Microsoft's security initiatives

For all the hoopla Microsoft puts out about delivering more secure software,
I don't think they deserve any credit.

I recently bought a Windows Mobile 2005 device. I use it to connect to the
Internet and check my email, check stock quotes, etc. And I was attacked
every time I connected. So, I've now disabled the Internet connection feature
that comes with the device and only use Wi-Fi to connect. This way, I don't
have an always-on connection to the Internet. I can turn off Wi-Fi access
when I don't need it.

Now, everyone knows that any device connected to the Internet should have
atleast a firewall on it. Why didn't Microsoft bundle a firewall with Windows
Mobile 2005? Windows XP was released in 2001 and it had a firewall. So,
Microsoft only makes secure products if the product is very popular and is
under intense scruitiny by the press and the public at large.

For that matter, I recently read that MP3s introduce vulnerabilities into
Windows Media Player and other MP3 rendering software. I listen to MP3s on
Windows Media Player while I work. I think this is why my Windows Vista
Ultimate desktop, which has Norton Internet Security 2007 installed on it,
behaves strangely like IE using over 90+MB of memory, etc. I have to reboot
all the time because after a while of use, I experience problems like not
being able to open dialog boxes, context menus not working, etc.

Get it together, Microsoft.

"JJ" <JJ@discussions.microsoft.com> wrote in message
news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com...

> I recently bought a Windows Mobile 2005 device. I use it to connect to the
> Internet and check my email, check stock quotes, etc. And I was attacked
> every time I connected. So, I've now disabled the Internet connection
> feature
> that comes with the device and only use Wi-Fi to connect. This way, I
> don't
> have an always-on connection to the Internet. I can turn off Wi-Fi access
> when I don't need it.

What do you mean you were "attacked"?

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.dasmirnov.net/blog/
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*

Well, I would call any intrusion into my Windows Mobile device an attack.
Wouldn't you?

"Paul Smith" wrote:

> "JJ" <JJ@discussions.microsoft.com> wrote in message
> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com...
>
> > I recently bought a Windows Mobile 2005 device. I use it to connect to the
> > Internet and check my email, check stock quotes, etc. And I was attacked
> > every time I connected. So, I've now disabled the Internet connection
> > feature
> > that comes with the device and only use Wi-Fi to connect. This way, I
> > don't
> > have an always-on connection to the Internet. I can turn off Wi-Fi access
> > when I don't need it.
>
> What do you mean you were "attacked"?
>
> --
> Paul Smith,
> Yeovil, UK.
> Microsoft MVP Windows Shell/User.
> http://www.dasmirnov.net/blog/
> http://www.windowsresource.net/
>
> *Remove nospam. to reply by e-mail*
>
>
>

I think Paul's point was to ask you to be specific about one or more such
"attacks".

So far, all you've said is that something vague has happened, and you blame
Microsoft. You're apparently looking for support in your aspersions, which
is something that most people will only give if they have information to
start from.

Alun.
~~~~

"JJ" <JJ@discussions.microsoft.com> wrote in message
news:FDDD2F21-7652-4781-B084-7D88C9E62C1F@microsoft.com...
> Well, I would call any intrusion into my Windows Mobile device an attack.
> Wouldn't you?
>
> "Paul Smith" wrote:
>
>> "JJ" <JJ@discussions.microsoft.com> wrote in message
>> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com...
>>
>> > I recently bought a Windows Mobile 2005 device. I use it to connect to
>> > the
>> > Internet and check my email, check stock quotes, etc. And I was
>> > attacked
>> > every time I connected. So, I've now disabled the Internet connection
>> > feature
>> > that comes with the device and only use Wi-Fi to connect. This way, I
>> > don't
>> > have an always-on connection to the Internet. I can turn off Wi-Fi
>> > access
>> > when I don't need it.
>>
>> What do you mean you were "attacked"?
>>
>> --
>> Paul Smith,
>> Yeovil, UK.
>> Microsoft MVP Windows Shell/User.
>> http://www.dasmirnov.net/blog/
>> http://www.windowsresource.net/
>>
>> *Remove nospam. to reply by e-mail*
>>
>>
>>

OK. While I was connected to the Internet with the always-on connection at
first(rather than Wi-Fi), the intrusions would start up applications on my
device, start-up Wi-Fi access, which caused the battery level to drop, etc.

Are those intrusions adequate to warrant your support?

And even if the attacks did not occur, which they did, I would still blame
Microsoft for not bundling a firewall with Windows Mobile 2005.

"Alun Jones" wrote:

> I think Paul's point was to ask you to be specific about one or more such
> "attacks".
>
> So far, all you've said is that something vague has happened, and you blame
> Microsoft. You're apparently looking for support in your aspersions, which
> is something that most people will only give if they have information to
> start from.
>
> Alun.
> ~~~~
>
> "JJ" <JJ@discussions.microsoft.com> wrote in message
> news:FDDD2F21-7652-4781-B084-7D88C9E62C1F@microsoft.com...
> > Well, I would call any intrusion into my Windows Mobile device an attack.
> > Wouldn't you?
> >
> > "Paul Smith" wrote:
> >
> >> "JJ" <JJ@discussions.microsoft.com> wrote in message
> >> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com...
> >>
> >> > I recently bought a Windows Mobile 2005 device. I use it to connect to
> >> > the
> >> > Internet and check my email, check stock quotes, etc. And I was
> >> > attacked
> >> > every time I connected. So, I've now disabled the Internet connection
> >> > feature
> >> > that comes with the device and only use Wi-Fi to connect. This way, I
> >> > don't
> >> > have an always-on connection to the Internet. I can turn off Wi-Fi
> >> > access
> >> > when I don't need it.
> >>
> >> What do you mean you were "attacked"?
> >>
> >> --
> >> Paul Smith,
> >> Yeovil, UK.
> >> Microsoft MVP Windows Shell/User.
> >> http://www.dasmirnov.net/blog/
> >> http://www.windowsresource.net/
> >>
> >> *Remove nospam. to reply by e-mail*
> >>
> >>
> >>
>
>
>

"JJ" <JJ@discussions.microsoft.com> wrote in message
news:2164F40A-FC10-421A-81BD-2F62B03BE664@microsoft.com...
> OK. While I was connected to the Internet with the always-on connection at
> first(rather than Wi-Fi), the intrusions would start up applications on my
> device, start-up Wi-Fi access, which caused the battery level to drop,
> etc.
>
> Are those intrusions adequate to warrant your support?

I'd recommend posting to microsoft.public.smartphone or
microsoft.public.pocketpc.

This isn't something I've come across, my WM2005 device is always connected
over GPRS and I've never had any issues.

--
Paul Smith,
Yeovil, UK.
Microsoft MVP Windows Shell/User.
http://www.dasmirnov.net/blog/
http://www.windowsresource.net/

*Remove nospam. to reply by e-mail*

"...I would still blame Microsoft for not bundling a firewall..."
What in the Microsoft advertising indicated there was a firewall or
equivalent included?

Have you also installed any applicable updates?
For computers, quite often an update will prevent issues where the
firewall is either nonexistent or disabled.
Blaster from a few years ago is a good example.

Try one of the newsgroups for portable devices such as yours:
http://aumha.org/nntp.htm

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


"JJ" <JJ@discussions.microsoft.com> wrote in message
news:2164F40A-FC10-421A-81BD-2F62B03BE664@microsoft.com...
> OK. While I was connected to the Internet with the always-on
> connection at
> first(rather than Wi-Fi), the intrusions would start up applications
> on my
> device, start-up Wi-Fi access, which caused the battery level to
> drop, etc.
>
> Are those intrusions adequate to warrant your support?
>
> And even if the attacks did not occur, which they did, I would still
> blame
> Microsoft for not bundling a firewall with Windows Mobile 2005.
>
> "Alun Jones" wrote:
>
>> I think Paul's point was to ask you to be specific about one or
>> more such
>> "attacks".
>>
>> So far, all you've said is that something vague has happened, and
>> you blame
>> Microsoft. You're apparently looking for support in your
>> aspersions, which
>> is something that most people will only give if they have
>> information to
>> start from.
>>
>> Alun.
>> ~~~~
>>
>> "JJ" <JJ@discussions.microsoft.com> wrote in message
>> news:FDDD2F21-7652-4781-B084-7D88C9E62C1F@microsoft.com...
>> > Well, I would call any intrusion into my Windows Mobile device an
>> > attack.
>> > Wouldn't you?
>> >
>> > "Paul Smith" wrote:
>> >
>> >> "JJ" <JJ@discussions.microsoft.com> wrote in message
>> >> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com...
>> >>
>> >> > I recently bought a Windows Mobile 2005 device. I use it to
>> >> > connect to
>> >> > the
>> >> > Internet and check my email, check stock quotes, etc. And I
>> >> > was
>> >> > attacked
>> >> > every time I connected. So, I've now disabled the Internet
>> >> > connection
>> >> > feature
>> >> > that comes with the device and only use Wi-Fi to connect. This
>> >> > way, I
>> >> > don't
>> >> > have an always-on connection to the Internet. I can turn off
>> >> > Wi-Fi
>> >> > access
>> >> > when I don't need it.
>> >>
>> >> What do you mean you were "attacked"?
>> >>
>> >> --
>> >> Paul Smith,
>> >> Yeovil, UK.
>> >> Microsoft MVP Windows Shell/User.
>> >> http://www.dasmirnov.net/blog/
>> >> http://www.windowsresource.net/
>> >>
>> >> *Remove nospam. to reply by e-mail*
>> >>
>> >>
>> >>
>>
>>
>>

At this point in time the attack surface of such a device is such that
you are probably the one and only person I've ever seen report
"intrusions" on such a device.

Even Fsecure that has a a/v for mobile apps have stated that they've not
seen many in the wild (if at all that I recall)

The best way to prove true "intrusions" is to fire up some sort of
packet sniffer.

Furthermore WinMobile 6 is out. 5 is now out of date.

JJ wrote:
> OK. While I was connected to the Internet with the always-on connection at
> first(rather than Wi-Fi), the intrusions would start up applications on my
> device, start-up Wi-Fi access, which caused the battery level to drop, etc.
>
> Are those intrusions adequate to warrant your support?
>
> And even if the attacks did not occur, which they did, I would still blame
> Microsoft for not bundling a firewall with Windows Mobile 2005.
>
> "Alun Jones" wrote:
>
>> I think Paul's point was to ask you to be specific about one or more such
>> "attacks".
>>
>> So far, all you've said is that something vague has happened, and you blame
>> Microsoft. You're apparently looking for support in your aspersions, which
>> is something that most people will only give if they have information to
>> start from.
>>
>> Alun.
>> ~~~~
>>
>> "JJ" <JJ@discussions.microsoft.com> wrote in message
>> news:FDDD2F21-7652-4781-B084-7D88C9E62C1F@microsoft.com...
>>> Well, I would call any intrusion into my Windows Mobile device an attack.
>>> Wouldn't you?
>>>
>>> "Paul Smith" wrote:
>>>
>>>> "JJ" <JJ@discussions.microsoft.com> wrote in message
>>>> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com...
>>>>
>>>>> I recently bought a Windows Mobile 2005 device. I use it to connect to
>>>>> the
>>>>> Internet and check my email, check stock quotes, etc. And I was
>>>>> attacked
>>>>> every time I connected. So, I've now disabled the Internet connection
>>>>> feature
>>>>> that comes with the device and only use Wi-Fi to connect. This way, I
>>>>> don't
>>>>> have an always-on connection to the Internet. I can turn off Wi-Fi
>>>>> access
>>>>> when I don't need it.
>>>> What do you mean you were "attacked"?
>>>>
>>>> --
>>>> Paul Smith,
>>>> Yeovil, UK.
>>>> Microsoft MVP Windows Shell/User.
>>>> http://www.dasmirnov.net/blog/
>>>> http://www.windowsresource.net/
>>>>
>>>> *Remove nospam. to reply by e-mail*
>>>>
>>>>
>>>>
>>
>>

"What in the Microsoft advertising indicated there was a firewall or
equivalent included?"

Please read my first post under this topic.

JJ

"Jupiter Jones [MVP]" wrote:

> "...I would still blame Microsoft for not bundling a firewall..."
> What in the Microsoft advertising indicated there was a firewall or
> equivalent included?
>
> Have you also installed any applicable updates?
> For computers, quite often an update will prevent issues where the
> firewall is either nonexistent or disabled.
> Blaster from a few years ago is a good example.
>
> Try one of the newsgroups for portable devices such as yours:
> http://aumha.org/nntp.htm
>
> --
> Jupiter Jones [MVP]
> http://www3.telus.net/dandemar
> http://www.dts-l.org
>
>
> "JJ" <JJ@discussions.microsoft.com> wrote in message
> news:2164F40A-FC10-421A-81BD-2F62B03BE664@microsoft.com...
> > OK. While I was connected to the Internet with the always-on
> > connection at
> > first(rather than Wi-Fi), the intrusions would start up applications
> > on my
> > device, start-up Wi-Fi access, which caused the battery level to
> > drop, etc.
> >
> > Are those intrusions adequate to warrant your support?
> >
> > And even if the attacks did not occur, which they did, I would still
> > blame
> > Microsoft for not bundling a firewall with Windows Mobile 2005.
> >
> > "Alun Jones" wrote:
> >
> >> I think Paul's point was to ask you to be specific about one or
> >> more such
> >> "attacks".
> >>
> >> So far, all you've said is that something vague has happened, and
> >> you blame
> >> Microsoft. You're apparently looking for support in your
> >> aspersions, which
> >> is something that most people will only give if they have
> >> information to
> >> start from.
> >>
> >> Alun.
> >> ~~~~
> >>
> >> "JJ" <JJ@discussions.microsoft.com> wrote in message
> >> news:FDDD2F21-7652-4781-B084-7D88C9E62C1F@microsoft.com...
> >> > Well, I would call any intrusion into my Windows Mobile device an
> >> > attack.
> >> > Wouldn't you?
> >> >
> >> > "Paul Smith" wrote:
> >> >
> >> >> "JJ" <JJ@discussions.microsoft.com> wrote in message
> >> >> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com...
> >> >>
> >> >> > I recently bought a Windows Mobile 2005 device. I use it to
> >> >> > connect to
> >> >> > the
> >> >> > Internet and check my email, check stock quotes, etc. And I
> >> >> > was
> >> >> > attacked
> >> >> > every time I connected. So, I've now disabled the Internet
> >> >> > connection
> >> >> > feature
> >> >> > that comes with the device and only use Wi-Fi to connect. This
> >> >> > way, I
> >> >> > don't
> >> >> > have an always-on connection to the Internet. I can turn off
> >> >> > Wi-Fi
> >> >> > access
> >> >> > when I don't need it.
> >> >>
> >> >> What do you mean you were "attacked"?
> >> >>
> >> >> --
> >> >> Paul Smith,
> >> >> Yeovil, UK.
> >> >> Microsoft MVP Windows Shell/User.
> >> >> http://www.dasmirnov.net/blog/
> >> >> http://www.windowsresource.net/
> >> >>
> >> >> *Remove nospam. to reply by e-mail*
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>

I bought a Windows Mobile 5 device since the only carrier that had a Windows
Mobile 6 device did not have Wi-Fi capability on that device (at least, at
the time I bought my device).

All carriers in Canada still sell Windows Mobile 5 devices.

And the attack surface shouldn't be the criteria that warrants a firewall.
Any device connected to the Internet must be protected by a firewall.

JJ

"Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:

> At this point in time the attack surface of such a device is such that
> you are probably the one and only person I've ever seen report
> "intrusions" on such a device.
>
> Even Fsecure that has a a/v for mobile apps have stated that they've not
> seen many in the wild (if at all that I recall)
>
> The best way to prove true "intrusions" is to fire up some sort of
> packet sniffer.
>
> Furthermore WinMobile 6 is out. 5 is now out of date.
>
> JJ wrote:
> > OK. While I was connected to the Internet with the always-on connection at
> > first(rather than Wi-Fi), the intrusions would start up applications on my
> > device, start-up Wi-Fi access, which caused the battery level to drop, etc.
> >
> > Are those intrusions adequate to warrant your support?
> >
> > And even if the attacks did not occur, which they did, I would still blame
> > Microsoft for not bundling a firewall with Windows Mobile 2005.
> >
> > "Alun Jones" wrote:
> >
> >> I think Paul's point was to ask you to be specific about one or more such
> >> "attacks".
> >>
> >> So far, all you've said is that something vague has happened, and you blame
> >> Microsoft. You're apparently looking for support in your aspersions, which
> >> is something that most people will only give if they have information to
> >> start from.
> >>
> >> Alun.
> >> ~~~~
> >>
> >> "JJ" <JJ@discussions.microsoft.com> wrote in message
> >> news:FDDD2F21-7652-4781-B084-7D88C9E62C1F@microsoft.com...
> >>> Well, I would call any intrusion into my Windows Mobile device an attack.
> >>> Wouldn't you?
> >>>
> >>> "Paul Smith" wrote:
> >>>
> >>>> "JJ" <JJ@discussions.microsoft.com> wrote in message
> >>>> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com...
> >>>>
> >>>>> I recently bought a Windows Mobile 2005 device. I use it to connect to
> >>>>> the
> >>>>> Internet and check my email, check stock quotes, etc. And I was
> >>>>> attacked
> >>>>> every time I connected. So, I've now disabled the Internet connection
> >>>>> feature
> >>>>> that comes with the device and only use Wi-Fi to connect. This way, I
> >>>>> don't
> >>>>> have an always-on connection to the Internet. I can turn off Wi-Fi
> >>>>> access
> >>>>> when I don't need it.
> >>>> What do you mean you were "attacked"?
> >>>>
> >>>> --
> >>>> Paul Smith,
> >>>> Yeovil, UK.
> >>>> Microsoft MVP Windows Shell/User.
> >>>> http://www.dasmirnov.net/blog/
> >>>> http://www.windowsresource.net/
> >>>>
> >>>> *Remove nospam. to reply by e-mail*
> >>>>
> >>>>
> >>>>
> >>
> >>
>