Security in Windows Mobile 5.0 Messaging Pack Disappoints


Analyst(s): |

  Free preview of Gartner research


Windows Mobile 5.0 Messaging and Security Feature Pack (MSFP) does not go far enough with security for enterprisewide deployment. Use third-party vendor security add-ons to make Windows suitable for mobile use.

News Analysis


On 6 June 2005, Microsoft announced that its MSFP for Windows Mobile 5.0 will ship in 4Q05. The pack, when combined with Exchange Server 2003 SP2, is meant to deliver push-based e-mail, Exchange integration, and enhanced manageability, security and control for Windows Mobile 5.0 devices.


The MSFP includes improvements, but Microsoft has implemented too few of Gartner's recommendations to make Windows mobile devices enterprise-ready (see "What Does Trustworthy Computing Mean for Pocket PC?" ). Microsoft told Gartner in 2002 that it would raise security on the platform significantly — to the enterprise level — in the next major release. In our opinion, the improvements in Windows Mobile 5.0 and the MSFP are insufficient and do not meet basic enterprise security needs.

MSFP security improvements include:

  • Certificate support

  • Wiping the device's main memory after too many failed password attempts

  • A facility that allows Exchange administrators to instruct the device to wipe itself the next time it connects via TCP/IP to the server

  • Policy and configuration management

The pack also has:

  • Patch support, without having to "reflash" the entire memory of the device and erase user data

  • Better Exchange integration through established Outlook Web Access technology and push-based e-mail

Wiping the devices' memory is of limited use, since data on removable media is not erased and remains exposed. Because mobile devices have limited storage capacity, most users store data on media, such as memory cards, that can simply be removed from one device and read in another. Data encryption is required to secure the device. The Crypto application programming interfaces (APIs) are already built into the operating system, so such a feature should have been easy to implement.

Microsoft has missed an opportunity to show leadership in mobile security and have the market declare that the company has made Windows Mobile 5.0 secure. We believe it should have provided an integrated management and security framework for the platform. Microsoft continues to rely on third-party vendors to plug its mobile-security shortcomings.


Recommendation: Buy third-party security software to make Windows mobile devices enterprise-ready.

Analytical Sources: Dion Wiggins and Nick Ingelbrecht, Gartner Research

Recommended Reading and Related Research

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)

© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Not a Gartner Client?

Want more research like this?
Learn the benefits of becoming a Gartner client.

Contact us online





Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more