Is the Handheld PC really Anti-Virus?
Chris Tilley | Editor-in-Chief
Windows CE is an interesting breed. It is only two years younger than the desktop Win32 (on which Windows XP is based), and yet unlike its more widespread counterpart there has not been a single destructive virus, worm, Trojan, hijack or exploit in its entire history. This is a record that Windows XP can only dream of.
So what is the secret of Windows CE’s security success? It goes without saying that CE is written no better (or worse) than its desktop counterpart. Both products came out of the same Microsoft coding policy; later generations of both operating systems are products of the Microsoft Secure Programming initiative and on the face of it, many of the API’s involved are almost identical.
The real success behind Windows CE’s security and its trustworthiness is a disparity between common sense and good luck. Windows CE has proven more trustworthy because mobile devices are traditionally disconnected, have a small footprint, experience fast turnover, and come from a multi-processor heritage.
As an embedded operating system the entire ethos of the platform is to minimise the devices footprint, as a result Windows CE lives up to its name as an Embedded Operating System. Due to the expectation that the hardware is limited in memory, and that it will only serve as a client device, system developers are not offered a number of the familiar system services which they provide for mainstream Windows. Those that have been carried over are scaled down, restricted and reduced API versions of their larger counterparts. What this means in practice is that with a Windows CE device, there are far fewer ways in which it can be attacked. The system is listening on far fewer communication ports than Win32, and, crucially, the network layer is exclusively one way - this is why you cannot access your Handheld PC from another PC over a network file share.
Of the entire series of publicly acknowledged mainstream Windows exploits over the last couple of years, the majority fall into three categories.
While service exploits, particularly in the RPC service have proven the most high profile and embarrassing for Microsoft, it is Internet Explorer that is by far the most troublesome part of the Microsoft mix.
E-mail scripting exploitation are likewise all the more difficult, since the native Inbox client is disconnected from the scripting capabilities of Internet Explorer. Infection through e-mail becomes a matter of getting the user to run an application in an attachment, instead of getting them to click on a link or open a message.
Out With The Old
The next problem for the prospective virus writer is the generational change between CE devices. With every step in the platform release cycle, and even the core release cycle, Microsoft make significant changes to the underlying operating system. Any Windows CE user who has upgraded through several generations of device will know that ultimately there are going to be programs that cease operating. Whether we like it or not, PDAs are still something of a niche market - particularly the H/PC, reducing the potential scope for an attack. Although device volumes have increased drastically over the last two years, seeing Microsoft emerge ahead of Palm for the first time, their dominance has been enshrined over several platform releases. Historically Microsoft announces a platform release every 12 months and delivered one on average every 18 months. Once that happens, older models become obsolete, the already small target device yield falls and malicious coders have to seek new exploits, write new code and find new delivery systems in order to target the latest platform.
One cannot discuss security on an embedded platform without looking at the sociological safeguards. Windows CE has traditionally been a disconnected platform. In the past, if a device was connected to the Internet at all, it was for short periods of time, and over very slow connections. The connectivity model has changed markedly in recently years; however, the fact remains that the majority of users will remain disconnected the majority of the time. Having targets that are disconnected for extended periods rules out mobile devices as an appealing target for Trojan and most worm writers, as they will ultimately have little to no access to the device for their mischief.
The Uniformal ARM
Before the end of 2001 there was an additional turn-off to wannabe virus writers. It may be simple to write a virus for the x86 PC and wreak havoc because there is a chance you are knowledgeable in that processors architecture. Before the release of Pocket PC 2002, the volume of Windows CE based devices was shared among a number of different processor architectures. For every processor architecture introduced, be it StrongARM, SH3, or MIPS, a completely different set of code is required and, in the case of G1L, a completely different programming method.
After the 2001 release of Pocket PC 2002, Microsoft changed tactic and began to push for a unified processor standard. This standard became the SA1100 architecture – better known as StrongARM - and its hybridised successor the PXA250, aka XScale. The move in all but Core OS releases consolidated the resources of the Windows CE developer base, reducing many of the problems in compiling and testing which had dogged Windows CE from its early days. Conversely, the move ushered in the first steps at getting CE noticed as a viable target, with its consumer popularity blossoming to new heights.
Windows Mobile 5.0 Closes Doors
With the release of Windows Mobile 5.0, it should also be noted that Microsoft is in a far better position to respond to any significant threat opened up by the increasing use of network and wide-area network connectivity. Unlike previous versions, where a patch was a intrusive drain on precious ‘Storage Memory’ resources, or a difficult, expensive (for the OEM) and often risky image re-flash, Windows Mobile 5.0 allows for patches to be dynamically be integrated into the FlashROM. Such a facility should, if ever needed to be called into use, rapidly reduce the time it has traditionally taken to get Microsoft and OEM’s to respond to CE security problems. It is far cheaper and safer for the end user, and therefore in the best interest of the OEM to provide the update. Distribution outlets could be issued with alerts ensuring that they provide the buyer with knowledge of the update at the point of sale – or even apply it for them. This will help stop malicious exploits dead in their tracks.
Windows CE: The Windows Without The Danger
If you are a Windows CE user, then you should feel pretty safe in your mobile computing lifestyle. Firstly, there is far less to go wrong, and it is also far less likely that someone will attempt to exploit or attack your PDA to begin with.
Windows CE remains an exceptionally safe platform. There were no newly reported virus or Trojan activities during 2005 and so far this year, just as was the case during 2003 and 2002. The flurry of warnings that made headlines in 2004 were the exception, not the rule.
There is a real and credible threat to Windows CE right now, for any generation of device and for any user. Anti-virus companies realised early on that the biggest threat to the PDA is from a Trojan. Unlike most system Trojans however, it is the device itself which acts as the mule. Windows CE may be oblivious to the presence of malicious code lurking in the recesses of your device, but the PC you synchronise with every day certainly is not. If you synchronise mobile content, surf the web, download files or even sync your PIM you are opening up a trusted connection between two systems, and in the absence of credible security software, what passes between the two can potentially be anything but inviting.
The risks outlined here are currently negligible, but that situation can change overnight; and with it the face of mobile computing.
So we must fall back onto the old adage that prevention is the best form of cure.
I am not an advocate of using Anti-virus scanners on PDA class devices. It’s detrimental to battery life, and in the modern age of solid-state storage chips and FlashRAM, repeated scanning of the storage area may not be ideal for preserving the life span of your investment. I prefer to rely on a host solution, one that will monitor the sync transfers, provide heuristic scanning capabilities, and can make use of the greater resources of the PC for easier scans of the PDA. For future generations of always-connected Windows CE devices however, it may not be this straight forward, and the ideal may in itself have to be - through necessity - relegated to the day-dreamers dustbin.
In the meantime, no matter what breed of device you use, you should take advantage of the security capabilities already built into your device. Ensure that your important data is backed up, and sync with a host PC regularly. Protect your device. No matter how much the mobile community changes in response or reaction to what lies ahead, the biggest security threat to your PDA will never be from the incorrigible virus writer, or the hords of script kiddies which plague the good repuation of the Internet. The real danger is from the opportunist, the reprobate who snatches the device off the table and heads off at a sprint while you are sipping coffee in a café on a lazy summer afternoon.
Want to let us know what you think of this article? Click here to have your say in the Forums!