Re: Microsoft's security initiatives
Folks, let's review what a firewall is supposed to do.
Consider desktop (meaning not Mobile) Windows. Its IP stack has a number of
listening sockets--ports that are open and waiting for incoming connections.
For instance: RPC portmapper on 135/tcp, various NetBIOS components on
137/udp and 138/udp and 139/tcp, plus a few others.
If you connect this computer to the Internet, you really don't want it to
accept any incoming connections on these ports. The purpose of a firewall is
to block unsolicited inbound traffic. Without a firewall, you have no
control over what someone might hurl at your network connection. A firewall
gives you this control. When the firewall is configured, the only traffic
that enters your computer is reply traffic to outbound requests. (Plus, you
could write rules to permit inbound traffic to certain ports, if you want.)
What if the IP stack had *no* listening sockets? Well, that stack wouldn't
need a firewall. There's nothing there for a firewall to protect. Firewalls
protect stacks by blocking inbound traffic to listening sockets. If there
are no listening sockets, firewalls are useless.
The stack in Windows Mobile is this kind of stack. It has no listening
sockets. The only traffic that enters the stack is reply traffic--which all
firewalls permit anyway. Because of its design, the Windows Mobile stack
doesn't require a firewall. Save your money (and memory and CPU
power)--don't install one.
JJ, a firewall isn't a panacea. It can't stop every kind of attack. I can't
comment on the troubles that you seem to be having (and, like the others
here, my WM device is always connected to the network and hasn't had a
single problem) -- but I can assure you that a firewall wouldn't have
helped.
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
"Jorge" <Jorge@discussions.microsoft.com> wrote in message
news:537A36E4-3BEB-48CE-B6C9-7A5C8D584892@microsoft.com...
> Agree... I don´t know how Windows mobile implements tcp/ip security, but
> it
> should implement some kind of firewall.
>
> If it has or not, I don't know. However, most development is done on .net
> which is a less vulnerable platform to be succesfully "hacked" from
> outsiders.
>
> If your wireless is on, it will still drain your battery... The firewall
> should check if packages are allowed or not.
>
> Here is something you may want to look at. Just did a google search.
>
> http://www.mobilearmor.com
>
> "JJ" wrote:
>
>> I bought a Windows Mobile 5 device since the only carrier that had a
>> Windows
>> Mobile 6 device did not have Wi-Fi capability on that device (at least,
>> at
>> the time I bought my device).
>>
>> All carriers in Canada still sell Windows Mobile 5 devices.
>>
>> And the attack surface shouldn't be the criteria that warrants a
>> firewall.
>> Any device connected to the Internet must be protected by a firewall.
>>
>> JJ
>>
>> "Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:
>>
>> > At this point in time the attack surface of such a device is such that
>> > you are probably the one and only person I've ever seen report
>> > "intrusions" on such a device.
>> >
>> > Even Fsecure that has a a/v for mobile apps have stated that they've
>> > not
>> > seen many in the wild (if at all that I recall)
>> >
>> > The best way to prove true "intrusions" is to fire up some sort of
>> > packet sniffer.
>> >
>> > Furthermore WinMobile 6 is out. 5 is now out of date.
>> >
>> > JJ wrote:
>> > > OK. While I was connected to the Internet with the always-on
>> > > connection at
>> > > first(rather than Wi-Fi), the intrusions would start up applications
>> > > on my
>> > > device, start-up Wi-Fi access, which caused the battery level to
>> > > drop, etc.
>> > >
>> > > Are those intrusions adequate to warrant your support?
>> > >
>> > > And even if the attacks did not occur, which they did, I would still
>> > > blame
>> > > Microsoft for not bundling a firewall with Windows Mobile 2005.
>> > >
>> > > "Alun Jones" wrote:
>> > >
>> > >> I think Paul's point was to ask you to be specific about one or more
>> > >> such
>> > >> "attacks".
>> > >>
>> > >> So far, all you've said is that something vague has happened, and
>> > >> you blame
>> > >> Microsoft. You're apparently looking for support in your aspersions,
>> > >> which
>> > >> is something that most people will only give if they have
>> > >> information to
>> > >> start from.
>> > >>
>> > >> Alun.
>> > >> ~~~~
>> > >>
>> > >> "JJ" <JJ@discussions.microsoft.com> wrote in message
>> > >> news:FDDD2F21-7652-4781-B084-7D88C9E62C1F@microsoft.com...
>> > >>> Well, I would call any intrusion into my Windows Mobile device an
>> > >>> attack.
>> > >>> Wouldn't you?
>> > >>>
>> > >>> "Paul Smith" wrote:
>> > >>>
>> > >>>> "JJ" <JJ@discussions.microsoft.com> wrote in message
>> > >>>> news:CB4EE328-CDD3-4C03-BA1E-CFB3726D8EA3@microsoft.com...
>> > >>>>
>> > >>>>> I recently bought a Windows Mobile 2005 device. I use it to
>> > >>>>> connect to
>> > >>>>> the
>> > >>>>> Internet and check my email, check stock quotes, etc. And I was
>> > >>>>> attacked
>> > >>>>> every time I connected. So, I've now disabled the Internet
>> > >>>>> connection
>> > >>>>> feature
>> > >>>>> that comes with the device and only use Wi-Fi to connect. This
>> > >>>>> way, I
>> > >>>>> don't
>> > >>>>> have an always-on connection to the Internet. I can turn off
>> > >>>>> Wi-Fi
>> > >>>>> access
>> > >>>>> when I don't need it.
>> > >>>> What do you mean you were "attacked"?
>> > >>>>
>> > >>>> --
>> > >>>> Paul Smith,
>> > >>>> Yeovil, UK.
>> > >>>> Microsoft MVP Windows Shell/User.
>> > >>>> http://www.dasmirnov.net/blog/
>> > >>>> http://www.windowsresource.net/
>> > >>>>
>> > >>>> *Remove nospam. to reply by e-mail*
>> > >>>>
>> > >>>>
>> > >>>>
>> > >>
>> > >>
>> > 