Modernizing Authentication — What It Takes to Transform Secure Access
Carrying a Windows Mobile 6.x-based smartphone (a.k.a. Windows Phone) doesnt bestow one with the same cachet you get from toting an iPhone or certain Android-based handsets around, but that doesnt lessen the need to keep your uncool device secure. Thats especially true given Windows Mobile 6.xs relative popularity among business users. In fact, last quarter the platform managed to outsell Windows Phone 7, its more consumer-oriented successor.
Fortunately, there are apps available that can help enhance your Windows Mobile 6.x smartphones security in a variety of ways guarding against viruses, securely managing passwords, providing recourse in the event your device is lost or stolen, securely deleting files, and more. Read on for a look at some apps that can handle these tasks.
Note: A few of the app links provided here take you to the Windows Mobile Marketplace, where apps can be queued up for download over-the-air via the phones Marketplace app. If you dont already have this app installed (its included with Windows Mobile 6.5), you can get it by pointing your phones browser to mp.windowsphone.com.
Loss and Theft Protection
The consequences of a lost or stolen smartphone go far beyond the inconvenience and expense of having to replace a pricey device. Especially when you consider that it can also result in unauthorized access to personal or otherwise sensitive data. Thats why its worthwhile to be able to track a missing device, and if recovering it turns out to be impossible or impractical, lock it down or wipe it clean to keep the contents away from prying eyes.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
Surecop ($19.95, 15-day trial) can plot the location of a missing (GPS-equipped) phone via Google Maps, send lock or wipe commands to the phone via SMS, and log any texts or calls that are made while the phones out of your possession. Plus, if the SIM card is changed, the phone will automatically lock and send you the new IMEI and IMSI numbers.
RecoveryCop ($29.97, annual subscription) offers similar features but adds Web-based monitoring and control as well as the ability to backup phone contents prior to wiping so they can be restored to a new device. (Either product can make a stolen phone surreptitiously place a call to you so you can eavesdrop on whoever has the device.)
Microsoft has its own version of remote locate, lock, and wipe, which is a premium add-on to its free Microsoft MyPhone service. Its not nearly as comprehensive as the products mentioned above, but at $4.99 per use, its a lot less expensive.
Although youre probably more likely to pick up a virus or other form of malware infection on a Windows desktop or laptop than a Windows Mobile device these days, thats changing rapidly as smartphones proliferate and are used more heavily for Internet access.
As a result, its prudent to protect your phone with an anti-virus app, such as Airscanner ($34.99 for annual subscription, with 30-day trial), which provides real-time background and scheduled scanning for viruses, spyware, Trojans, etc., as well as automatic updates for both the virus definitions and scanning engine. A less expensive option is Mobile Active Defense ($16.99 annual subscription); it offers phishing protection and spam filters for an unlimited number of POP or IMAP email accounts.
Malware protection apps for Windows Mobile devices are also available from some familiar names in desktop security, such as Kaspersky. Its Kaspersky Mobile Security (pricing available via sales quote, five node minimum) works with Exchange-based mailboxes and includes GPS-based tracking of errant phones, remote lock and wipe capabilities, and centralized administration and reporting. Both McAfee Mobile Security for Enterprise and Symantec Mobile Anti-Virus for Windows Mobile (pricing via quote) offer similarly comprehensive malware protection options for businesses that require centralized management of multiple devices.
You dont necessarily have to shell out big bucks to protect your Windows Mobile phone Lookout Mobile Security is a free app that combines malware protection, data backup, and remote device location with the ability to make your phone scream a loud audible alert even when its set to vibrate. (Note: A paid Premium upgrade advertises additional features, but its only available for Android.]]
LastPass ($12 billed annually, 14-day trial) is the gold standard among password management utilities, and its a great choice as long as youre comfortable having the company store your passwords for you, as theyre kept on the companys own servers rather than on your device. A big plus of LastPass for Windows Mobile (theres also a version for Windows Phone 7) is that it syncs up with the companys free browser plug-ins which are available for pretty much every OS and browser platform you can think of (Windows/Mac/Linux/IE/Firefox/Chrome/Safari/Opera).
If you prefer to keep your passwords out of the cloud, SplashID ($29.99, 30-day trial) stores them locally using 256-bit Blowfish encryption, and syncs with its (included) Windows desktop counterpart.
File Wiping and Encryption
Just like on a PC, deleted smartphone data isnt really gone unless you take extra steps to overwrite it. Aiko Solutions SecuWipe ($38.99) wipes a phones free space and can also securely delete specific files, folders, or pieces of info such as contacts, e-mails, or test messages. Another Aiko product, SecuBox Data Encryption, will encrypt sensitive data on your phone using 256-bit AES.
Two-factor authentication enhances security by identifying you not just by something you know (i.e. your password) but also by something you have-- typically a hardware token that generates unique single-use numeric passcodes.
In some cases you may be able to use your Windows Mobile phone in lieu of a hardware token. Depending on the sites and services you need to log into and/or the authentication technology used by your organization either of these two free soft token apps, VeriSign Identity Protection and Entrust IdentityGuard Mobile, may save you from having to carry that extra piece of hardware.
Windows Phone 7
Note: You might be wondering why we havent covered any security apps for Windows Phone 7 (aside from LastPass). Thats because owing to the newness of the platform and the fact that Windows Phone 7 doesnt permit third-party apps to multitask there arent any WP7 security apps available other than a handful of password managers (Windows Mobile 6.x apps cant run on Windows Phone 7, or vice versa).
Hint: If you have a Windows Phone 7 device, theres already a free remote locate, lock, and wipe feature built in, though its disabled by default. To turn it on, go to the phones Settings menu and look for the Find My Phone option. Then visit windowsphone.live.com to remotely access your phone.
Joseph Moran is a veteran technology writer and co-author of Getting StartED with Windows 7 from Friends of Ed.
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.