[Editor's note: All Windows Mobile devices run a version of the Windows CE OS. But not all Windows CE devices run Windows Mobile.]
Windows CE is an interesting breed. It is only two years younger than the desktop Win32 (on which Windows XP is based), and yet unlike its more widespread counterpart there has not been a single destructive virus, worm, Trojan, hijack or exploit in its entire history. This is a record that Windows XP can only dream of.
So what is the secret of Windows CE's security success? It goes without saying that CE is written no better (or worse) than its desktop counterpart. Both products came out of the same Microsoft coding policy; later generations of both operating systems are products of the Microsoft Secure Programming initiative and on the face of it, many of the API's involved are almost identical.
The real success behind Windows CE's security and its trustworthiness is a disparity between common sense and good luck. Windows CE has proven more trustworthy because mobile devices are traditionally disconnected, have a small footprint, experience fast turnover, and come from a multi-processor heritage.
Shoe size
As an embedded operating system the entire ethos of the platform is to minimize the device's footprint. As a result Windows CE lives up to its name as an Embedded Operating System. Due to the expectation that the hardware is limited in memory, and that it will only serve as a client device, system developers are not offered a number of the familiar system services which they provide for mainstream Windows. Those that have been carried over are scaled down, restricted, and reduced API versions of their larger counterparts. What this means in practice is that with a Windows CE device, there are far fewer ways in which it can be attacked. The system is listening on far fewer communication ports than Win32, and, crucially, the network layer is exclusively one waythis is why you cannot access your Handheld PC from another PC over a network file share.
The reduced number of services results directly in fewer exploitable components with vulnerabilities. This in turn makes the propagation of malicious code much harder between devices, as while one device may be compromised by a network virulent nasty seeking targets, by default it is less likely that any other given CE device is listening or vulnerable to infection.
Trustworthy computing
Of the entire series of publicly acknowledged mainstream Windows exploits over the last couple of years, the majority fall into three categories.
- Service exploits
- Buffer underruns/overruns
- Internet Explorer weaknesses
Printer-friendly version
