It certainly isn't an ideal situation. Phone manufacturers and carriers want to sell phones and airtime, so security...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
is probably not among their top concerns. As you say, one must wait for the phone manufacturer or carrier to make any Microsoft updates available before downloading and installing them. The process for Windows Mobile updates is quite a contrast compared to the Microsoft automatic update service available for regular PCs.
For my own phone, I had to hunt for my provider's upgrade page and the instructions were less than clear: "Stay up to date by downloading the latest upgrade for your Windows Mobile device. Depending on your handset model, this upgrade may include new and important features…." There was no clear explanation as to how important the update was or what issues it fixed. Keeping secure should be made as easy as possible; this wasn't.
There are signs, based on recent job postings and Internet gossip, that Microsoft's Windows Mobile 7 operating system will be capable of updating itself over the air (OTA). Unfortunately, current indications are that version 7 won't be ready until 2010. Hopefully the planned Windows Marketplace for Mobile will be up and running sometime this year. It will be a central point of access for new software and updates across all the Windows Mobile handsets, so you will at least be able to get your updates directly from a Microsoft portal.
Mobile devices of any type are often a weakness within enterprise security. For some reason they tend to fall outside the scope of regular security assessments and audits, even though the security risks are very similar to those of laptop computers. As mobile phones become more like mini PCs, they will need similar add-on security tools and patch processes to keep them safe.
For administrators trying to lock down these devices, there are security tools for Windows Mobile which can provide additional security in much the same way as desktop security suites do for regular PCs. Products include the likes of Symantec Corp.'s Mobile Security Suite, Kaspersky Lab Inc.'s Mobile Security, Airscanner Corp.'s Mobile Supreme Security, PGP Corp.'s Mobile encryption and Bluefire Corp.'s Mobile Security Enterprise.
Dig Deeper on Security patch management and Windows Patch Tuesday news
Related Q&A from Michael Cobb
A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held ...continue reading
A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks ...continue reading
HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.