Jaa

Introducing Scott

  • Artikkeli

Hi, I'm Scott Yost. I'm a SDE/T on Windows Mobile, and I test several of our security features. My areas include code signing, security policies, revocation and certificates. I'll be doing a few posts to demystify the security architecure of our platform.

Send me a mail or comment if there's any topics you'd like me to frontload!

Comments

  • Anonymous
    October 27, 2005
    Hey Scott:

    From what I can tell, one of the issues that many are discovering about WM 5 devices is how the new security model affects installing and uninstall applications. Hopefully you can eventually cover these topics in your blog:

    -- A broad overview of the new security features of WM 5

    -- The recommended way to install and uninstall on PPC and SP devices for general purpose software

    -- Documentation clarification on wceload parameters, such as /noui and how certificates affect its use

    -- Whether or not unload is support for WM 5

    -- Recommendations on speeding up uninstalls via DMProcessConfigXML, if possible

    -- General Dos and Donts with the new security setup


    Thanks much.

  • Anonymous
    October 27, 2005
    Windows Mobile security while still preserving phone functionality?

    I would like to see a topic on this subject. I noticed that voice command had check boxes, so I was wondering if it was possible to still make and receive phone calls while still using the password protection to protect things like word documents, e-mail and text messages?
  • Anonymous
    November 02, 2005
    Is it possible to invoke a program from the browser on Windows Mobile Version 5.0. I was able to this on Windows Mobile 2003 Second Edition but now find it is not possible on Mobile 5.0. I can only assume this is a security feature introduced to the new version. Is there a way overcome this?

    I was previously invoking a program from the browser in the following way:
    <a href="file:///Program FilesProgramNameProgram.exe">run this program</a>

    This works when invoked from an html page held on the device running Version 5.0 but does not work when the same page is viewed over the web.
  • Anonymous
    November 03, 2005
    The comment has been removed
  • Anonymous
    November 03, 2005
    Andy, your question about root certs is actually a pretty common one. I'd like to do a top-level post that answers the questions you brought up.
  • Anonymous
    November 03, 2005
    The Grant Manager policy is up to the OEM/Operator to decide. As for our defaults, it's set to USER_AUTH for non-phone PPC devices because those devices tend to be totally under the control of the end user. PPC Phone Edition and Smartphones are typically managed by the operator, so grant manager is not USER_AUTH by default. At the end though it's still up to the OEM/Operator to decide what configuration they would like to ship.
  • Anonymous
    November 03, 2005
    The comment has been removed
  • Anonymous
    November 03, 2005
    Hi Scott,

    Thanks a lot for your answer here and the post on 3rd November.

    Andy
  • Anonymous
    November 04, 2005
    Hi Scott,

    Another area of interest for me is to do with the different types of certificates and their usage in the device. I'm really hazy on this

    e.g.
    1. 802.x certificate can only be used for that purpose
    2. A certificate loaded for SSL to Exchange will also carry credence for an https connection to another site using the same cert
    3. Certs installed for privilidged API usage.

    I take it that 3 and 2 are different tyoes of cert - they end up in different stores and so have different responsibilities? Is it possible that I can enroll a cert into the wrong store?

    Cheers,

    Andy
  • Anonymous
    November 04, 2005
    A good place for this information is the MSDN docs for the CertificateStore CSP. You can search for "CertificateStore Configuration Service Provider" or try this page: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/DevGuideSP/html/sp_wce51grfcertificatestorecspozup.asp
  • Anonymous
    June 20, 2006
    hi scott,

    can you discuss and show some examples of using the Diffie-Hellman and AES encryption in WM5.

    thanks,
    don
  • Anonymous
    June 30, 2006
    Hi Scott,

    Any toughts on adding certificates to the personal store of the WM5 devices programaticcally. (Preferably with c-sharp, by invoking the coredll, or some third party com library?)

    I would really like to know how to do this.. :)

    Cheers,
    Zeno
  • Anonymous
    June 30, 2006
    Hi Scott,

    Any toughts on adding certificates to the personal store of the WM5 devices programaticcally. (Preferably with c-sharp, by invoking the coredll, or some third party com library?)

    I would really like to know how to do this.. :)

    Cheers,
    Zeno