WiFi Did You Do That?
Having survived explaining why the X button doesn’t close apps, I’ve been emboldened to take on the completely radioactive subject of why WiFi ActiveSync was removed from ActiveSync 4. I’m sure that I won’t come out of this one unscathed. The people affected by this are really angry. And, though I didn’t have anything to do with the decision, I’m guessing that you’re going to take your frustrations out on me anyway. But, hey, someone needs to explain why these things happen. That someone might as well be me.
The truth is out there
Conspiracy theories abound. Because WiFi to an Exchange server still works, some people have suggested we did this to sell more Exchange servers. That’s definitely not the case. Exchange has considerably more customers than Windows Mobile (although we’re growing quickly!). Hurting Windows Mobile to make Exchange do better just wouldn’t make any sense. Don’t get me wrong, I’m sure that the integration between Exchange and Windows Mobile has driven sales of both. But we’re not about to hurt one product to help the other. If nothing else, Windows Mobile and Exchange are in different divisions, and both are expected to make money on their own. So even if Exchange came to us and said, “Why don’t you hurt yourself to help us?” we’d say “No thank you.” (Okay, our response would be less polite than that….)
Secure this
The official (and true) reason has always been stated as “We removed it for security reasons.” But, judging from the number of angry comments I see posted here, that explanation hasn’t really convinced anyone that it was a good idea. So, let me go into more detail. The first major issue is this: Exchange ActiveSync is encrypted and desktop ActiveSync isn’t.
Quick diversion to explain what “encrypted” means. Think back to the old days when you used to send paper mail through the post office. And think about the difference between sending a post card and sending a letter. If you put your letters in envelopes, you had some reason to believe only the right people would read them. But with post cards you wrote, “Having a great time, wish you were here,” on the back and just assumed that anyone in the post office could read it. For this reason, you never sent company secrets on post cards. Encryption is like the envelope you put your letter in. It helps keep people who aren’t supposed to know what you wrote from reading it. If you don’t use encryption, you’re effectively sending post cards. Only, it’s not just the post office workers who can read it. It’s everyone on the internet.
And that’s one of the main reasons we cut the feature. Desktop ActiveSync over WiFi was sending all your contacts, calendar, and email data over the internet without doing anything to keep people from reading it. If that doesn’t strike fear into your heart, let me add the second reason. When a device connects over desktop ActiveSync we don’t do enough to make it prove that it’s really your device (we don’t “authenticate” well enough). So, yes, when you had WiFi enabled on desktop ActiveSync, people on the internet could watch what you sent and then use that information to pretend to be your device. If they were successful at this, they could convince the your desktop to start sending your information directly to them.
You shouldn’t be furiously asking why we removed the feature. You should be furiously asking why we ever implemented it in the first place.
So why did you implement it in the first place?
History lesson time. (Did you really think you’d get through one of my blog entries without one?) ActiveSync started out as a way to plug your device directly into your PC over a serial port. Yes, it’s that old (many PCs don’t even have serial ports anymore). There was no need for any sort of security here, because the only way to do this was to physically connect two machines. If you had control of both machines, you’d already compromised whatever security was there.
At some point, PCs and Pocket PCs started getting USB ports. So we modified desktop ActiveSync to talk over USB. But we mostly did it by pretending the USB port was a serial one and sending the same kind of data over it. At some later point we started seeing Compact Flash network cards. We thought, “Hey, that’s another way we could connect to ActiveSync,” and built in the ability to sync over Ethernet. Not too many people used it, though, because it didn’t make too much sense to plug Ethernet cables into your mobile device. Later on, though, WiFi arrived. In the end, WiFi is just a wireless way to do Ethernet, so it pretty much automatically worked with what we had already built.
Another brief aside. We left Bluetooth enabled for a number of reasons. For one, Bluetooth is inherently encrypted. WiFi isn’t. For another, Bluetooth has a limited range. WiFi also has a limited range, but it’s a limited range to the nearest internet connection. From there it can go anywhere. Bluetooth connects directly to the desktop. Though the Bluetooth standard supports Bluetooth devices connecting to the internet, we don’t support Syncing to the Desktop over such a connection. WiFi could potentially connect directly to a desktop, but we’ve never had that feature implemented.
It’s not really Sync over WiFi that we removed. We removed Sync over Ethernet. It’s just that WiFi needed Ethernet Sync to work. Now, enabling Sync over Ethernet happened back in the time when viruses were rare (no one had figured out how to make money exploiting security flaws yet). And, in those days, we didn’t foresee the coming storm of malware, nor did we know enough about how to prevent it. So we enabled what seemed like a useful feature, blissfully unaware of how dangerous it was.
Remember that none of these devices were phones. When we started making phone devices, we realized that users would have data connections anywhere they went. And we realized that they’d want to sync their devices from anywhere in the world, not just at their desktops. So we decided to make a way to sync directly to an Exchange server. And, for various reasons, the original sync method wasn’t going to work. We needed to make a new one. This happened after the internet’s transition to the dark side, so we built encryption in from the start. That’s why Exchange ActiveSync still works over WiFi. It’s encrypted, so we didn’t have to disable it.
But I don’t care if anyone reads my data. Enable me.
It’s clear that, as little as 5 years ago, most Microsoft employees didn’t understand security well enough. That’s changed. Everyone in development takes mandatory security training every year. And the training isn’t even the same thing every year. Each year we learn about new attacks that had been recently invented. Mistakes can still be made, but we at least get it now. How would you like to be the guy who caused an airport to be shut down because of a vulnerability in your code? You could say, “It’s not my fault. I wrote the code long before that kind of attack had even been invented yet.” But in the end, you have to feel the weight of the flaw on your shoulders.
Like it or not, we live in a world where every exploitable hole will be exploited. And, in that world, we simply can not leave something as big as what I described enabled. We had to remove the feature. You may be willing to point a partially loaded gun at your head and pull the trigger. But we just can’t be the people who loaded the gun for you. Those days are gone, and they aren’t coming back. We understand your frustration. We feel bad when you scream and yell at us. But we’d feel worse about the things that would happen if we left the vulnerability in.
Then fix it
There are a number of things we can do to fix it, including adding encryption and authentication. All of them, however, are a ton of work that needs to get prioritized against all the other things we need to do in ActiveSync. I can tell you definitively that the team responsible wants to re-enable desktop ActiveSync over WiFi. But I have to also tell you that they have a lot of other things they need to do first. I can’t tell you when you’ll get your WiFi back.
Shields at full, Captain
That sound you hear is me slinking down into my bomb shelter. While I know this post won’t make you any less angry, I hope it at least explains how we got to where we are. Fire away.
Mike Calligaro
Comments
Anonymous
November 08, 2006
Conspiracy theories abound. Because WiFi to an Exchange server still works, some people have suggested we did this to sell more Exchange servers. That’s definitely not the case. Exchange has considerably more customers than Windows Mobile (although weAnonymous
November 08, 2006
The comment has been removedAnonymous
November 08, 2006
Seriously, the article is interesting but there are some funny statements: Number 1: "Now, enabling Sync over Ethernet happened back in the time when viruses were rare" Do you mean the 80s? Number 2: The answer to "But I don’t care if anyone reads my data. Enable me." is plain ridiculous (MS developpers are more conscious about security). That's copy and paste from the corporate posters. Everytime we install a non certified driver on WinXP we get a big red blinking warning; what on Earth is the reason not to have a Triple Red and White Blinking warning, the type that Microsoft like "This is Unsecure do you want to proceed?" "Are you really really sure?" "Are you really really really sure? If anything happens I will tell you "I told you so."" Since I am writing a comment I might as well ask a for a future post: What is the story behind the various issues for MS Pocket Money (single currency, and forever non forward/backward/at-all compatible)?Anonymous
November 08, 2006
The comment has been removedAnonymous
November 08, 2006
Amazing... then why are we allowed to shutdown the windows firewall?Anonymous
November 08, 2006
One way to add encryption and authentication is by using IPSec. Even if the built-in IPSec support is not adequate, there are third-party solutions that could easily "secure" it. There are users out there who already use these IPSec solutions to connect back to a corporate VPN gateway to retrieve email, access the intranet, and ActiveSync, at least until it was disabled.Anonymous
November 08, 2006
Mike, However much you try to hide behind technical topics, your writing style shines through. If you have done novels or essays, I want to read those. Cheers.Anonymous
November 09, 2006
The comment has been removedAnonymous
November 09, 2006
Mike, Your excuse for not giving us the choice is incredibly weak. You have always struck me as a very intelligent guy, so it amazes me that you post such poor reasoning such as not giving people a choice for Wifi or allow them to have their "X" actually close. MS must be paying you a large sum for "danger pay" because I can't think of another logical reason to even try to push such absurdity on us. DaveAnonymous
November 09, 2006
Sync over wifi is a must and personally it was a selling point for Windows Mobile PDAs.Seems Microsoft don't care about Market Demands.Anonymous
November 09, 2006
It's really, really hard to believe it is so difficult to add encryption to Wifi sync.Anonymous
November 09, 2006
It is actually a lot more simpler than we may think, MS wants to get rid of 'local' hosting of exchange/outlook. Companies ought to subscribe to one of the Echange hosting services out there, removing the most common reason to have ActiveSync in the first place. It's all marketing, isn't? RicharAnonymous
November 09, 2006
The comment has been removedAnonymous
November 09, 2006
Thanks for sharing this information. Love your articles. Keep up the good work. Since most of the time I'm connecting thru USB anyway to charge and sync stuff for that <expletive/> Media Player thingy, I'm not hurt by this too much. But add $49 of my $100 to the pile for a secure Sync-Over-Anything. The other $51 go to ActiveSync backup and restore. But that's another story, I guess.Anonymous
November 09, 2006
Why not just add a secure sockets layer over RDP? It sounds soooooo easy but then again something tells me it's actually not. What about sync-over-https? What about leaving a deep-buried registry option to enable ethernet sync with a big red "DANGEROUS, UNENCRYPTED DATA" mark on it?Anonymous
November 09, 2006
If my wi-fi connection from my device to my router is encrypted how would it be possible for the sync from my computer through my router and to my device to not be......... I personally feel that this is very sketchy.. I can click on an unsecured wireless network and type in my credit card number and get hijacked the same.. but i wouldn't do that because I know what "Unsecured Wireless Network" means... It is great to "provide" everyone with a comprehensive security set.. But at some point this has got to be handed to the user... I mean honestly their is a very easy solution to this... Sync personal folders to personal computers.. No one really needs to sync up their contacts to their home pc when they are not within wireless reach of it and if they did then the obvious solution would be vpn/ipsec and at that point it would be miles beyond the scope of activesync in the first place....Anonymous
November 09, 2006
Charles, we can argue over whether or not "rare" was the right term for me to use. But you have to admit that there were a ton more viruses and malware in 2005 than in 2000. As for me saying that MS devs are more conscious of security sounding like it's from a corporate poster, whatever it sounds like, it's true. Maybe part of the reason I do these blogs is to help people see inside the company. But, as a long time developer here, I can honestly say that we view security differently now than we did in the past. And we do it because we believe it, not because some slogan told us to. Solnyshok, thanks for the compliment. In my off time I'm a science fiction writer, but I haven't published anything in five or six years. Still, most my old stuff is free and on www.mystikeep.com. Check out "The Daily Dose." It's the best thing I ever wrote. Dave E, re "Danger Pay." Heh, no I don't get paid anything for doing these blog entries. They're not part of my job and don't even seem to help me on my reviews. (But I'm not complaining. What I'm paid to do my real job is more than adequate.) I do these because I believe they're the right thing to do. And, however absurd the reasons sound to you, they're the truth. As I told Solnyshok, I'm a fiction writer in my off time. If I wanted to make something up, I'd come up with something better. (-: Amin, we certainly do care about market demands. Pretty much everything we do is based on market demands. And the market has demanded the things the ActiveSync team has been doing much more than it demands Desktop WiFi. Griffon and macbirdie, yes, it's definitely possible for us to add the encryption (we'd use SSL). It's not that it's hard or impossible. It's that it's a lot of work that needs to be prioritized against the other work we need to do. MikeAnonymous
November 09, 2006
Thanks for the explanation. The choice is still the wrong choice for many of us. Worse, it is infuriating not to have a choice. You could have create a group policy option to disable this on the PC in corporate environments. You have a PPTP stack and you could have forced use of that for WiFi sync and also required XP Pro (which can serve this) for the desktop. You could have done ..... One understands the big push for security, but you have overdone it. You guys are smart and could and should have found a solution. You chose to punt because of the security paranoia that swept MS and that is the cowards way out!Anonymous
November 09, 2006
The comment has been removedAnonymous
November 09, 2006
The comment has been removedAnonymous
November 09, 2006
Thanks, Mike. What many comment authors fail to read is that you weren't involved in the decision to pull plaintext activesync wifi. I would rather see higher priority for improving ActiveSync's error traps and messages. Sometimes it spins its wheels forever, with no timeout, and when it throws an error it's some obscure negative 8-digit code. Often a lookup only yields the frustrating resolution "re-install ActiveSync." I would like to see some better communication than that. A few descriptors can go a long way. Luckily I have Verizon Wireless Sync. If I did not, I would be forced to deal with ActiveSync and become frustrated when it (often) fails without reason. I'm lucky enough to not require Outlook, which has terrible PST-file corruption problems, because my company is lucky enough to not use Exchange, which has terrible mailbox size limitations. Sorry to bring all of this up. Do you see where I'm going with this?Anonymous
November 09, 2006
The comment has been removedAnonymous
November 09, 2006
I understand that the decision to remove wi-fi may have been due to the security of company's that used it and where therefore unaware that their data was then available to the public, and that's great.... for them. There are a lot of people out there who use their WM Device for their own personal use, and a lot of them have wireless networks that are protected by security measures that MS suggest and more, not to mention firewalls. So the question has to be put to the team responsible for this decision, "Why not allow the user to enable Wi-Fi Sync and have lots of red lights go off warning them to take precautions?" A company wouldn't activate such a feature due to the risk involved, but a user using it for their personal use on their secured Wireless Network at home would be more likely to have nicer things to say about MS. GarryAnonymous
November 09, 2006
I understand that the decision to remove wi-fi may have been due to the security of company's that used it and where therefore unaware that their data was then available to the public, and that's great.... for them. There are a lot of people out there who use their WM Device for their own personal use, and a lot of them have wireless networks that are protected by security measures that MS suggest and more, not to mention firewalls. So the question has to be put to the team responsible for this decision, "Why not allow the user to enable Wi-Fi Sync and have lots of red lights go off warning them to take precautions?" A company wouldn't activate such a feature due to the risk involved, but a user using it for their personal use on their secured Wireless Network at home would be more likely to have nicer things to say about MS. GarryAnonymous
November 09, 2006
The comment has been removedAnonymous
November 09, 2006
As a developer, sync over Ethernet/WiFi was an absolute godsend before USB sync, because it was several orders of magnitude faster than debugging over a serial connection. On devices before Windows Mobile 5.0, I have discovered that it is possible, even with ActiveSync 4.x, to begin a sync session with USB, start debugging, then pull the device out of the cradle and continue to debug - the debugging connection seems to fail over to WiFi. I'm sure this is accidental - don't go and remove it, because it's useful. Windows Mobile 5.0's disabling of the network card and GPRS (or other cell radio) connection on connecting to ActiveSync is completely brain-dead for this reason: it's impossible to debug applications which use the network card or cell radio connection.Anonymous
November 09, 2006
With respect, Mike, your timeline is wrong. Pocket-sized PC devices and the HPCs could be synced over Ethernet. So it's not 2000 when the design choice was made to enable it. The truth is that insecure communication is not allowed by design anymore in Microsoft product. This is the 'secure by default' principle. So it cannot be enabled by default, and the ActiveSync guys had to shut it down. Those asking for the ability to lower their security voluntarily have a point. But they do not have the understanding of the difficulty in changing the ActiveSync (non-Exchange) to be authenticated and secure. SSL isn't a magic wand that makes the scenario work - there is infrastructure (obtaining and deploying certificates) that is not reasonable in many (probably the majority) of non-commercial cases. Remember, this isn't one cert for a single external server, it's one for each desktop and possibly each device.Anonymous
November 09, 2006
It sounds like I didn't make myself clear enough. There never was a "Sync over WiFi" feature in ActiveSync. ActiveSync had "Sync over IP (Ethernet)." Sync over WiFi worked because WiFi is IP, and ActiveSync was listening on IP. You can have a fully encrypted WiFi connection to a router so that everything going over the air is protected, and then have it go unencrypted from the router to the desktop PC. If anyone is capable of listening to that connection, then they're capable of doing bad things to your desktop PC (if you have Sync over IP enabled). I find it interesting that multiple of you have said, "No, Microsoft doesn't GET security ... so re-enable this insecure feature now." You can't have it both ways. You could say that the company is overreacting on security and that it's really not important. (Come on, an integer overflow shut down an airport.) Or you could say that we're not doing enough for security and should have disabled this feature long ago. But, "You're not doing enough, so you might as well not do anything," just doesn't fly. We understand that Sync over IP was a very valuable feature, ESPECIALLY for debugging (that's the part that hurts me the most). I'm definitely NOT trying to convince you that it's something you don't need. I would like to see a secure version of it return just as much as you would. But that doesn't change the reality of software developement--that features need to get prioritized and done in priority order. Call that hand waving, rationalizing, or making excuses if you you'd like. It's reality. MikeAnonymous
November 09, 2006
I doubt the mobile team is serious with security. Currently client certificate authentication with exchange activesync has a serious bug and from what I was told will not be fixed in windows mobile 5. The fix will be in next version of the OS. Meaning that all new devices will have to be purchased to fix the issue. See http://blogs.msdn.com/windowsmobile/archive/2006/07/06/658142.aspx “rain man” comments this exactly. Another non commitment to security is the ability to support third party client certificates. Microsoft blindly wants the whole world to use their CA’sAnonymous
November 09, 2006
The comment has been removedAnonymous
November 09, 2006
ok the ssl thing may have been a bit aggressive and not well thought out.. but the point remains valid that i that the encryption of the wireless communication made via activesync should not be in the scope of activesync it should in fact fall in the scope of wireless security. Any pc communication can be mocked to a router if the connection is unencrypted via a standard wireless connection just like a WM device can but that doesnt mean we should just turn off wireless capabilty in Windows now does it?Anonymous
November 09, 2006
You're such a good writer, Michael. One doesn't expect that from wireheads. I love reading your comments.Anonymous
November 09, 2006
The comment has been removedAnonymous
November 09, 2006
Mike Appreciate some of the technical decisions that went into removing this option. From a carrier perspective, it was too niche for me to train my support staff on, and when I did get calls from customers we were put in the embarrasing position of not being able to provide support. I think we got nearly 400 calls for Xda IIs/i over it's lifetime - no way i could take a massive call team offline to train them on this niche aspect. So good on MS for taking it out for security, but also allowing sp's time to train up on how to support this feature! Antonios K
- former manager, Xda, O2
Anonymous
November 10, 2006
The comment has been removedAnonymous
November 10, 2006
The comment has been removedAnonymous
November 10, 2006
The comment has been removedAnonymous
November 10, 2006
I can't say I used wireless synch that often - it was too hard to get going. Having said that, I find the arguments for it's removal specious to say the least. I'm also not sure how this works: "You can have a fully encrypted WiFi connection to a router so that everything going over the air is protected, and then have it go unencrypted from the router to the desktop PC." Do I have two wireless LANS connected to one router, the one from the PocketPC to the router encrypted and the one from the router to the desktop not encrypted? Nope, I just don't see how this works.Anonymous
November 10, 2006
The comment has been removedAnonymous
November 10, 2006
Thanks for the article Mike. This one actually makes sense, unlike the close button isn't a close button "feature" in a previous article. It seems like you could just require a "seed" activesync connection over a secure media like USB to exchange crypto keys between the PC and device as part of the "partnership" process and enable encrypted and authenticated activesync over the network based on that.Anonymous
November 10, 2006
Really a well written and fun to read articel. But your arguments don't convince me, not even a very little. I really don't think making this feature optional and prompting a warning if activated is that dangerous. Or make it a unsupported powertoy that needs to be installed sepeartely. Personnaly I really need that feature so much that I stick with AS3.8/WM2.3 as long as my WM2.3 PPC lasts. Its what keeps me from Vista and new PPCs (which I really would like to have). Especially for software development the ethernet (non-wireless) AS is a BIG advantage I really can't give up. ThorstenAnonymous
November 10, 2006
I'm probably going to repeat a few things that have already been said; but I promise to keep this short. Rather than make the decision for me, I'd rather you warn me, and then let me face my own music. Personally, I think removing WiFi to Desktop AS synching had something do to with the way you're reading packets sent over the network. AS is all IP based, and its the only way you could get the synching x of y to the exchange server read. I think I get that; but removing it from desktop AS just doesn't make sense to me. Again, I'd rather you warn me and let me make the blunder (if any) than take features away from me. Personally, I don't use the feature anymore, as I have an unlimited data plan from my cell carrier and sync OTA with an Exchange Server; but I know of a lot of people that want this back. I know all about feature priorities, too, as I'm a software QA manager... You have my sympathies and my thanks for the explanation. Kind Regards, Christopher Spera
pocketnow Sr. Editor pocketnow.com -- it's all about portability... http://www.pocketnow.com
Anonymous
November 10, 2006
WiFi Did You Do That? Outlook 2007: still famously obscure Backup^H^H^H^H^H^HRestore best practices GoneAnonymous
November 10, 2006
Mike, you may say that this was removed purely for security reasons, and that "may" be true. However, I find it one more example of the Windows Mobile team playing nanny to it's users, and deciding that only the team knows what's best. We have TOO many instances of the WM team deciding its users aren't smart enough to make an informed decision:
- No Close option - users obviously can't be trusted to manage thier own apps and memory.
- No True VGA support - we are stuck with pixel doubled apps and even PIE automatically doubles all images - no choice at the user level to toggle this on or off.
- No ethernet sync - again, the message is users aren't capable enough to make the right decision on when to use this. I'm sure if I spent more than 2 minutes thinking about it there would be several other examples of this Czarist attitude. I used to work for a software company - when bringing the development team there requests from our customers for enhancements to the software, I was often presented with the question - "why would anyone want to do it that way", as if the only correct way is the way the original programmer wrote it. Needless to say that company has been dealing with the loss of several large customers over the last few years, primarily because those customers felt the organization didn't listen to them and didn't care. The WM team seems to have much of the same cavalier attitude towards the large base of consumer users that have contributed greatly to the growth of this OS.
Anonymous
November 10, 2006
Microsoft's paternalistic attitude toward users is the reason I'm seriously planning to learn how to install and use Linux rather than downgrade from a version of Windows that I am perfectly happy with, and throw out a computer I am perfectly happy with so I can have the latest OS, Windows Vista, which is even more bloated than Windows XP, on which I turned off most of the eye-candy in favor of speedier performance. I'm still unhappy about the decision to change Pocket Outlook authentication when PPC2000 was "upgraded" to PPC2002, so I could no longer use Pocket Outlook with my frontiernet.net ISP. I will stay with WM2003SE PE and ActiveSync 3.8 as long as possible rather than give up any more functionality. While I have never used WIFI sync, the idea that Microsoft has taken away that option, on the ground that I am incapable of making my own decision whether or not to use it is nothing less than infuriating. I suspect that Microsoft is still thinking of ways to put us all on a subscription basis for using its bloatware. I've been waiting for a user-friendly version of Linux, but Microsoft's arrogance may force to learn how to use it in its current form.Anonymous
November 10, 2006
The comment has been removedAnonymous
November 10, 2006
<i>It's the IP connection that ActiveSync opens to the entire network that's the problem.</i> That's only a problem if the entire network itself is unsecure. My home network is secure. Both physically (nobody can access it outside of my house) and via hardware firewalls. So tell me again why running AS on it suddenly makes it unsecure...Anonymous
November 10, 2006
As a sequel to this post, I'm sure we all would like to know the hidden reasoning behind the odd (to be nice) file open dialog in Windows Mobile.Anonymous
November 10, 2006
The comment has been removedAnonymous
November 11, 2006
The comment has been removedAnonymous
November 11, 2006
By the same argument, shouldn’t unencrypted POP3 and SMTP be disabled?Anonymous
November 11, 2006
Microsoft: just make AS IP sync a checkbox that comes with a nice long legal form for me to sign to indicates that i understand technology and that everything isn't perfect. ok? (how did they get away with providing all the other security holes in PocketPC???)Anonymous
November 11, 2006
Jon - I'm not sure if you actually want an answer or if that was a rhetorical question, but here goes. Unencrypted POP/IMAP has at least a password on it. Unencrypted POP/IMAP doesn't give unauthenticated read/write access to your contacts, calendar, tasks and e-mail on both your PC and phone. Unencrypted POP/IMAP doesn't run as a server on your home PC in the typical case. POP/IMAP has the ability to be secure if you want to - IP sync doesn't as it stands. It requires the network topology to protect it from external attack.Anonymous
November 11, 2006
This is just another example of the arrogance at Microsoft. The sad reality is that Microsoft will not listen to customers until some other competitor gives them a kick up the a** (eg. IE and Firefox). Unfortunately, there doesn't seem to be any real serious competition to the Windows Mobile platform, so we have to take whatever they deem we deserve.Anonymous
November 12, 2006
The comment has been removedAnonymous
November 12, 2006
The comment has been removedAnonymous
November 12, 2006
Mike: What other work is being done in AS that is getting a priority over IP Sync? Maybe if you can explain that, it will start the healing process. I understand priority of projects and goals, but you are asking us to take this for granted. What are the features that are under development? ...hey, I'll sign a NDA if necessary! It is very annoying that this feature should be a "given" function. We are living in a wireless society - so what's up with this? -KevinAnonymous
November 12, 2006
After reading the OP and many of the comments I have to say I agree with what MS has done. I can understand it too. Most people arent savy and will blindly fire away like they always do. MS is evil. By allowing this security issue to go unchecked and place it in the hands of those who dont know better, MS is sending out an open invitation to get persecuted. Again. Like they need more of it right? We dont have WiFi sync because of less knowledgeable people who are looking for an excuse to bring a law suit, or otherwise "public complaints" exist.Anonymous
November 12, 2006
All this talk of "we can secure the wifi interafce but the interface between the router and pc we can't secure" although true begs one to question why MS does not implement encryption at the application layer (if referering to the TCP/IP protocol stack) then secure encryption can and will be available between the router and pc and router and handset (Pocket PC) via the wireless interface?Anonymous
November 12, 2006
Shame on MS AS. Why do I have WiFi in the first place? Right, for AS with one of our exchange servers. We will look for an other application that can do wifi sync, with exchange support (or even not exchange, so we will bash out exchange in our 10000+ pda user company)...Anonymous
November 13, 2006
The comment has been removedAnonymous
November 13, 2006
The comment has been removedAnonymous
November 13, 2006
Kevin, yes Exchange 2003 supports Exchange Active Sync (EAS). With EAS, your device connects directly to your Exchange server rather than going through your desktop. You can do this from any internet connection from anywhere in the world. So if you're travelling and get a network connection, you can stay in sync. It works over WiFi hotspots, hotel net connections, cellular connections, etc. For a CIO like yourself, we think this is considerably more useful than needing to get some way to connect to your desktop before being able to sync. Here's a guide for setting up EAS in your company. http://www.microsoft.com/technet/itsolutions/mobile/deploy/msfpdepguide.mspx As for what we're working on instead of Desktop sync over WiFi, unfortunately, I just can't talk about such things. That would effectively be me preannouncing unannounced features. That's marketing's domain and not a place where I can tread. MikeAnonymous
November 14, 2006
i wish the wifi option would be available for small business/home users who dont care too much about the sercurity of email. I hate the fact that wm5 has no PAN bluetooth,i cannot see it as a "mobilepc" on network and my Microsoft Bluetooth dongle is only the lower class 10m range, so dont work further that the hallway, all this technology and it only elimates the cable connection, but gives me no range further that the desktop. Screen rotation: i have told my Imate Jarjar to wrk in landscape left handed mode, but it wopuld appear that this setting is overridable by all programs, this makes using the wm5 device in the car a real pain in the neck. I set off on a journey, enable TomTom (at least that stays in landsacpe mode) but then i get a call, duh its displays in portrait mode, so i have to try and use a touch screen in the hardest way possible ...........the the phone reverts to this mode untill i get somewhere to pull over and reset screen.....If anyone finds a JarJAR on the highway,,,,then you know i got too annoyed with it and used the Windows option on my car instead.... THe X factor....need i day more...why not allow a close and a minimize button on AU4...allow the apps to min down to taskbar....not that would be good. Voice tags.. Can we find a way to save these...i am so fed up recording them everytime the phone crashes and i have to reboot...please.... Screen Rotation I have to rotate three times to get to the correct orinatation on device...could we have a default clockwise or anti clockwise feature. Windows Mobile Media Player well om the Imate Jarjar its rubbish, will never play FULLSCREEN, only a postage sized tumbnail in the centre of a huge screen. I use PocketTV....no problem FULL SCREEN. The Today/Desktop Why do i have to buy an app to put icons on desktop..i use my device as a pc. not an electronic diary. where did somebody decide that these devices should be just beefed up dairys and not mini pcs??....i would get rid of all the clutter, and put icons on istead, its easier tio hit target with finger if its a icon. i have all the diary devices since the fist pc, but never never use them like that...please stop always trying to make it a diary/calander/reminder device...i got a brain gadget for that task, which i cannot lose and so far in 39 years of continuous use had not crashed, or even a blue screen, mind you i think i did drink a bit too much one day and have a grey out..Anonymous
November 14, 2006
The comment has been removedAnonymous
November 14, 2006
That was an excelent post! Thanks so much for taking the time to go into such detail. Shields down Captain! I would say you are safe. :)Anonymous
November 14, 2006
The comment has been removedAnonymous
November 14, 2006
(OT) Mike, you said you aren't being paid for writing all of this? You really should be paid, truly. Your patience and endurance against all these harsh comments are outstanding. I appreciate the time and patience that you used to write and respond here.Anonymous
November 14, 2006
When using ASync 4.2 I found the following registry values very interesting: HKEY_CURRENT_USERSoftwareMicrosoftWindows CE ServicesPartners1c0c74e7ServicesSynchronizationObjects (1c0c74e7 = my device partner number) Each object here can containt a dword vlaue called WirelessEnabled. Any comments on that Mike? TweakradjeAnonymous
November 15, 2006
In reply to: How about doing a post on dropping support for ADOCE next? It's a natural to allow people to use Access data on devices - why take this away? Start regedit and navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows CE ServicesServicesSynchronizationObjectsMicrosoftTable There is a dword Disabled there that can be set to "0" Dunno if it is funtional but it does show Pocket Access in Active Sync again. Think it is not supported by MicroSoft ;O) TweakradjeAnonymous
November 16, 2006
Lujayne, thank you for the kind words. Don't get me wrong, Microsoft pays me very well to do my day job. It's just that these blog entries don't have anything to do with my day job. I'd be paid the same whether I did them or not. Tweakradje, I had to have the ActiveSync guys go hunt down the code for that registry key. It appears to be a remant of pre-WM5 sync engines that isn't used anymore. It doesn't seem to be used on WM5 partnerships and certainly wouldn't enable wireless desktop sync if you changed it. MikeAnonymous
November 16, 2006
The comment has been removedAnonymous
November 17, 2006
Kevin - I can give some examples of things that the sync team did in the past instead of this work
- AS 4.0 had some very serious problems that completely blocked WM5/AS4 deployments in enterprises. They worked around the clock to troubleshoot, document, and fix those problems, and ship AS4.1 to address them.
- Always Up To Date for MSFP was a big work item
- Windows Mobile Device Center for Vista was another big work item. Those are some examples of large things that got prioritized higher than this work since we shipped AS4.
Anonymous
November 19, 2006
The comment has been removedAnonymous
November 20, 2006
Its a feature I never used From the reading i saw YOU are going to get it back but you have to wait for other higher prioity tasks to be finished first Unfortunatly no ammount of complainint is going to speed that up and nice reply barkeylivesAnonymous
November 20, 2006
Hi Mike, Nice article.Though I may not agree comepletely with the reason given for removing Sync over Wifi but still it sounds plausible. What realy beats me is that why the WiFi should be disabled when we have attached the device to PC.I will give a real scenario.We were building a VoIP solution and for that we needed to debug the application using VS2005.Its a real pain to debug when WiFi is switched off as soon as device is connected to development PC.In this scenario only option left is log file and I dont need to tell you how big a pain they are..:-) Thanks and Regards Amit http://amitranjan.wordpress.com/Anonymous
November 20, 2006
The comment has been removedAnonymous
November 21, 2006
Here's a question for you folks to ponder. "Is MikeCal a bald faced liar?" (No need to post your answers.) I realize that, at the point where you've decided that I AM a bald faced liar, there's nothing I can say to convince you otherwise. Anything I'd say would be a lie too. But, as pointless as my saying this is, I'll tell you that over the last year and a half of posting here, I've never said anything that I knew to be wrong. It's possible that I've made mistakes. It's possible that I've unknowingly gotten my facts crossed. But I've never intentionally said anything that was false. No, we didn't decide to cut the feature and then come up with the security excuse to justify it. The security flaw was bad enough that we had to either fix it or cut the feature. And we didn't have time to fix it. No, it's not fiction that we see an important difference in ability for a user to make his system insecure and the inability for a user to make his system secure. And, however bad a job I've done of explaining the severity of the security flaw, it's not a lie that we really do consider this one to be huge. Maybe everything I've said all along has been a lie. Maybe the backlight actually generates battery power rather than burns it. Maybe RAM is really a fancy name for a hard drive. Maybe pressing and holding the 0 button on the phone actually makes it explode and I was just hoping to catch a few users unaware. Or, maybe the previous 34 articles and countless comments have all be true, but were really part of a grand scheme to build your faith in me so I could pull the wool over your eyes regarding this particular feature. You be the judge. MikeCal: Modern day Machiavelli, or just an honest developer trying to explain how things get done here at Microsoft. <stifles a maniacal cackle> MikeAnonymous
November 21, 2006
Amit, I believe you're talking about a different thing. You said that WiFi is disabled when you connect to a desktop PC. Do you mean that the PC's WiFi is disabled or that the Device's WiFi is disabled? MikeAnonymous
November 22, 2006
My pocketpc have a wifi, but don't have bluetooth. I only can syncronize by usb. Aaghh.Anonymous
November 22, 2006
The comment has been removedAnonymous
November 27, 2006
@bill: The decision about what changes go into AKUs is primarily driven by what operators want to ship their devices, and not by whether or not we "care" about security. That said, a fix for the client auth bug you mention did go into one of the versions of AKU3.Anonymous
November 27, 2006
The comment has been removedAnonymous
December 03, 2006
The comment has been removedAnonymous
December 05, 2006
The comment has been removedAnonymous
December 06, 2006
Mike, I have to hand it to you, kudos for explaining this in real non-marketing terms to us. I can see that lots of people are angry here about this but they forget that they wouldn't even be able to vent their anger unless you had come forward with the raw truth. Even though I have a problem with corporate MS, I like the people like you are still real and willing to talk to the end users. It is only through mistakes that we really learn. Thanks, /DAnonymous
December 06, 2006
I thought I should add to my previous comment on this old post because I finally understood what you meant by ActiveSync being unsecure over IP: (after all I have zero knowledge of AS/Windows mobile as I stuck with Palm OS until WM is stable/frozen -probably the 2007 version?) you mean that there no level of authentification for AS on the desktop, right? So anyone polling the on the IP:port can get access to user data... Although I too would find very unsecure for a user to enable the feature I still do not see the rationale for disabling the feature all-together. After all if the user want to put full access to the HD in aninymous ftp it is still possible in Windows (after a lot of un-ticking). So why not leave it for ActiveSync? Just to show that I am not always siding with the user: I too think that leaving memory management to the user is not the best. So "hiding" on X is fine by me (provided the OS memory management works). Charles SOC developperAnonymous
December 06, 2006
"So why not leave it for ActiveSync?" I meant: leave the feature off by default and let the user enable it after a lot of unticking; plus add a group policy to it so that in corporate environment it can be disable by policy. Doesn't that seem resonable?Anonymous
December 08, 2006
The comment has been removedAnonymous
December 15, 2006
I'm curiuos about something. If WiFi sync is insecure, what about Bluetooth sync which hasn't been disabled? Sure, it's a limited range but by the same argument, it's also insecure. Right?Anonymous
December 16, 2006
Now I'm curious. Why hasn't someone interfaced a raw socket, IP-driven interface to a COM port so home users like me can trick activesync into believing there is a local COM port attached to the machine? Yeah, you know, the virtual kind. I've been looking into this a bit but unfortunately don't have time to dabble in a client-server application to enable this idea, so I'll throw it out there and hopefully someone will develop it. Please let me know if you do, it'd be appreciated. PPC client app --> internet --> server socket, masquerading as COM port --> Activesync setup to use said COM port. Yeah, it's possible, doesn't take a rocket scientist to figure that out. As far as encrypting this well, yeah, it takes a certain open source developer to imagine that part up ;) Chris Victoria, B.C. CanadaAnonymous
December 17, 2006
Ssrikonda - like it says in the main article there are several differences with bluetooth. It has some authentication via pairing, link-layer encryption, and it has short range.Anonymous
December 18, 2006
Mike, will you do an explanation on the how and why of the removal of backup from AS as well for us. I like your way of writing and taking the effort of explaining the hard to accept matters. Marc.Anonymous
January 03, 2007
Mike, I seriously don't understand why people have become SO bitter over the lacking WiFi situation - Yes, in the short term people will have reduced functionality within AS, but if it's a choice of 'reduced functionality' over 'data security' I'd choose to use a secure environment every time. I guess a lot of people (developers and users alike) just don't appreciate the significance that a security flaw can have in an Global Operating evironment. It's easy to sit at a computer and say 'give me the option to enable this facility', but in doing so it leaves room for human error and the ramifications could be significant (why anyone would choose to open up a security flaw in a business evironment eludes me?!?) C'mon guys, can't you see that Mike IS telling the truth in this Blog, and that the WM Team are simply looking out for our best interests?!! Lets just hope that priorities get sorted and securing WiFi is dealt with soon... Keep up the good work Mike... Cheers, Steve.Anonymous
January 03, 2007
Mike, I must admit I would like you to answer the question about what higher priority features are being developed instead of focussing some effort onto this. Personally, I can't think of anything that would be more gratefully received than the abililty to remote sync. By removing this feature, MS have made it impossible to do a remote sync to Exchange 2000 servers. A cynic might suspect that this has been done to force businesses to upgrade their servers to Exchange Server 2003/2007 at a time when syncing outlook to mobile devices is becoming so important.Anonymous
January 03, 2007
The comment has been removedAnonymous
January 03, 2007
(I'm back after a nice long vacation.) SSrikonda the main difference between BTh and WiFi is that BTh is a direct connection to the PC that doesn't go over IP (the internet). WiFi is an internet connection that can be made from anywhere in the world. You CAN use BTh to connect to the internet, but you can't use that to sync to AS. As I've said before, we didn't remove WiFi Active Sync. We removed internet->desktop Active Sync (IP sync). It's just that WiFi needs IP and BTh doesn't. So by removing IP Sync, we removed WiFi. Martin, I really can't start announcing unannounced features. But I will give you one example of a work item the AS team prioritized higher than WiFi AS. If we hadn't done work in Active Sync, then it wouldn't have worked in any way in Vista. Not WiFi, USB, serial, anything. Having no desktop sync whatsoever in Vista would have been a bigger problem for a larger number of our users than not having WiFi desktop sync is. I know this won't make anyone planning to stay on XP any happier, but these are the kinds of decisions we have to make. MikeAnonymous
January 05, 2007
I personally think that given Mike's explaination of the security flaws in Wi-Fi active sync, Microsoft we right to disable it. People would be even more angry if all there personal details were spread around the world, than if they had to enable Bluetooth to sync their devices. IanAnonymous
January 14, 2007
The comment has been removedAnonymous
January 14, 2007
Just another note... I played with emoze (www.emoze.com) for about 30 minutes and got it fully functioning on my T-Mobile/HTC Dash. A NOTE: You need to restart the phone completely once you get it installed to reset the EDGE internet connection. I'm going to test it for a while, but it already has this functionality working 100% so far. I'm impressed... Regards, RobAnonymous
January 16, 2007
The comment has been removedAnonymous
January 16, 2007
The comment has been removedAnonymous
January 16, 2007
Oh wow. Are you the Motorcycle driving, Tae Kwon Do Master, college roomate 15+ years ago Eric Cha? How cool to hear from you! Hit the "Contact Us" link and send me your email address. MikeAnonymous
January 18, 2007
Cough...cough...answer...his cough..question.. Mike cough...cough..! ;)Anonymous
January 22, 2007
Sorry Andy. Even if I had a firm date, I wouldn't be the person who would announce it. Development makes features happen, but it's marketing that decides when the public learns about them. Things would go poorly if the marketers decided to start writing Windows Mobile code. Things would go equally poorly if developers suddenly thought they could marketing's job. MikeAnonymous
January 28, 2007
The comment has been removedAnonymous
January 28, 2007
The comment has been removedAnonymous
February 09, 2007
The comment has been removedAnonymous
February 14, 2007
Just installed and analyzed AS 4.5. Guess what? In Connection Settings I find "Allow wireless connection on device when connected to the desktop" checkbox. When checked it sets the related dword value in the registry to 1. (HKCUSOFTWAREMicrosoftWindows CE ServicesDual-Home) Can some check if WiFi works again? CheersAnonymous
February 14, 2007
addendum: if you set HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows CE ServicesAllowDTPTOption (dword) to 0 the Wireless connection checkbox doesn´t show (of course ;O) CheersAnonymous
February 17, 2007
Tweakradje, I tried it and WiFi works. http://nationwidevpn.comAnonymous
February 22, 2007
It's been a long time sicne I last updated my blog... Work and baby issues take up a lot of my time now.Anonymous
March 07, 2007
The comment has been removedAnonymous
March 16, 2007
Security is good, but should NOT be manditory. It is like a car salesman selling you a car that is locked, and ONLY giving you the keys to the trunk through which you enter. The other doors and windows are superglued shut, and will not open, ever. Good call Microsoft. Play big brother for us. We are unable to make decisions for ourselves anymore. What will happen when WWIII happens> Will you hold our hands for us then? Please? After all, we are stupid lieele morons who don't know any better. Thanks for nothing.Anonymous
March 18, 2007
Apologies if this has already been asked before but I would like to know from Mike ~ If the reason Wifi was removed because of 'security reasons', then why has it never been removed from ActiveSync 3.8 (of which I use very happily on my Loox720)?Anonymous
March 19, 2007
MikeP8RSON, There's no way for us to "unrelease" software. Once it's out, it's out. The only real way to remove something from a piece of software is to release a new version that doesn't have it, and hope people will update. That's precisely what we did with Active Sync. MikeAnonymous
March 20, 2007
The comment has been removedAnonymous
March 20, 2007
IMHO, this whole post is absurd. I do not know (and honestly, do not care) whether this decision was made to make another product (Exchange in this case) more appealing... BUT, I know that removing WiFi Sync from AS was a very bad idea. I only used to Sync my PocketPC with my desktop via WiFi NOT the Internet and our WiFi network is pretty well protected. Why SHOULD NOT I be able to sync with my desktop via WiFi? Luckily my laptop has built in Bluetooth and I think I can somehow manage to sync via it (though not sure). Anyhow, this decision brings only discomfort to those users who know how to proect their system. Someone has mentioned above having Wifi sync disabled by default and having a choice to enable it via group policy. That would be the best thing to do and by the way... "It’s clear that, as little as 5 years ago, most Microsoft employees didn’t understand security well enough." If 5 years ago most MS employees did not understand security issues... well... I'd better leave that with NO COMMENTS. I beg pardon for my tone but I've just bought a $900 device (switching from an equally expensive Nokia device) and I am not able to even sync it with my PC via WiFi, this is totally absurd. G.S.Anonymous
March 20, 2007
The comment has been removedAnonymous
March 20, 2007
Hello Mike, First off, thank you for your response. I do appreciate you taking time and answering our (angry) comments. Again, I beg pardon for being too critical. But you should understand our position too. I run a small IT company and we do take security seriously, indeed. But again, imagine yourself buying a new device that cannot even be synced over the wireless. It is the 21st century and why should I be forced to use the cable? But even if it is not possible (though I seriously doubt this) to make it secure with the previous method, then please add some sort of encryption to it. The fact that it works with Exchange only makes people believe in conspiracy theory. Thank you again for your attention to this matter. Respectfully, George S. P.S. When I was posting this, I finally configured to use ActiveSync over Bluetooth and luckily both my laptop and my Pocket Loox T830 support Bluetooth 2.0 and quite good speed was achieved.Anonymous
March 26, 2007
OK, I've read this entire blog to date, and I'm very sorry, but there is clearly a misunderstanding somewhere with how IP security is supposed to work! Firstly let's just clarify why the feature was removed - it was because one or more "enterprise" customers has expressed concern over security - sorry but they clearly do not understand either. If I was a home user and I wanted to sync over wifi within my home, I could potentially be at risk because wifi does not stop at walls, and sync uses an insecure and unencrypted protocol. Fine. Similar situation if a user wants to sync via a wifi hotspot - but this time I'd have to open the firewall on my home router to allow this protocol through - which would let any external through to my AS host that stumbled on my IP address. If I was a corporate customer I would have similar concerns. But this is why secure protocols exist and why everyone should lock their home wifi down to mac addresses and possibly place them outside their own firewall. If the sync was to be done over a VPN connection (many routers will act as VPN endpoints) why is this any more insecure than any other use of VPN? Put the functionality back into ActiveSync and let everyone secure their networks properly. John P.Anonymous
March 27, 2007
John, I'm sorry, but just about everything you said is incorrect. The feature wasn't removed because enterprise customers expressed concern over security. The reason home users are at risk has nothing to do with Wifi not stopping at walls. Wifi hotspots have nothing to do with the problem at all. If you locked your home wifi down to a mac address, it wouldn't solve the problem. The sync isn't done over a VPN connection. If we put the functionality back in, 99% of the people who have commented here would think they know how to secure their network against the threat. Each of them would be wrong. When I first wrote this entry, I was pretty convinced that removing IP sync was necessary. The comments here, though, have really opened my eyes. You folks are firmly driving home how badly we needed to remove the feature. If people can read me saying over and over again that WiFi has nothing to do with the security flaw and STILL think they can protect their network by locking down their WiFi, I can't imagine how we could educate people on how to use the feature safely. MikeAnonymous
March 28, 2007
Well Mike, Your replay has I am afraid done nothing to convice me, or probably anyone else that you (nothing personal) or Microsoft know what they are doing - at least on this subject. The announcements of ActiveSync 4.0 posted all over the web clearly state the feature was removed due to security concerns from enterprise customers. Home users could only be at risk of criminal access to desktop PCs running activesync if either they had incorrctly set firewalls (a proper one in their router - not the "windows" firewall, or an open wifi access point. If you're not sure you have a secure firewall then visit the Shields Up part of www.grc.com The activesync protocol is not encrypted, so the fact that wifi does not stop at walls means that any clever criminal can snoop the wifi traffic, unless the wifi is correctly set up with all security features turned on. Locking down mac addresses will only deter the idiot criminals, not the clever ones. The reason why hotspots are a problem is that if you have your home/corporate pc exposed to the internet, even just the port that is needed by AS, this is easily accessed from anywhere on the internet, but the only reason you would do this would be to enable yourself to sync from outside your own network, most likely via a hotspot. If however I have a VPN configuration and therefore a completely private link from my PDA to my desktop PC, usable from anywhere on the internet, even wifi hotspots, any IF traffic will be secure, even AS! Please explain why this would not be the case - because otherwise every user of VPN is at risk, not just AS users. The only thing I can think of is that WM5 is so insecure that allowing sync over IP would allow any imposter to steal info directly from the PDA. If that is the case, the basic AS protocol is severly flawed and needs fixing fast. Again please explain. Microsoft should be listening to it's customers for a change to make this work. Unfortunately for you I've been working in this area far too long to simply accept anything anyone says about computer security without knowing ALL of the facts. (I was one of the first people to run IP traffic over a transatlantic public network - you'd better believe I know all about security!) JohnAnonymous
March 29, 2007
John, I'm sorry that I misunderstood your post. I thought you were saying that AS always goes over a VPN, not that you yourself had gone out of your way to set one up. If the only time you ever communicate with your PC is over a VPN, you're probably safe. But, of all the people who said that they're secure, you're the first one who has set up a VPN. Yes, it's POSSIBLE to secure Sync over IP. But the majority of people will think they're safe and won't be. If the only guy who can secure his IP Sync is someone with so much experience that his bits were the first to cross the Atlantic, then I hope you can see why this isn't something we can just leave enabled. An expert in the field could have protected himself against many of the famous security flaws found in Windows over the years. Yet, never did anyone ever say, "Good for you, Microsoft. We're glad you left protection in the hands of your users." No one ever said, "Hey, a hardened security veteran could have protected himself, so this flaw is okay." We have a responsibility to fix egregious security flaws in our code. Sometimes we'll do that by rearchitecting the code to make it secure. Sometimes we'll do it by removing the feature. Sometimes we'll do it by removing the feature until we have time to rearchitect it. What we will not do is leave it as an option to the user when we have documented evidence that the majority of users will get it wrong. It's not that we think people are stupid. You know as well as I that this is complex stuff. And it's not that we're trying to be paternal. It's that we've been told time and time again that the responsibility for making our products secure is ours. We agree with that assessment. MikeAnonymous
March 29, 2007
The comment has been removedAnonymous
April 02, 2007
I thought I had discovered a possible solution to microsoft's challenge with funambol, went through the setup and everything. funambol connects perfectly with the WM device, and syncs everything on the funambol server with my WM5 phone, over any network connection available. Unfortunately, the Funambol Outlook plugin is PIM only, so I can't get the outlook email onto the server. Oh... but the funambol EXCHANGE connector works just fine... if you have exchange... but that's kinda pointless, isnt' it, since we CAN sync email if we shell out for exchange.Anonymous
April 18, 2007
The comment has been removedAnonymous
April 18, 2007
So why not enable over bluetooth when you removed WiFi. Lots of phones support bluetooth synching. Lots of DUMB phones can do it. What about a Microsoft smartphone?Anonymous
April 19, 2007
SteveR, BTh sync works just fine. MikeAnonymous
April 19, 2007
Mike, Thanks for your comments. I just have some questions and I would really appreciate it if you would answer this without trying to deviate from, or ignore the question by stating unnecesary information which do not have any direct relevance to my particular question: If Microsoft are so concerned about security, why is it that the end user can:
- Connect to the internet even if they have no firewall (hardware OR software) in all its operating systems, even with the so called 'more secure' Vista?
- Enable autorun for all removable devices by default on in XP/Vista? Disabling the autorun is the users responsibility (i.e holding shift while inserting the device). In every MS release to date, security of their data is more or less left to the enduser. Why double standards with AS? You also seem to forget that something as simple as a registry bit which activates the AS over IP setting would satisfy the nerds. Whether they set up a VPN or NOT is up to them, and its hypocritical for you to state otherwise.
Anonymous
April 19, 2007
Kunz, you'll have to ask those questions to the Vista team. This is the Windows Mobile Team Blog, not the Vista Team Blog. We're not the same group. MikeAnonymous
April 20, 2007
The comment has been removedAnonymous
April 21, 2007
kunz, read through the previous comments. Everyone knows the security explanation is only a cover up. You'll never get a straight answer from these people..just got with Exchange.Anonymous
April 23, 2007
The comment has been removedAnonymous
May 01, 2007
Dude! Having never blogged before this is a first, but I read this with great amusement. (Having just gotten a Smartphone, and discovering to my chagrin that I couldn't sync over wi-fi). First, kudos on your patience. I'm sure I couldn't keep answering the same questions over and over again without blowing a gasket. (and maybe some name calling for good measure) I am also surprised on how little people understand how commercial development happens, and the concept of "priortizing"--where you have more work than resource to accomplish goals. I am also surprised, at all the folks who want to have this feature enabled regardless of the risk. Even with all the warnings, I'm sure some of those same folk would be the FIRST to blame Microsoft for the security flaw when it affected them. Ah well. Having said all that, hurry up and fix it!!!! :-) oh yeah, and cut and paste whilst you are at it?Anonymous
May 03, 2007
This is a real bummer... I was just looking for an alternative to sync my new PDA to my laptop and BlueTooth just will not work (been trying for weeks). I could care less about syncing over the net. I just wanted to do something like setup an Adhoc connection and use that. I can see MS point of view. Unfortunatly a few bad apples (hackers) have really messed up a good thing (the net). But, I am sure everyone here is willing to pay $200 for AS5.0 so MS can double their development effert to grant everyones wishes! (and are willing to wait until 2010 to get it completly debugged, and rock solid stable)Anonymous
May 08, 2007
Well, the change is pretty upsetting. Maybe the ethernet ActiveSync is not encrypted, but the VPN connection I use to get connected to the computer I sync with is definitely encrypted. Why not allow ActiveSync over a fundamentally encrypted connection?Anonymous
May 09, 2007
The comment has been removedAnonymous
May 09, 2007
The comment has been removedAnonymous
May 09, 2007
@MikeCal: Thankyou for your quick reply :) On my WM5 PDA i switched the Sync settings to "Serial USB" and after a soft-reboot (on the PDA side) it was correctly recognized by ActiveSync on my Laptop. You are right that "a slower connection is better than no connection at all", and I didn't find a really noticeable speed decrease yet - I was kinda 'thinking out loud' in my message above. FYI, my laptop is an Acer Aspire 1690 with Intel(R) PRO/Wireless 2200GB Network Connection (and a Broadcom NetXtreme Gigabit Ethernet adapter).Anonymous
June 04, 2007
Mike, I totally respect your willingness to continue discussion with such a clearly hostile audience... Hopefully you are still keeping up with the comments here, even after this long. I've read thru all your reasonings which were given, and theyre fine. IP/WiFi sync is inherently insecure, fine, given.. Priorities must be considered to implement a secure and authenticated sync, fine also given.. What I have to simply flat out disagree with though is that providing a workaround solution for the people who want it is a ton of work.. Serial port sync is still available.. its what BT uses. This was suggested earlier in one of the comments.. Why not write a virtual com port app? Basically you'd have an app which provides virtual com ports on both ends, device and desktop, and uses IP to connect client -> server, securely authenticating and encrypting the communication in the process. And you know, just release it as a "PowerToy" or something to appease the hordes. It would of course be even better if all this were integrated directly into activesync, but im sure a lot more hoops would have to be jumped thru for that. I firmly believe this is not a ton of work at all.. All the pieces you need to do it are already available to you for the most part. Am i wrong about this? I've already found several open-source projects which show how to do virtual com ports, and others for how to do encryption. The rest should be trivial. Its been what, nearly 2.5 years now since Wifi sync was removed? It just doesn't sit right... Conspiracy theories abound.Anonymous
June 08, 2007
Having just bought a t-mobile Wing PDA phone, I was very surprised to discover the lack of remote sync abilities (even though the phone has built in wi-fi). I've read through almost all the posts here so far, and basically I've arrived at an overall feeling of disappointment and helplessness. Yes, I understand that wi-fi and ethernet is insecure, but that's only when it's un-encrypted! Seriously, how hard would it be to tack on some encryption on the ethernet/wi-fi ActiveSync code and call it done? Have the user define the encryption key over on one end, then have them define it over on the other end. Encrypt any data using the key, before sending over the open network, then decrypt it right before processing on the other end. Geez. There's literally no reason why I shouldn't be able to sync with my computer remotely using my device's EDGE or Wi-Fi! If this feature has really been left out for 2.5 years now and the only reason is that it's "insecure", well... that's just un-acceptable. Securing things is not even nearly as difficult as you're making it out to be.Anonymous
June 19, 2007
The comment has been removedAnonymous
June 19, 2007
Oops, looks like Dennis George and I where thinking along the same lines....Anonymous
June 20, 2007
Clearly someone smart should write an application that terminates an EAS session (which the devices support natively) and talks to the outlook PIM store (via MAPI or CDO or whatever API MS has deemed to be usable these days for this purpose). I have a few spare hours this evening, perhaps I'll go write it... ;)Anonymous
June 30, 2007
Someone else disappointed at the removal. While I admire the quest for a technically perfect solution, surely the only steps required are:
- Check that the WiFi connection is secured
- Check that the destination IP is a private one. By adding (2) you would ensure that either I was operating within my own private network or I was VPN'd into it. Of course I could have someone intercepting traffic on my own private network, but frankly if that's the case then I've bigger problems than worrying about my calendar information going astray. After all, mobile devices are far more likely to suffer from physical loss than intrusion like this.
Anonymous
August 01, 2007
The comment has been removedAnonymous
August 13, 2007
As far as i am concerned, the only logical reason for disabling WiFi is to perpetuate outdated bluetooth technology, and allowing it's manufacturors to recoup their investment.Anonymous
September 13, 2007
The comment has been removedAnonymous
September 13, 2007
The comment has been removedAnonymous
September 27, 2007
I am another user who is disappointed by this. Anyone know a work around? I have a WM6 device.Anonymous
October 01, 2007
I still don't understand this security handwaving of how "WiFi has nothing to do with this." Let me give a simple hypothetical situation, and I'd like you to please explain to me where the insecurity is:
- I have a wi-fi network that isn't connected to the internet. It's WPA2 encrypted.
- On this network is just my Windows desktop and a router.
- I want to perform ActiveSync over IP to that Windows desktop. I don't care that ActiveSync over IP opens up the entire device to changes. Only trusted devices are on this network anyway. Where exactly is the horrible, terrible security risk that you claim to have spent so long explaining but, as far as I can tell, exists only because some sort of imaginary malicious device (or "the internet") could intercept the communication? How is this imaginary malicious device any different than bringing in a malicious laptop that reads off the entire device RAM whenever it gets plugged in? How is this any different than syncing over BTh?
Anonymous
October 01, 2007
Greg, if your PC isn't connected to the internet, then you're right that IP Sync isn't a security risk. However, the vast majority of people who will use ActiveSync will also connect their PCs to the internet. So, even though you don't have internet connectivity and could get away with IP Sync, we need to cover the majority case first. MikeAnonymous
October 04, 2007
The comment has been removedAnonymous
October 04, 2007
Sven, you're describing browsing the web. In that case, you're a client going out to web pages and pulling data back. IP Sync sets your desktop up as a server. This enables the world to connect to your desktop at will and pull data from it. Call me whatever names you'd like, but servers and clients are different things. Yes, we've heard of VPNs. Had ActiveSync used a VPN to do IP Sync, we probably wouldn't have needed to remove the feature. It didn't. If you'd like to know more about why it didn't, please read the blog entry these comments are in response to. MikeAnonymous
October 19, 2007
Mike: Thanks for at least showing me that I had a correct understanding of the situation. Hopefully this can be reimplemented securely in a future release.Anonymous
October 22, 2007
This has been stated before, Microsoft could have required the use of a VPN, WPA, or WPA2 with Network ActiveSync instead of removing completely. MikeCal said above previous versions of Network ActiveSync didn't work with a VPN connection and ActiveSync 3.8. I thought it did, but I could be wrong. Even if it didn't, this could have been implemented when using Windows Mobile 5 Network ActiveSync and ActiveSync 4.x.Anonymous
October 30, 2007
So it is now over a year. Any progress on IP Sync? I really really miss this feature. Although I suspect that it's become an orphaned feature as the number of people who might use it have moved to a Blackberry or similar devices. Too bad, I have one as well, but still like my PDA to read my personal mail at home.Anonymous
November 02, 2007
"The official (and true) reason has always been stated as “We removed it for security reasons.”" How about leaving it up to the user whether they want to take that security risk or not? I have always hated companies that make blunt hammer decisions for their customers. "Desktop ActiveSync over WiFi was sending all your contacts, calendar, and email data over the internet without doing anything to keep people from reading it." By the way, using WiFi to sync doesn't mean your info goes out over the INTERNET. It means it goes out over the air to your LAN.Anonymous
November 05, 2007
Or, alternatively, have a look at: http://z-push.sourceforge.netAnonymous
November 17, 2007
Hi! I would like to customize the PassThrough driver to avoid disabling the WiFi. How can I do that? Thanks.Anonymous
December 02, 2007
The comment has been removedAnonymous
December 05, 2007
The comment has been removedAnonymous
December 29, 2007
The comment has been removedAnonymous
December 29, 2007
I don't deny that there are scenarios where it's not a problem. Customers can choose to accept the risk or they can put appropriate mitigations in place. That was a small number of customers though - not enough for us to justify spending resources on it compared to other features that are for broad use. If I could turn back time, I wish we had left the feature in to be enabled with an undocumented reg key. That would let the power users still get to the feature but keep it from endangering the majority of customers. Undocumented/unsupported features do have a tendency to break though - unsupported means we're not going to spend resources on it to test it or keep it compatible with the other parts of the system. As for the likelihood of it coming back, I don't work on the sync team and I can't make any official forecasts, but I don't see it coming back in the short term. (like in some sort of WM6.X release) I don't want to give you the wrong expectations. This blog entry isn't an argument that you can win in order to get the feature back. It was an attempt to clear up something that I think should have been explained better. Even if you were to convince Mike and I that the Windows Mobile team had made the wrong decision back in 2004, it wouldn't bring the feature back today. The sync team would need to decide that it is more useful for customers to do that than the other things that are on their list. (like improving WMDC or any number of other things) ScottAnonymous
December 31, 2007
Mike, I bought a WM5 PDA in August, and dutifully installed ActiveSync. However, the cradle is never near my (also portable) laptop. Therefore my last PC sync was (you guessed it) in August. I've resorted to using a 3rd party Exchange Server to sync calendar/contacts, but cannot sync files. I therefore have files on my PDA which are neither backed up nor shared to my laptop--so much for connectivity.
- I've read this entire blog, and appreciate your candor. I also understand your position, even if I disagree with MS's priorities. Several times you've suggested that a dissatisfied user should "Tell us to bring a secure version of the feature back. Tell us about the pain we're causing you by disabling the feature." Well, I'd like the feature, and I'm in pain. Who should I tell, and how will I know if it does any good?
- Is there currently any method of using AS to reach my PC? It it possible, for instance, inside a RD session, or on top of a VPN, or is there simply no way? If not, then it's likely that I'll never sync until either MS releases a fix or I buy other hardware, whichever comes first. I suppose my data's secure, since even I cannot reach it! But that's certainly not the "feature" I expected ... -- Todd
Anonymous
January 02, 2008
The comment has been removedAnonymous
January 06, 2008
Martin Nicholls said it much more eloquently. MS you're talking balderdash!Anonymous
January 08, 2008
"Martin, no it has nothing to do with the security of your 802.11 network. The problem that forced us to remove IP Sync is still present if you turn off WiFi entirely. I've tried a number of times to explain this, but I'm just incapable of getting that message across." It's because there are two different security issues and to most people, they're the same thing even though they're not. They think you're talking about eavesdropping or man-in-the-middle attacks when you're really talking about general insecurity that comes from having any ethernet port open to a device with no content transfer security. As you note - it would be just as insecure if you had a physical connection to the internet over CAT-5 or through a Bluetooth passthrough. The real answer, of course, is to fix the actual problem. You've already noted several times that things like FTP and SMTP/POP are okayish because they at least have some kind of password protection (it's in cleartext - so it's pretty meagre protection, but hey)... so why doesn't the WM team (or better the WinCE team) implement some kind of basic device access authentication? Besides fixing this problem permanently - it would also give a way to uniquely ID each device in a way that would allow it to be usable as a security token. I know back in the day WM/WinCE devices were supposed to be exactly that - devices - not tiny computer systems with many of the same functions found in a full OS, but that day has passed. If security is really the issue (and I think it is) then let's get on with real world security solutions rather than patching stuff up or worse, removing useful features. The other problem with the answers we're getting is that this was a feature that did exist. It worked. It just had one rather significant defect: it was insecure. Your comment about them not having the time to fix is seems strange since they had the time to remove it. Agreed, it's not the same amount of time needed, but it seems weird (and badly planned) to us to remove a feature with no consideration on how to replace it. That makes it feel like the decision was a panic decision and not well thought out. Should MS have panicked? Well that depends on how severe this defect is - and that depends on what you're doing. Very few people use their PDAs to run air-traffic control systems or nuclear plants (and BTW - this is why every OS comes with a Statement of Usability - that weird thing that states that you can't use the OS to operate a nuclear power plant...) so while you're technically right - you're justifying what to most people is a small flaw by using huge and unlikely examples. At most - someone can read or write my files remotely - which is, of course, what I want to do. So, you put an alert that says 'If you turn this feature on - people may be able to read or modify your files without your permission.' similar to the warnings XP and Vista give when you turn on things like drive root level sharing. I agree that security is essential - but what's bugging a lot of us is that it's applied inconsistently at Microsoft. Some things we think should be very secure seem to be insanely easy to break - while things, like ASoE, are things we don't really worry too much about but are locked down tightly. It makes it very hard for us to anticipate what's coming up - and equally hard for us to understand the rationale for the decisions. And that makes us cranky. :) One last comment: the group that always gets it in the neck on these things are the developers. How exactly do we develop for WinCE 5 if we have a device that doesn't HAVE a serial port, IR, Bluetooth or USB client capability and only has an Ethernet connection?Anonymous
January 16, 2008
Ok, so it is now January 2008 and about 1.5 years since ActiveSync 4.5 was released. I am completely confused by "I can tell you definitively that the team responsible wants to re-enable desktop ActiveSync over WiFi. But I have to also tell you that they have a lot of other things they need to do first." Maybe I am missing something but:
- Where are all of these "other things"?
- If the "other things" are completed by now. As shown by the lack of an update in over a year, then where is the ActiveSync over WiFi feature?
Anonymous
January 17, 2008
The comment has been removedAnonymous
January 29, 2008
The comment has been removedAnonymous
February 17, 2008
The comment has been removedAnonymous
February 28, 2008
So, I'm using WEP and my PC and PPC are behind a firewall. Where's the security problem? I'll keep using AS 3.7.1 and PPC 2003SE. Another option would be to buy a Palm.Anonymous
February 29, 2008
The comment has been removedAnonymous
March 06, 2008
Since Microsoft does not give a d*** about its user, are there any alternatives to ActiveSync/WMDC that allow wifi sync?Anonymous
March 07, 2008
Well, we are in March 2007 now and I am one of those millions of users. The clock is ticking, Mike... I think it it should be obvious by now that this issue will never go away, the only thing that will happen is that the mighty MS so shiny reputation is moving deeper into the drain in the eyes of many customers. You remove something for "security reasons", but are not able to fix a simple thing like this within a year and half?! My only question is this and it is one for marketing: Do MS have the intention to fix this problem? If not, I am so wating to hear why. If yes, how is it possible that it can take more than a year to solve a security related problem? It is amazing to see that a multibillion dollar corporation is able to ignore the voice and needs of millions of users for this long. Or maybe it is only a multibillion dollar corporation that can afford to do a thing like this? I can promise you Window Mobile will not be in the next device i buy.Anonymous
March 07, 2008
Sorry, that is March 2008.. :-)Anonymous
March 10, 2008
The comment has been removedAnonymous
March 11, 2008
You said: "You can have a fully encrypted WiFi connection to a router so that everything going over the air is protected, and then have it go unencrypted from the router to the desktop PC. If anyone is capable of listening to that connection, then they're capable of doing bad things to your desktop PC (if you have Sync over IP enabled)." The last time I looked behind my computer desk, no one had hacked into the 6 foot cable between my router and PC. If that is possible, then the cable going from the hotsync cradle to the PC can also be hacked. Yea, right. I suppose in the next release, network printing and the ability to access shared folders on a PC will be disabled. Why not just remove WiFi and Bluetooth from it all together as a security risk? If the PPC is supposed to be a wireless device, wouldn't you think it should work wirelessly? Duh! I don't even know where my cradle is. I've synced wirelessly ever since I got the PPC. I charge it every night from solar batteries using a 12 volt charger cable. From the other recent posts, it would seem that for the user, this is top priority. For MS, this seems to be at the bottom of the list. Do you wonder why people seem to think MS is not in touch with the users?Anonymous
March 13, 2008
Mike, Why don't you answer THE question? Why didn't you just turn the wifi feature off and give us the choice to use it or not? You give us a choice to use windows firewall.Anonymous
March 23, 2008
The comment has been removedAnonymous
May 01, 2008
The comment has been removedAnonymous
May 01, 2008
In a similar fashion I don't understand why the backup feature has been removed since AS4.0 ? My family and myself used this feature in previous versions, for the first generation pocketpc's, and you can imagine the disappointment when I found out it's impossible to backup these days. Reliability of alarms is an ongoing issue on the WM5 machines that we own. The HP Jornada was more reliable, and dad still uses that one, even though syncing that one is no longer possible with AS4+ (forcing him to manually make double entries). Even though the new hardware has become more powerful and very impressive, the mircosoft part of the deal has left us in the cold on so many aspects. I'll be looking at the competition next time we're making a purchase! Please feel free to relay my feedback to your superiors.Anonymous
May 07, 2008
Typical Microsoft, always what cannot be done, we're too busy making Bill Gates a Trillionair to worry about those pesky customers. Amazing to to see that the pathetic completely non-customer focused approach reaches every employee in Microsoft. Remember the first rule is that the customer is always right, oh unless you have a 100% monopoly on the market, then they can all get stuffed. Nice attitude.Anonymous
June 01, 2008
The comment has been removedAnonymous
July 06, 2008
"All of them, however, are a ton of work that needs to get prioritized against all the other things we need to do in ActiveSync." Seems to me that prioritizing is done by what's more profitable, instead of what customers want.Anonymous
July 12, 2008
the only time I ever use wifi on my mobile device is in my own house directly on the same secured wifi network as my server, or at work on secure wifi tunnelled over a vpn to my home server. how would using activesync over wifi in either of these cases be insecure? having to plug in a usb cable to my pc every time i want to update the calendar on it is enough of a chore, but not getting emails pushed to my device in my own house is the worst bit. is there really no way to re-enable this?Anonymous
July 12, 2008
Thanks Mike for your efforts. I've just stumbled onto this thread randomly and it's been very interesting to read. I agree with your reasoning. I found it kinda of funny though- of all the inconviences in the world it's kind of sad that we get so so outraged over such a little loss. There are really better things to get upset over.Anonymous
July 29, 2008
Hey I got an idea. you guys already have encryption in exchange server why don't you copy it from one windows program to the next one. probably could use cut and paste and make sure you stick it in at the right place. can't be that hard.Anonymous
September 01, 2008
Come on, seriously? Nobody puts ANTHING Microsoft on the open internet unless they absolutely have to - the number of security flaws in ANY Microsoft product is always hidden and numerous. Making it off by default = we might have believed you. Then it becomes a feature that you must implicitly enable and could be an insecure feature. Windows has so many of these it wouldn't surprise any of us. Removing completely = Something else - Maybe it's Laziness, maybe a way to sell more of something, who knows. But it certainly isn't security. You haven't fooled anyone - all you did is force me to stick to 3.8 so I can keep doing Visual Studio development with Activesync over Ethernet. That's all I use this feature for. I'm just thankful the devices I'm developing for are still PocketPC. Boo sir, Boo.Anonymous
October 07, 2008
The comment has been removedAnonymous
October 22, 2008
So I have WinMo 6.1 and set whatever version (can't see an "about" screen anywhere) of ActiveSync is on the device to schedule a sync ever 5 minutes. I don't have a data plan, only WiFi. Even with the phone's (Samsung i760 PocketPC on Verizon) radio turned off, it will sync with my hosted exchange service. Seems to work fine for me. Am I missing something?Anonymous
October 24, 2008
The comment has been removedAnonymous
December 11, 2008
what if I'm telling you I can setup a point to point wifi connection (sort like adhoc) that between only two device? that is my pc and handheld? Isn't that like bluetooth or irda link. And also the link is totally encrypted? will that bring wifi sync back?Anonymous
January 01, 2009
I know this blog is old and this issue is relatively pointless as of late, but I noticed the lack of positive, encouraging comments, and I would like to state that Microsoft has done an excellent job, coding is no easy task and to be at the top of world software/hardware engineering deserves extreme respect. I am happy with my windows mobile 5 device (dell axim x50 mid), I am more then willing to simply PLUG IT INTO my computer to sync it, and I just want to say thank you for putting so much time and effort into such a brilliant and excellent software system.Anonymous
January 10, 2009
The comment has been removedAnonymous
January 13, 2009
Can you try one more time to explain why a Wifi connection between two machines on an encrypted Wifi network is somehow unsecure?Anonymous
January 20, 2009
Okay, it's been like 3 years now. Has there been any progress on fixing the sync over WiFi? It kind of defeats the whole purpose of the device. We buy a MOBILE device, and you require us to tie it down with a cable? And while I'm on the subject- why can't I sync my Windows Live calendar/favorites/etc in Windows Mobile?Anonymous
April 07, 2009
3 years without this feature... And I also don't understand why a connection between two machines on an encrypted wifi network is unsecure. Windows Mobile Team, YOU ARE RIDICULOUSAnonymous
April 25, 2009
The comment has been removed