or anything of interest in this very subject (that is, preferably unbiased comparison of the full MS Terminal Server / Citrix solution to converting local apps to run off the Web and using “thin” Web browsers to access them in the company), I’d be highly grateful if you could share it with me – hope I haven’t run into it so far. Just a URL would be sufficient.
I am gonna go independent soon (fingers crossed) and will need to contact say about 1000 potential clients, partners and associates. I have the contacts and know most of them, yet I need a system to log, record the main points and the ability to follow-up w/o embarassing mishaps, basically, a small CRM system.
I have never worked with a proper CRM systems, although I have made some primitive Excel or Word tables for this purpose.
Wonder if there is a decent CRM system for a small database of clients, preferably free and accesible by both PC and mobile devices. Guess this can be on a web-site hosting this kind of things (I know there are sites that allow you to have an on-line poll of groups of people, so something like this).
Anyone?
i notice that unf u didnt get a reply to this...did u find any solution? i have exactly the same issue and cant find a decent solution!?
Is there possible software out there in the form of our cab install files that are spyware? Is it possible for people to see what we are doing in our phones and pocketpcpdas? like a logging tracking type of software imbeded in our device which tells people what we are doing? what we are downloading..etc..etc..just like how the government can listen to our phone calls. Are possibley our favorite applications such as microsoft live/live search ot tomTom7 tracking software which is telling companies or the government what we are doing on our devices? like how Skyfire can log what you are doing with their web browser through their servers...
....just wanted to know if its possible and has anybody heard of such things
There have been trojans in the wild for pocket pc - the Brador.A trojan did open a backdoor exploit to allow remote access to a device. And there have been other nasty things for Palm.
But, they've been really rare, and mostly proof of concept kind of things. I'd say the far greater risk is that, if you use *.exe installers from your desktop or laptop to put software on your mobile, that the desktop or laptop could become infected by something seeded in the *.exe file.
So, always scan any installers, ideally as you download (ie. with and AV app integrated with your browser, like Norton) before you execute them. When docked to your PC, you can also scan your mobile - I use Vista on one of my machines at home, and dock my Tilt to it without setting it up, so it's just like any other mass storage device. Norton will scan it like any other drive or storage device.
moegdaog said:
Is there possible software out there in the form of our cab install files that are spyware? Is it possible for people to see what we are doing in our phones and pocketpcpdas? like a logging tracking type of software imbeded in our device which tells people what we are doing? what we are downloading..etc..etc..just like how the government can listen to our phone calls. Are possibley our favorite applications such as microsoft live/live search ot tomTom7 tracking software which is telling companies or the government what we are doing on our devices? like how Skyfire can log what you are doing with their web browser through their servers...
....just wanted to know if its possible and has anybody heard of such things
Click to expand...
Click to collapse
While this is not "spyware" it certainly does what spyware would do - right? report without your knowing it what the phone user was doing?
http://www.pocketpc-live.com/pocketpc-softwares/ultimate-theft-alert-v3-for-pocket-pcs.html
Bill
Yep... but usually it's yourself installing that thing so I wouldn't qualify it as spyware...
Unless someone grabs your phone from you and installs the software against you without you knowing it
Anything is possible when you put your mind to it. I bet if you talked to enough coders you'd find one that would help you write Spyware.
Possible? Yes. Probable? No.
o ok..just wanted to get some general knowledgeon this subject cuz i would hate to have to worry about trojans on my pda maaan.
moegdaog said:
o ok..just wanted to get some general knowledgeon this subject cuz i would hate to have to worry about trojans on my pda maaan.
Click to expand...
Click to collapse
Now - Let's say that you were oh say Chinese - and that you knew that LOTS of foreigners were coming over for say - oh - a lot of games - would you PAY someone to put spyware on their phones?
hmmmm. . . MAYBE...
Just a thought...
Bill
I've tried my best to search the forums for this topic, either there really aren't any topics regarding this, or I'm just really incompetent!
Well as the title suggests, I'm looking for a web filtering/content monitoring application that will filter out inappropriate sites browsed on my Kaiser. You can never be safe on the net, especially with kids advancing at such a scary rate. Been searching the net (google) for something made for windows mobile, but zilch. I've also been looking for something that could possibly filter the entire network, but it's usually one of those that you need to install on each machine, which still doesn't address the problem.
Any help will be appreciated, or maybe this is something to think about for your next app!
Cheers
Never used these myself but here's a few links to get you started:
http://handheld.softpedia.com/get/Security/Utilities/SMobile-Security-Shield-Parental-Controls-Edition--Windows-Mobile--77635.shtml
http://free-parental-control-filter.parentaltools-net.qarchive.org/
i can't suggest something for your exact requirements at the moment...
i was thinking, though, that you could set up your device to prompt for a PIN (known only to you) before unlocking the screen for general use. of course, this suggestion is meaningless for you if you want to let your kids use the phone (play games, etc) but still control the content viewed in browsers...