It certainly isn't an ideal situation. Phone manufacturers and carriers want to sell phones and airtime, so security...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is probably not among their top concerns. As you say, one must wait for the phone manufacturer or carrier to make any Microsoft updates available before downloading and installing them. The process for Windows Mobile updates is quite a contrast compared to the Microsoft automatic update service available for regular PCs.
For my own phone, I had to hunt for my provider's upgrade page and the instructions were less than clear: "Stay up to date by downloading the latest upgrade for your Windows Mobile device. Depending on your handset model, this upgrade may include new and important features…." There was no clear explanation as to how important the update was or what issues it fixed. Keeping secure should be made as easy as possible; this wasn't.
There are signs, based on recent job postings and Internet gossip, that Microsoft's Windows Mobile 7 operating system will be capable of updating itself over the air (OTA). Unfortunately, current indications are that version 7 won't be ready until 2010. Hopefully the planned Windows Marketplace for Mobile will be up and running sometime this year. It will be a central point of access for new software and updates across all the Windows Mobile handsets, so you will at least be able to get your updates directly from a Microsoft portal.
Mobile devices of any type are often a weakness within enterprise security. For some reason they tend to fall outside the scope of regular security assessments and audits, even though the security risks are very similar to those of laptop computers. As mobile phones become more like mini PCs, they will need similar add-on security tools and patch processes to keep them safe.
For administrators trying to lock down these devices, there are security tools for Windows Mobile which can provide additional security in much the same way as desktop security suites do for regular PCs. Products include the likes of Symantec Corp.'s Mobile Security Suite, Kaspersky Lab Inc.'s Mobile Security, Airscanner Corp.'s Mobile Supreme Security, PGP Corp.'s Mobile encryption and Bluefire Corp.'s Mobile Security Enterprise.
Dig Deeper on Microsoft Patch Tuesday and patch management
Related Q&A from Michael Cobb
Geofencing technology is increasingly being used as a security tactic, such as to control access to servers with DNS settings. Expert Michael Cobb ...continue reading
After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the ...continue reading
The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.