WiFi Did You Do That?


Having survived explaining why the X button doesn’t close apps, I’ve been emboldened to take on the completely radioactive subject of why WiFi ActiveSync was removed from ActiveSync 4.  I’m sure that I won’t come out of this one unscathed.  The people affected by this are really angry.  And, though I didn’t have anything to do with the decision, I’m guessing that you’re going to take your frustrations out on me anyway.  But, hey, someone needs to explain why these things happen.  That someone might as well be me.



The truth is out there


Conspiracy theories abound.  Because WiFi to an Exchange server still works, some people have suggested we did this to sell more Exchange servers.  That’s definitely not the case.  Exchange has considerably more customers than Windows Mobile (although we’re growing quickly!).  Hurting Windows Mobile to make Exchange do better just wouldn’t make any sense.  Don’t get me wrong, I’m sure that the integration between Exchange and Windows Mobile has driven sales of both.  But we’re not about to hurt one product to help the other.  If nothing else, Windows Mobile and Exchange are in different divisions, and both are expected to make money on their own.  So even if Exchange came to us and said, “Why don’t you hurt yourself to help us?” we’d say “No thank you.”  (Okay, our response would be less polite than that….)



Secure this


The official (and true) reason has always been stated as “We removed it for security reasons.”  But, judging from the number of angry comments I see posted here, that explanation hasn’t really convinced anyone that it was a good idea.  So, let me go into more detail.  The first major issue is this: Exchange ActiveSync is encrypted and desktop ActiveSync isn’t.


Quick diversion to explain what “encrypted” means.  Think back to the old days when you used to send paper mail through the post office.  And think about the difference between sending a post card and sending a letter.  If you put your letters in envelopes, you had some reason to believe only the right people would read them.  But with post cards you wrote, “Having a great time, wish you were here,” on the back and just assumed that anyone in the post office could read it.  For this reason, you never sent company secrets on post cards.  Encryption is like the envelope you put your letter in.  It helps keep people who aren’t supposed to know what you wrote from reading it.  If you don’t use encryption, you’re effectively sending post cards.  Only, it’s not just the post office workers who can read it.  It’s everyone on the internet.


And that’s one of the main reasons we cut the feature.  Desktop ActiveSync over WiFi was sending all your contacts, calendar, and email data over the internet without doing anything to keep people from reading it.  If that doesn’t strike fear into your heart, let me add the second reason.  When a device connects over desktop ActiveSync we don’t do enough to make it prove that it’s really your device (we don’t “authenticate” well enough).  So, yes, when you had WiFi enabled on desktop ActiveSync, people on the internet could watch what you sent and then use that information to pretend to be your device.  If they were successful at this, they could convince the your desktop to start sending your information directly to them.


You shouldn’t be furiously asking why we removed the feature.  You should be furiously asking why we ever implemented it in the first place.



So why did you implement it in the first place?


History lesson time.  (Did you really think you’d get through one of my blog entries without one?)  ActiveSync started out as a way to plug your device directly into your PC over a serial port.  Yes, it’s that old (many PCs don’t even have serial ports anymore).  There was no need for any sort of security here, because the only way to do this was to physically connect two machines.  If you had control of both machines, you’d already compromised whatever security was there. 


At some point, PCs and Pocket PCs started getting USB ports.  So we modified desktop ActiveSync to talk over USB.  But we mostly did it by pretending the USB port was a serial one and sending the same kind of data over it.  At some later point we started seeing Compact Flash network cards.  We thought, “Hey, that’s another way we could connect to ActiveSync,” and built in the ability to sync over Ethernet.  Not too many people used it, though, because it didn’t make too much sense to plug Ethernet cables into your mobile device.  Later on, though, WiFi arrived.  In the end, WiFi is just a wireless way to do Ethernet, so it pretty much automatically worked with what we had already built. 


Another brief aside.  We left Bluetooth enabled for a number of reasons.  For one, Bluetooth is inherently encrypted.  WiFi isn’t.   For another, Bluetooth has a limited range.  WiFi also has a limited range, but it’s a limited range to the nearest internet connection.  From there it can go anywhere.  Bluetooth connects directly to the desktop.  Though the Bluetooth standard supports Bluetooth devices connecting to the internet, we don’t support Syncing to the Desktop over such a connection.  WiFi could potentially connect directly to a desktop, but we’ve never had that feature implemented. 


It’s not really Sync over WiFi that we removed.  We removed Sync over Ethernet.  It’s just that WiFi needed Ethernet Sync to work.  Now, enabling Sync over Ethernet happened back in the time when viruses were rare (no one had figured out how to make money exploiting security flaws yet).  And, in those days, we didn’t foresee the coming storm of malware, nor did we know enough about how to prevent it.  So we enabled what seemed like a useful feature, blissfully unaware of how dangerous it was.


Remember that none of these devices were phones.  When we started making phone devices, we realized that users would have data connections anywhere they went.  And we realized that they’d want to sync their devices from anywhere in the world, not just at their desktops.  So we decided to make a way to sync directly to an Exchange server.  And, for various reasons, the original sync method wasn’t going to work.  We needed to make a new one.  This happened after the internet’s transition to the dark side, so we built encryption in from the start.  That’s why Exchange ActiveSync still works over WiFi.  It’s encrypted, so we didn’t have to disable it.



But I don’t care if anyone reads my data.  Enable me.


It’s clear that, as little as 5 years ago, most Microsoft employees didn’t understand security well enough.  That’s changed.  Everyone in development takes mandatory security training every year.  And the training isn’t even the same thing every year.  Each year we learn about new attacks that had been recently invented.  Mistakes can still be made, but we at least get it now.  How would you like to be the guy who caused an airport to be shut down because of a vulnerability in your code?  You could say, “It’s not my fault.  I wrote the code long before that kind of attack had even been invented yet.”  But in the end, you have to feel the weight of the flaw on your shoulders. 


Like it or not, we live in a world where every exploitable hole will be exploited.  And, in that world, we simply can not leave something as big as what I described enabled.  We had to remove the feature.  You may be willing to point a partially loaded gun at your head and pull the trigger.  But we just can’t be the people who loaded the gun for you.  Those days are gone, and they aren’t coming back.  We understand your frustration.  We feel bad when you scream and yell at us.  But we’d feel worse about the things that would happen if we left the vulnerability in.



Then fix it


There are a number of things we can do to fix it, including adding encryption and authentication.  All of them, however, are a ton of work that needs to get prioritized against all the other things we need to do in ActiveSync.  I can tell you definitively that the team responsible wants to re-enable desktop ActiveSync over WiFi.  But I have to also tell you that they have a lot of other things they need to do first.  I can’t tell you when you’ll get your WiFi back. 



Shields at full, Captain


That sound you hear is me slinking down into my bomb shelter.  While I know this post won’t make you any less angry, I hope it at least explains how we got to where we are.  Fire away.


Mike Calligaro


Comments (201)

  1. Conspiracy theories abound. Because WiFi to an Exchange server still works, some people have suggested we did this to sell more Exchange servers. That’s definitely not the case. Exchange has considerably more customers than Windows Mobile (although we

  2. Perry says:

    Mike, I certainly appreciate your willingness to "face the music" and discuss some of the less popular decisions that have been made regarding Windows Mobile.  You can count me among those who were very disappointed to see WiFi syncing removed in ActiveSync.

    <i>We had to remove the feature.  You may be willing to point a partially loaded gun at your head and pull the trigger.  But we just can’t be the people who loaded the gun for you. </i>

    I have to disagree with this.  I can understand the desire not to let users do dumb things, but I also think that users should be given the choice of when and how much to secure their environment as often as possible.  I’d have preferred that you left the ability to sync over WiFi available, even if disabled by default, and given IT administrators the ability to remove it completely by way of a Group Policy where necessary.

  3. Charles says:

    Seriously, the article is interesting but there are some funny statements:

    Number 1: "Now, enabling Sync over Ethernet happened back in the time when viruses were rare"

    Do you mean the 80s?

    Number 2: The answer to  "But I don’t care if anyone reads my data.  Enable me." is plain ridiculous (MS developpers are more conscious about security). That’s copy and paste from the corporate posters.

    Everytime we install a non certified driver on WinXP we get a big red blinking warning; what on Earth is the reason not to have a Triple Red and White Blinking warning, the type that Microsoft like "This is Unsecure do you want to proceed?" "Are you really really sure?" "Are you really really really sure? If anything happens I will tell you "I told you so.""

    Since I am writing a comment I might as well ask a for a future post: What is the story behind the various issues for MS Pocket Money (single currency, and forever non forward/backward/at-all compatible)?

  4. PeterNZ says:

    "But we just can’t be the people who loaded the gun for you. "

    You don’t have to load it for me! I am responsible enough to load it myself, to be aware that it is loaded and to take all precautions to not shoot myself in the foot! But you just sell me the gun and refuse to give me the bullets!!!

    I am thinking of creating a t-shirt which has written on it "I survived 3 years of ActiveSync 3.8 and am still using it!!!"

    Cheers

    Peter

  5. Amazing…  then why are we allowed to shutdown the windows firewall?

  6. Eugene says:

    One way to add encryption and authentication is by using IPSec.  Even if the built-in IPSec support is not adequate, there are third-party solutions that could easily "secure" it.  There are users out there who already use these IPSec solutions to connect back to a corporate VPN gateway to retrieve email, access the intranet, and ActiveSync, at least until it was disabled.

  7. Solnyshok says:

    Mike, However much you try to hide behind technical topics, your writing style shines through. If you have done novels or essays, I want to read those. Cheers.

  8. I can only commend the efforts to secure any software and especially something like ActiveSync.  In our organisation we have a lot of "numpties" who don’t really know what they are doing with their smartphones.  Users like that need "protection" sometimes.  As a .NET developer myself I would always decide to remove vulnerable features instead of just disabling them by default (which I’ve done recently on an ASP.NET site).  If there was a trojan that could exploit ActiveSync via Wi-Fi Microsoft would be berated by the media for leaving in such a vulnerable feature.  Nice post, love the entries like this one.  🙂

  9. Dave E says:

    Mike,

    Your excuse for not giving us the choice is incredibly weak.

    You have always struck me as a very intelligent guy, so it amazes me that you post such poor reasoning such as not giving people a choice for Wifi or allow them to have their "X" actually close.

    MS must be paying you a large sum for "danger pay" because I can’t think of another logical reason to even try to push such absurdity on us.

    Dave

  10. Amin says:

    Sync over wifi is a must and personally it was a selling point for Windows Mobile PDAs.Seems Microsoft don’t care about Market Demands.

  11. Griffon says:

    It’s really, really hard to believe it is so difficult to add encryption to Wifi sync.

  12. Richard says:

    It is actually a lot more simpler than we may think, MS wants to get rid of ‘local’ hosting of exchange/outlook.  Companies ought to subscribe to one of the Echange hosting services out there, removing the most common reason to have ActiveSync in the first place.

    It’s all marketing, isn’t?

    Richar

  13. Patrick says:

    This majorly sucks. This was a feature so useful to us that our field force automation had to stick to WM2003 with AS 3.8.

    Now the problem for us is that our work force is growing, devices are breaking, and we are having difficulty finding new devices. We don’t just need to sync email and our software relies custom synchronization filters… We are painting ourselves in a corner here and it’s killing us.

  14. Henry Boehlert says:

    Thanks for sharing this information. Love your articles. Keep up the good work.

    Since most of the time I’m connecting thru USB anyway to charge and sync stuff for that <expletive/> Media Player thingy,

    I’m not hurt by this too much.

    But add $49 of my $100 to the pile for a secure Sync-Over-Anything.

    The other $51 go to ActiveSync backup and restore. But that’s another story, I guess.

  15. macbirdie says:

    Why not just add a secure sockets layer over RDP? It sounds soooooo easy but then again something tells me it’s actually not. What about sync-over-https? What about leaving a deep-buried registry option to enable ethernet sync with a big red "DANGEROUS, UNENCRYPTED DATA" mark on it?

  16. deezy says:

    If my wi-fi connection from my device to my router is encrypted how would it be possible for the sync from my computer through my router and to my device to not be………

    I personally feel that this is very sketchy.. I can click on an unsecured wireless network and type in my credit card number and get hijacked the same.. but i wouldn’t do that because I know what "Unsecured Wireless Network" means…

    It is great to "provide" everyone with a comprehensive security set.. But at some point this has got to be handed to the user…

    I mean honestly their is a very easy solution to this… Sync personal folders to personal computers.. No one really needs to sync up their contacts to their home pc when they are not within wireless reach of it and if they did then the obvious solution would be vpn/ipsec and at that point it would be miles beyond the scope of activesync in the first place….  

  17. MikeCal says:

    Charles, we can argue over whether or not "rare" was the right term for me to use.  But you have to admit that there were a ton more viruses and malware in 2005 than in 2000.  As for me saying that MS devs are more conscious of security sounding like it’s from a corporate poster, whatever it sounds like, it’s true.  Maybe part of the reason I do these blogs is to help people see inside the company.  But, as a long time developer here, I can honestly say that we view security differently now than we did in the past.  And we do it because we believe it, not because some slogan told us to.

    Solnyshok, thanks for the compliment.  In my off time I’m a science fiction writer, but I haven’t published anything in five or six years.  Still, most my old stuff is free and on http://www.mystikeep.com.  Check out "The Daily Dose."  It’s the best thing I ever wrote.

    Dave E, re "Danger Pay."  Heh, no I don’t get paid anything for doing these blog entries.  They’re not part of my job and don’t even seem to help me on my reviews.  (But I’m not complaining.  What I’m paid to do my real job is more than adequate.)  I do these because I believe they’re the right thing to do.  And, however absurd the reasons sound to you, they’re the truth.  As I told Solnyshok, I’m a fiction writer in my off time.  If I wanted to make something up, I’d come up with something better.  (-:

    Amin, we certainly do care about market demands.  Pretty much everything we do is based on market demands.  And the market has demanded the things the ActiveSync team has been doing much more than it demands Desktop WiFi.

    Griffon and macbirdie, yes, it’s definitely possible for us to add the encryption (we’d use SSL).  It’s not that it’s hard or impossible.  It’s that it’s a lot of work that needs to be prioritized against the other work we need to do.

    Mike

  18. P Cause says:

    Thanks for the explanation.  The choice is still the wrong choice for many of us.  Worse, it is infuriating not to have a choice.  You could have create a group policy option to disable this on the PC in corporate environments.  You have a PPTP stack and you could have forced use of that for WiFi sync and also required XP Pro (which can serve this) for the desktop.  You could have done …..  One understands the big push for security, but you have overdone it.  You guys are smart and could and should have found a solution.  You chose to punt because of the security paranoia that swept MS and that is the cowards way out!

  19. Brandon says:

    I’m not going to go into conspiracy theories or childish name calling.  But I am definitely one of the angry wifi sync’ers that has had to try and make do with the crippled activesync 4 that we have now.  I wish you guys would stop making excuses and just take care of the problem.

  20. macbirdie says:

    Mike, thanks for this brave move to try to explain our little "problem" anyway, but as you can see, there are lots and lots of people wanting to load this gun and have someone pull the trigger for them. Maybe the big-fat-warning-sticker-registry-key and/or group policy restricted setting is the way to go for now?

    I am one of those Pocket PC users that have their home wireless network WPA/WPA2 (mixed mode) secured and would like to sync within my home network’s boundaries. There’s nothing that makes me worried me security-wise. There’s a bigger chance of someone doing a MITM attack on my ssl "secured" email connection to a server that doesn’t provide trusted certificates.

    Is the ethernet sync code completely removed from ActiveSync?

  21. andy says:

    Thanks, Mike.  What many comment authors fail to read is that you weren’t involved in the decision to pull plaintext activesync wifi.

    I would rather see higher priority for improving ActiveSync’s error traps and messages.  Sometimes it spins its wheels forever, with no timeout, and when it throws an error it’s some obscure negative 8-digit code.  Often a lookup only yields the frustrating resolution "re-install ActiveSync."  I would like to see some better communication than that.  A few descriptors can go a long way.

    Luckily I have Verizon Wireless Sync.  If I did not, I would be forced to deal with ActiveSync and become frustrated when it (often) fails without reason.  I’m lucky enough to not require Outlook, which has terrible PST-file corruption problems, because my company is lucky enough to not use Exchange, which has terrible mailbox size limitations.  Sorry to bring all of this up.  Do you see where I’m going with this?

  22. Chris E. says:

    Holy hanna, talk about NOT LISTENING TO THE PUBLIC..

    This issue has been around since 4 came out.  Surely by now the functionality could have been corrected.

    Funny thing is, most people who are intelligent enough to even setup their device to syncronize over WIFI are likely already aware of the security implications of doing such over an unsecured wireless network.

    Add me to the list of people who don’t care about corporate security on my personal device.  As a member of the general public, I want my useful features back.

    At the very least, provide a method for the 3rd parties to add the functionality themselves.  If we’re forced to put up with crap like this, give other people a chance to capitalize on MS’ shortcoming.

    There is absolutely no reason why this traffic can’t be encapsulated on either end via an encrypted tunnel.

    Rant complete,

    Chris

  23. Garry says:

    I understand that the decision to remove wi-fi may have been due to the security of company’s that used it and where therefore unaware that their data was then available to the public, and that’s great…. for them.

    There are a lot of people out there who use their WM Device for their own personal use, and a lot of them have wireless networks that are protected by security measures that MS suggest and more, not to mention firewalls.

    So the question has to be put to the team responsible for this decision, "Why not allow the user to enable Wi-Fi Sync and have lots of red lights go off warning them to take precautions?" A company wouldn’t activate such a feature due to the risk involved, but a user using it for their personal use on their secured Wireless Network at home would be more likely to have nicer things to say about MS.

    Garry

  24. Garry says:

    I understand that the decision to remove wi-fi may have been due to the security of company’s that used it and where therefore unaware that their data was then available to the public, and that’s great…. for them.

    There are a lot of people out there who use their WM Device for their own personal use, and a lot of them have wireless networks that are protected by security measures that MS suggest and more, not to mention firewalls.

    So the question has to be put to the team responsible for this decision, "Why not allow the user to enable Wi-Fi Sync and have lots of red lights go off warning them to take precautions?" A company wouldn’t activate such a feature due to the risk involved, but a user using it for their personal use on their secured Wireless Network at home would be more likely to have nicer things to say about MS.

    Garry

  25. Matthew says:

    This sounds like security as a scapegoat to push people into the exchange lockin. With the ActiveSync, you could be syncing mail that got to Outlook via POP or IMAP, actual standard and not the closed exchange system.

    There aren’t more viruses so much as they just spread a lot easier now that everyone is using Internet Exploiter and Outhouse for web-browsing and email. But those aren’t the real threat. We are transfering data, and regaurdless of how you carry it, the virus in the email will be ransported. If you are worried about the virus hoping on the network, well, killing ActiveSync oesn’t stop that as it’ll just go some other way over the still-present WiFi connection.

    I don’t get how the Internet even comes into the picture. Sync over WiFi goes from the handheld to the desktop on the LAN and WLAN. There is no reason that traffic would be getting out to the internet, so if its not encrypted then the only place is available to outsiders is on an unencrypted WiFi connection.

    On that topic, a secured WiFi network is stronger than Bluetooth. The Bluetooth encryption is a joke, more trivial to crack than the stupidest WiFi encryption. If you are concerned about security, then Sync over Bluetooth should be disabled too.

    The comment about using IPsec or PPTP are spot-on. Those are the easiest way without changing the underlying protocol. But, oh wait, the underlying protocol was already changed a bit to use RNDIS over USB to simulate Ethernet rather than PPP atop a Serial over USB connection. The security could have been incorporated while that update was being made. Of course, nobody was thinking, just like nobody was thinking when they made the handheld the DHCP server, which causes address conflicts, which limits to one device at a time. Just like nobody was thinking when they decided ActiveSync should hijack all network traffic (except its own) on all interfaces, with NO option to disable it, just so it could route it through the (potentially slower) ActiveSync connection, even if its not TCP traffic and thus isn’t handled by ActiveSync and instead dropped on the floor, making it impossible to ever use a debugger with an application that needs a real data connection because it talks UDP or raw IP.

    People will continue to look at Microsoft negatively as long as they see massive screw ups with both security and stability. As much as you say it, I know Microsoft, as a whole, still doesn’t GET security. Whether it be securing software against attacks (multiple remote execution vulnerabilities in IE7 on first week after release) or securing data (NTLMv2 password hash, S/MIME with 40bit RC4), Microsoft consistently makes the same mmistakes every time.

  26. Mike Dimmick says:

    As a developer, sync over Ethernet/WiFi was an absolute godsend before USB sync, because it was several orders of magnitude faster than debugging over a serial connection.

    On devices before Windows Mobile 5.0, I have discovered that it is possible, even with ActiveSync 4.x, to begin a sync session with USB, start debugging, then pull the device out of the cradle and continue to debug – the debugging connection seems to fail over to WiFi. I’m sure this is accidental – don’t go and remove it, because it’s useful.

    Windows Mobile 5.0’s disabling of the network card and GPRS (or other cell radio) connection on connecting to ActiveSync is completely brain-dead for this reason: it’s impossible to debug applications which use the network card or cell radio connection.

  27. ET says:

    With respect, Mike, your timeline is wrong.

    Pocket-sized PC devices and the HPCs could be synced over Ethernet. So it’s not 2000 when the design choice was made to enable it.

    The truth is that insecure communication is not allowed by design anymore in Microsoft product. This is the ‘secure by default’ principle. So it cannot be enabled by default, and the ActiveSync guys *had* to shut it down.

    Those asking for the ability to lower their security voluntarily have a point. But they do not have the understanding of the difficulty in changing the ActiveSync (non-Exchange) to be authenticated and secure. SSL isn’t a magic wand that makes the scenario work – there is infrastructure (obtaining and deploying certificates) that is not reasonable in many (probably the majority) of non-commercial cases. Remember, this isn’t one cert for a single external server, it’s one for each desktop and possibly each device.

  28. MikeCal says:

    It sounds like I didn’t make myself clear enough.  There never was a "Sync over WiFi" feature in ActiveSync.  ActiveSync had "Sync over IP (Ethernet)."  Sync over WiFi worked because WiFi is IP, and ActiveSync was listening on IP.  

    You can have a fully encrypted WiFi connection to a router so that everything going over the air is protected, and then have it go unencrypted from the router to the desktop PC.  If anyone is capable of listening to that connection, then they’re capable of doing bad things to your desktop PC (if you have Sync over IP enabled).  

    I find it interesting that multiple of you have said, "No, Microsoft doesn’t GET security … so re-enable this insecure feature now."  You can’t have it both ways.  You could say that the company is overreacting on security and that it’s really not important.  (Come on, an integer overflow shut down an airport.)  Or you could say that we’re not doing enough for security and should have disabled this feature long ago.  But, "You’re not doing enough, so you might as well not do anything," just doesn’t fly.

    We understand that Sync over IP was a very valuable feature, ESPECIALLY for debugging (that’s the part that hurts me the most).  I’m definitely NOT trying to convince you that it’s something you don’t need.  I would like to see a secure version of it return just as much as you would.  

    But that doesn’t change the reality of software developement–that features need to get prioritized and done in priority order.  Call that hand waving, rationalizing, or making excuses if you you’d like.  It’s reality.

    Mike

  29. bill says:

    I doubt the mobile team is serious with security. Currently client certificate authentication with exchange activesync has a serious bug and from what I was told will not be fixed in windows mobile 5. The fix will be in next version of the OS. Meaning that all new devices will have to be purchased to fix the issue.

    See http://blogs.msdn.com/windowsmobile/archive/2006/07/06/658142.aspx  “rain man” comments this exactly.

    Another non commitment to security is the ability to support third party client certificates. Microsoft blindly wants the whole world to use their CA’s  

  30. deezy says:

    Here’s a "Secure By Default" solution.. If your wireless connection is encrypted allow sync via wireless if not dont. but still I stress that People that want to use wireless sync on there personal pcs are people that were bright enough to see the true benefits of a WM device and more than likely already are aware of Wireless Encryption and such.

    I personally feel that MS is going by the 98% of the population is Stupid stand point. This may work for GUIs and base security on your standard communication protocols but it just tends to make people feel insulted when you say [We took this Feature away for your own good]…

    if you think that ssl is the answer than i personally think you’re crazy. Lets not even focus on the Certificates portion and point out that it has to be served somehow(no home users allowed). and hosting it at MS would be ridiculous. Why on earth would i want to connect to an ssl MS server to sync with my pc thats in the other room. IPSEC/VPN is your answer for enterprise situations unless they are in the office.

    LAN traffic/security should be policed by the owner of the traffic(ie. the router or user) not the application.. thats how you build exploitable applications with limited end user support.

  31. deezy says:

    ok the ssl thing may have been a bit aggressive and not well thought out.. but the point remains valid that i that the encryption of the wireless communication made via activesync should not be in the scope of activesync it should in fact fall in the scope of wireless security. Any pc communication can be mocked to a router if the connection is unencrypted via a standard wireless connection just like a WM device can but that doesnt mean we should just turn off wireless capabilty in Windows now does it?

  32. You’re such a good writer, Michael. One doesn’t expect that from wireheads. I love reading your comments.

  33. Richard says:

    So, if I understand correctly, MS is taking the "here is what I can do, take it or leave it" approach?  

    Isn’t  this the complete opposite of how MS has been treating their customers in the past?

    Anyhow, to fully understand your point about priorities, could you give a few examples of features that are prioritized ahead of sync over wi-fi?

    For my part, I do believe as previoulsy mentioned before that an Api could provided for third parties to implement custom sync setup (including wifi for nerds who have a protected wifi link @ home anyways).  

    As mentioned earlier, why can we shutdown the windows firewall?

    Is it because different departments have different visions of security @ MS?

    To me having the possibility to turn off the windows firewall or enabling sync over wifi is the same given your arguments.  In the same line of thoughts, the windows firewall should not offer the possibility to be turned off, no?

    Richard

  34. Antonios says:

    Mike

    Appreciate some of the technical decisions that went into removing this option.

    From a carrier perspective, it was too niche for me to train my support staff on, and when I did get calls from customers we were put in the embarrasing position of not being able to provide support.

    I think we got nearly 400 calls for Xda IIs/i over it’s lifetime – no way i could take a massive call team offline to train them on this niche aspect.

    So good on MS for taking it out for security, but also allowing sp’s time to train up on how to support this feature!

    Antonios K

    – former manager, Xda, O2

  35. Garry says:

    Mike,

    If you had your own private build of AS (which just happened to have IP sync options)on your home PC that was connected to your secure wireless network (using WPA2 and whatever else most people use) at home, would you enable that little box for IP Sync?

    All most people here are trying to convey is, "Hey we know that there are risks to using that feature, but we are competent enough to take security precautions to ensure that there is little to no risk. All we want is the option to enable it with flashing red images and sounds saying warning this connection may be unsecured if you don’t know what you are doing."

    It’s not that we don’t care that the security isn’t built into the Software or that we don’t think the team understands security, it is more that we are also security minded and that we would prefer to have the option rather than not at all.

    Garry

  36. Richard says:

    So, if I understand correctly, MS is taking the "here is what I can do, take it or leave it" approach?  

    Isn’t  this the complete opposite of how MS has been treating their customers in the past?

    Anyhow, to fully understand your point about priorities, could you give a few examples of features that are prioritized ahead of sync over wi-fi?

    For my part, I do believe as previoulsy mentioned before that an Api could provided for third parties to implement custom sync setup (including wifi for nerds who have a protected wifi link @ home anyways).  

    As mentioned earlier, why can we shutdown the windows firewall?

    Is it because different departments have different visions of security @ MS?

    To me having the possibility to turn off the windows firewall or enabling sync over wifi is the same given your arguments.  In the same line of thoughts, the windows firewall should not offer the possibility to be turned off, no?

    Richard

  37. Richard says:

    Quick note: posting is very difficult, I get a lot of server errors; which is why there are multiple posting…

    Richard

  38. Andy Mulhearn says:

    I can’t say I used wireless synch that often – it was too hard to get going. Having said that, I find the arguments for it’s removal specious to say the least.

    I’m also not sure how this works:

    "You can have a fully encrypted WiFi connection to a router so that everything going over the air is protected, and then have it go unencrypted from the router to the desktop PC."

    Do I have two wireless LANS connected to one router, the one from the PocketPC to the router encrypted and the one from the router to the desktop not encrypted?

    Nope, I just don’t see how this works.

  39. MA says:

    Mike, I appreciate your bravery to even address this issue, and the cooments that follow are aimed squarely at your employer and its attitude and not at you personally: It’s the whole ‘we know best’ thing that pervades Microsoft’s approach which I object to. I find I really don’t much enjoy working with people who persist in treating me like a 3 year-old child: ‘There, there, babykins, we don’t want you having to worry your little head about whether apps are open or closed do we? Oh, and that nasty WiFi syncing is far too dangerous to let you play with. So, just sit back and watch the eye-candy: Daddy knows best.’ Actually, I’m an adult and, providing that you hand me a product that is set up to be safe out-of-the-box, I am capable of making the decision to remove the safety catches in a responsible way. Please trust me to be able to do this.

  40. Charlie says:

    Thanks for the article Mike. This one actually makes sense, unlike the close button isn’t a close button "feature" in a previous article.

    It seems like you could just require a "seed" activesync connection over a secure media like USB to exchange crypto keys between the PC and device as part of the "partnership" process and enable encrypted and authenticated activesync over the network based on that.

  41. Thorsten says:

    Really a well written and fun to read articel. But your arguments don’t convince me, not even a very little. I really don’t think making this feature optional and prompting a warning if activated is that dangerous. Or make it a unsupported powertoy that needs to be installed sepeartely.

    Personnaly I really need that feature so much that I stick with AS3.8/WM2.3 as long as my WM2.3 PPC lasts. Its what keeps me from Vista and new PPCs (which I really would like to have). Especially for software development the ethernet (non-wireless) AS is a BIG advantage I really can’t give up.

    Thorsten

  42. I’m probably going to repeat a few things that have already been said; but I promise to keep this short.

    Rather than make the decision for me, I’d rather you warn me, and then let me face my own music. Personally, I think removing WiFi to Desktop AS synching had something do to with the way you’re reading packets sent over the network. AS is all IP based, and its the only way you could get the synching x of y to the exchange server read. I think I get that; but removing it from desktop AS just doesn’t make sense to me. Again, I’d rather you warn me and let me make the blunder (if any) than take features away from me.

    Personally, I don’t use the feature anymore, as I have an unlimited data plan from my cell carrier and sync OTA with an Exchange Server; but I know of a lot of people that want this back. I know all about feature priorities, too, as I’m a software QA manager… You have my sympathies and my thanks for the explanation.

    Kind Regards,

    Christopher Spera

    ——-

    pocketnow Sr. Editor

    pocketnow.com — it’s all about portability…

    http://www.pocketnow.com

  43. WiFi Did You Do That? Outlook 2007: still famously obscure Backup^H^H^H^H^H^HRestore best practices Gone

  44. whydidnt says:

    Mike, you may say that this was removed purely for security reasons, and that "may" be true.  However, I find it one more example of the Windows Mobile team playing nanny to it’s users, and deciding that only the team knows what’s best. We have TOO many instances of the WM team deciding its users aren’t smart enough to make an informed decision:

    1. No Close option – users obviously can’t be trusted to manage thier own apps and memory.

    2. No True VGA support – we are stuck with pixel doubled apps and even PIE automatically doubles all images – no choice at the user level to toggle this on or off.

    3. No ethernet sync – again, the message is users aren’t capable enough to make the right decision on when to use this.

    I’m sure if I spent more than 2 minutes thinking about it there would be several other examples of this Czarist attitude.

    I used to work for a software company – when bringing the development team there requests from our customers for enhancements to the software, I was often presented with the question – "why would anyone want to do it that way", as if the only correct way is the way the original programmer wrote it.  Needless to say that company has been dealing with the loss of several large customers over the last few years, primarily because those customers felt the organization didn’t listen to them and didn’t care.  The WM team seems to have much of the same cavalier attitude towards the large base of consumer users that have contributed greatly to the growth of this OS.

  45. Mick says:

    Microsoft’s paternalistic attitude toward users is the reason I’m seriously planning to learn how to install and use Linux rather than downgrade from a version of Windows that I am perfectly happy with, and throw out a computer I am perfectly happy with so I can have the latest OS, Windows Vista, which is even more bloated than Windows XP, on which I turned off most of the eye-candy in favor of speedier performance.

    I’m still unhappy about the decision to change Pocket Outlook authentication when PPC2000 was "upgraded" to PPC2002, so I could no longer use Pocket Outlook with my frontiernet.net ISP. I will stay with WM2003SE PE and ActiveSync 3.8 as long as possible rather than give up any more functionality.

    While I have never used WIFI sync, the idea that Microsoft has taken away that option, on the ground that I am incapable of making my own decision whether or not to use it is nothing less than infuriating.

    I suspect that Microsoft is still thinking of ways to put us all on a subscription basis for using its bloatware.

    I’ve been waiting for a user-friendly version of Linux, but Microsoft’s arrogance may force to learn how to use it in its current form.

  46. MikeCal says:

    Richard, thank you for the kind words.

    Garry, re: "If you had your own private build of AS (which just happened to have IP sync options)on your home PC that was connected to your secure wireless network (using WPA2 and whatever else most people use) at home, would you enable that little box for IP Sync?"  

    Not a chance.  

    I see that I’m repeatedly failing to explain the problem well enough.  But securing your WiFi doesn’t solve the problem.  If you have the most secure WiFi protocol on the planet going between your device and your router, AS 3.8 with Sync over IP enabled is STILL insecure.  You didn’t even make it a little bit more secure by locking down the WiFi.  WiFi has nothing whatsoever to do with the problem.  It’s the IP connection that ActiveSync opens to the entire network that’s the problem.

    Mike

  47. Perry says:

    <i>It’s the IP connection that ActiveSync opens to the entire network that’s the problem.</i>

    That’s only a problem if the entire network itself is unsecure.  My home network is secure.  Both physically (nobody can access it outside of my house) and via hardware firewalls.

    So tell me again why running AS on it suddenly makes it unsecure…

  48. Jorge Vasquez says:

    As a sequel to this post, I’m sure we all would like to know the hidden reasoning behind the odd (to be nice) file open dialog in Windows Mobile.

  49. Alex Kac says:

    Remember, Mike had nothing to do with this. He’s just opening MS up to y’all. And frankly remember that the 10-15 people here does not constitute a majority of users. The few million users in corporate America are Microsoft’s market more so than the few thousand tech enthusiasts who would want this feature enabled.

    Believe me, I’d rather have this re-enabled over SSL than not enabled at all, but its important to remember where everything sits relatively.

  50. Patrick says:

    There really is a lot of duh-mness is some of the PDA OS from MS.

    So.. as the Healthcare person commented there is an absolute positive need for security. How about only passing pre-encrypted password protected files in the first place – Duh#1. You probably are using some proprietary software and you can build in encryption, and vitually all of the MS Office type files have password protection. Even though the PDA Excel program doesn’t have password capability, there are other add-ons such as PTab that do.

    Here is what I think, you can add this to the kooky conspiracy theories. MS is contracting out the programing to (fill in the blank) India and they don’t have the ability to rework the software without a large time spent getting trained and up to speed. They are highly talented, but just can’t easily cope with someone elses code.

    Theory 2 – As mentioned elsewhere, the PDA ain’t where the bucks are. I think Gates is enamored with the Tablet now, so we PDA’ers suffer. I do fieldwork and although I would like a large screen, the weight and short battery life of larger devices kills them for me, but not for all of those who are already lugging notebooks and can plug in almost anywhere.

    Theory 2.1 – As mentioned elsewhere, the PDA ain’t where the bucks are. I think Gates is enamored with the PDAPhone now, so we PDA’ers suffer.

    Theory 3 – Lazy bums

    Theory 4 – They think the public is too dumb to live. They might be right, since we actually are continually voting to have term limits for politicians. That is an amazing concept that goes something like this – We want to vote to remove politicians in the future because we will be too stupid in the future to vote for someone else. The only good thing about passing term limits is that we know for sure that we are already stupid. Perhaps we have revealed how stupid we really are and MS found out.

    So is MS the stupid one, or are we? We can be certain who has the power to make the software that most of us use. Write Bill a letter, maybe that will work. Now now now, don’t be stupid.  

    Pat

  51. Jon says:

    By the same argument, shouldn’t unencrypted POP3 and SMTP be disabled?

  52. ex-wifi-syncer says:

    Microsoft: just make AS IP sync a checkbox that comes with a nice long legal form for me to sign to indicates that i understand technology and that everything isn’t perfect.  ok?

    (how did they get away with providing all the other security holes in PocketPC???)

  53. scyost says:

    Jon – I’m not sure if you actually want an answer or if that was a rhetorical question, but here goes.

    Unencrypted POP/IMAP has at least a password on it.

    Unencrypted POP/IMAP doesn’t give unauthenticated read/write access to your contacts, calendar, tasks and e-mail on both your PC and phone.

    Unencrypted POP/IMAP doesn’t run as a server on your home PC in the typical case.

    POP/IMAP has the ability to be secure if you want to – IP sync doesn’t as it stands. It requires the network topology to protect it from external attack.

  54. Frank says:

    This is just another example of the arrogance at Microsoft. The sad reality is that Microsoft will not listen to customers until some other competitor gives them a kick up the a** (eg. IE and Firefox). Unfortunately, there doesn’t seem to be any real serious competition to the Windows Mobile platform, so we have to take whatever they deem we deserve.

  55. Jon says:

    When I asked my question about POP3 I was attempting to play “devil’s advocate”.  I have been really impressed by Microsoft’s new focus on security even if it does create the occasional annoyance.

    Both the original post and MikeCal’s comment mention one of the reasons for removing the feature was due to unencrypted data being sent over non-trusted networks.

    (From memory) POP3 sends not only email but also usernames and passwords as unencrypted data.  These passwords are reasonably likely to be the same passwords the user is using to access their company network or VPN server.  Although POP3 has various extensions to make it more secure, I would expect that the insecure versions are still in wide spread use.

    I assume the main problem with ActiveSync is that home users could decided to poke the ActiveSync TCP/IP ports through their firewall and there was a high risk that the ActiveSync network protocol could have been exploited.  Even if Microsoft had fixed it for WM5 devices, it would still have broken WM2003 devices.

    Just like Ethernet ActiveSync, it is possible to use POP3 in an insecure way and it is also possible to use it securely.  ActiveSync using an Ethernet cradle (e.g. the one used by the Intermec 700 series devices) or ActiveSync over WiFi on a private network was reasonably secure and very useful – I hope some new improved version of it arrives soon.

    (PS Perhaps you could consider tackling another tricky subject – why Microsoft changes product names with each release e.g. PocketPC to Windows Mobile 2003 to Windows Mobile 5 and also the recent Windows CE change) 🙂

  56. Kevin says:

    Ok – some of you may laugh at this, but I just purchased a HP hx2495 FOR THE EXPLICIT PURPOSE of WiFi sync at work!  

    So obviously, this is not what I wanted to hear.  Matter of fact, I am very disappointed that IP ActiveSync has been removed and, at the moment, pissed that Microsoft is trying to following the high road.

    After I get over this, it may sink in that this was for the better…MAY BE.  But, in America, we have the RIGHT to do things that are absolutely absurd and nonsensical.  So, why is MS stepping above that??

    If nothing else, I hope that the feedback from everyone is heard LOUD AND CLEAR that this is a feature that the public wants.

    Now – what about Exchange Active Sync?  This will not help everyone, but that is "too bad".  We use Exchange 2003, but I am not sure what Exchange Active Sync is…and would it work over a wireless connection??  I am using WM5.  If you can tell me that much, at least my problem will be solved (after a bit of setup/configuration work).  

    FYI…I am the CIO at my company; maybe I’ll agree with this after I calm down.  Typically, I strongly advocate (and demand) to reduce the surface area of exposures.  However, at the moment, I am not happy that this feature is removed indefinitely.  

  57. Kevin says:

    Mike:

    What other work is being done in AS that is getting a priority over IP Sync?  Maybe if you can explain that, it will start the healing process.  I understand priority of projects and goals, but you are asking us to take this for granted.  What are the features that are under development?  

    …hey, I’ll sign a NDA if necessary!  It is very annoying that this feature should be a "given" function.  We are living in a wireless society – so what’s up with this?

    -Kevin

  58. Marc F. says:

    After reading the OP and many of the comments I have to say I agree with what MS has done. I can understand it too. Most people arent savy and will blindly fire away like they always do. MS is evil.

    By allowing this security issue to go unchecked and place it in the hands of those who dont know better, MS is sending out an open invitation to get persecuted. Again. Like they need more of it right?

    We dont have WiFi sync because of less knowledgeable people who are looking for an excuse to bring a law suit, or otherwise "public complaints" exist.

  59. Dingbat says:

    All this talk of "we can secure the wifi interafce but the interface between the router and pc we can’t secure" although true begs one to question why MS does not implement encryption at the application layer (if referering to the TCP/IP protocol stack) then secure encryption can and will be available between the router and pc and router and handset (Pocket PC) via the wireless interface?

  60. Jan Baaltfink says:

    Shame on MS AS. Why do I have WiFi in the first place? Right, for AS with one of our exchange servers.

    We will look for an other application that can do wifi sync, with exchange support (or even not exchange, so we will bash out exchange in our 10000+ pda user company)…

  61. MikeCal says:

    Re "paternalistic attitude."  When an exploitable integer overflow flaw in XP literally shut down an airport, absolutely no one said, "Good for you, Microsoft.  Instead of getting paternalistic on us, you left the job of to securing your flawed code in the hands of your users."  At least, I’m not aware of anyone saying that.  If someone did, I’m pretty sure he was being sarcastic.  

    We do not shut down insecure code because we think our users are stupid.  We shut down insecure code because history has shown us time and time and time again that, if we don’t, bad things will happen.  And by "bad things," I’m talking about multi-billion dollar hits to the world economy.  

    Put yourself in the shoes of the guy whose code cost the world billions of dollars.  Does the fact that you wrote it before the exploit type had even been invented yet make you feel better?  Maybe it does, maybe it doesn’t.  Now, put yourself in the shoes of that guy’s coworker, someone who knows that there’s a flaw in his code that he can’t fix in time.  

    If you’re really standing in those shoes, can you honestly tell me that your response would be, "Who cares about the flaw, users can protect themselves if they really want to"?  

    If you really believe that would be the right response, then all I can say is that I’m sorry, but we as a company just can’t meet your needs.  We can’t ship products with known gaping security holes.  

    Tell us to bring a secure version of the feature back.  Tell us about the pain we’re causing you by disabling the feature.  But don’t ask us to ship insecure products.

    Mike

  62. MikeCal says:

    Patrick re "How about only passing pre-encrypted password protected files in the first place."  As I said in the original post, that didn’t seem very important in a world where the only communication going between the device and the desktop was over a serial cable plugged into the desktop’s com port.  We certainly didn’t need it then.  But, to do sync over IP, we certainly need some sort of encryption now.  The relative values of pre-encrypted password files and channel encryption (like SSL) is a different discussion.

    As for the conspiracy theories, I don’t know how much you’ll believe messages from the heart of the conspiracy, but I’ll answer them anyway.  

    1) Some parts of our development are done in India, yes.  Active Sync, however, is completely handled by Redmond.  

    2) First, Bill Gates spends more time vaccinating entire third world countries than he does choosing between Tablet PCs and Windows Mobile.  If you really want to blame a person, he’s the wrong one.  Second, Tablet and Windows Mobile are in separate divisions.  We’re each expected to make money and certainly don’t purposely hurt one to help the other.  

    3) I don’t know how to respond to this other than to point to the number of releases we’ve done in the last seven years.  You certainly don’t do that by being lazy.

    4) I certainly don’t think my users are stupid.  And I don’t meet many people around here who think so.  Maybe we just have a differing opinion on how easy some things are.  I personally feel that it’s challenging to so perfectly secure a network that it’s safe to leave an open vulnerability on it.  Maybe we’re saying, "This is so hard that we couldn’t do it.  How can we possibly expect our users to?"  Maybe we’re the stupid ones.

    Mike

  63. MikeCal says:

    Kevin, yes Exchange 2003 supports Exchange Active Sync (EAS).  With EAS, your device connects directly to your Exchange server rather than going through your desktop.  You can do this from any internet connection from anywhere in the world.  So if you’re travelling and get a network connection, you can stay in sync.  It works over WiFi hotspots, hotel net connections, cellular connections, etc.

    For a CIO like yourself, we think this is considerably more useful than needing to get some way to connect to your desktop before being able to sync.

    Here’s a guide for setting up EAS in your company.  http://www.microsoft.com/technet/itsolutions/mobile/deploy/msfpdepguide.mspx

    As for what we’re working on instead of Desktop sync over WiFi, unfortunately, I just can’t talk about such things.  That would effectively be me preannouncing unannounced features.  That’s marketing’s domain and not a place where I can tread.

    Mike

  64. digucit says:

    i wish the wifi option would be available for small business/home users who dont care too much about the sercurity of email. I hate the fact that wm5 has no PAN bluetooth,i cannot see it as a "mobilepc" on network and my Microsoft Bluetooth dongle is only the lower class 10m range, so dont work further that the hallway, all this technology and it only elimates the cable connection, but gives me no range further that the desktop.

    Screen rotation:

    i have told my Imate Jarjar to wrk in landscape left handed mode, but it wopuld appear that this setting is overridable by all programs, this makes using the wm5 device in the car a real pain in the neck. I set off on a journey, enable TomTom (at least that stays in landsacpe mode) but then i get a call, duh its displays in portrait mode, so i have to try and use a touch screen in the hardest way possible ………..the the phone reverts  to this mode untill i get somewhere to pull over and reset screen…..If anyone finds a JarJAR on the highway,,,,then you know i got too annoyed with it and used the Windows option on my car instead….

    THe X factor….need i day more…why not allow a close and a minimize button on AU4…allow the apps to min down to taskbar….not that would be good.

    Voice tags..

    Can we find a way to save these…i am so fed up recording them everytime the phone crashes and i have to reboot…please….

    Screen Rotation

    I have to rotate three times to get to the correct orinatation on device…could we have a default clockwise or anti clockwise feature.

    Windows Mobile Media Player

    well  om the Imate Jarjar its rubbish, will never play FULLSCREEN, only a postage sized tumbnail in the centre of a huge screen.

    I use PocketTV….no problem FULL SCREEN.

    The Today/Desktop

    Why do i have to buy an app to put icons on desktop..i use my device as a pc. not an electronic diary.

    where did somebody decide that these devices should be just beefed up dairys and not mini pcs??….i would get rid of all the clutter, and put icons on istead, its easier tio hit target with finger if its a icon.

    i have all the diary devices since the fist pc, but never never use them like that…please stop always trying to make it a diary/calander/reminder device…i got a brain gadget for that task, which i cannot lose and so far in 39 years of continuous use had not crashed, or even a blue screen, mind you i think i did drink a bit too much one day and have a grey out..

  65. John Mc says:

    Mike,

    I can see you are fighting an uphill battle against people who don’t see why their Wifi Sync was thrown out the door and I do feel for you.

    I’m only a recent addition to the PocketPC scene and so have never had the benefits of Wifi Activesync, though I must admit I *could* find it useful.  I completely understand what you are saying that while you can have WPA encryption on your wireless network, the moment you introduce a cable length or wire in to it that network becomes completely open to man-in-the-middle and  electrical listening devices.  I for one am glad you disabled what is essentially a gaping security hole, and am glad you took the time to say exactly why you disabled it because it confirms exactly what I thought would be the case.

    I know you won’t have any idea *when* Encrypted Activesync may be made a reality, but is it on the list of Things To Do?

    Thanks

  66. Fred Block says:

    That was an excelent post! Thanks so much for taking the time to go into such detail. Shields down Captain! I would say you are safe. 🙂

  67. George Henne says:

    You’ve stood up and taken the bullets for the close button and ActiveSync WiFi.

    How about doing a post on dropping support for ADOCE next? It’s a natural to allow people to use Access data on devices – why take this away?

  68. Lujayne says:

    (OT)

    Mike, you said you aren’t being paid for writing all of this? You really should be paid, truly. Your patience and endurance against all these harsh comments are outstanding. I appreciate the time and patience that you used to write and respond here.

  69. Tweakradje says:

    When using ASync 4.2 I found the following registry values very interesting:

    HKEY_CURRENT_USERSoftwareMicrosoftWindows CE ServicesPartners1c0c74e7ServicesSynchronizationObjects

    (1c0c74e7 = my device partner number)

    Each object here can containt a dword vlaue called WirelessEnabled. Any comments on that Mike?

    Tweakradje

  70. Tweakradje says:

    In reply to:

    How about doing a post on dropping support for ADOCE next? It’s a natural to allow people to use Access data on devices – why take this away?

    Start regedit and navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows CE ServicesServicesSynchronizationObjectsMicrosoftTable

    There is a dword Disabled there that can be set to "0"

    Dunno if it is funtional but it does show Pocket Access in Active Sync again.

    Think it is not supported by MicroSoft ;O)

    Tweakradje

  71. MikeCal says:

    Lujayne, thank you for the kind words.  Don’t get me wrong, Microsoft pays me very well to do my day job.  It’s just that these blog entries don’t have anything to do with my day job.  I’d be paid the same whether I did them or not.

    Tweakradje, I had to have the ActiveSync guys go hunt down the code for that registry key.  It appears to be a remant of pre-WM5 sync engines that isn’t used anymore.  It doesn’t seem to be used on WM5 partnerships and certainly wouldn’t enable wireless desktop sync if you changed it.

    Mike

  72. kelvin says:

    i’m pretty sure all your statements are just fictitious.

    first of all, Exchange Server connection can be established without SSL encryption through ActiveSync. Now, isn’t that unsecure? Ya ya I know it tells me that’s unsecure. I’m pretty sure the local version should have done so as well… but it was removed completely.

    Second, Exchange Server are most likely connected through intranet or internet. Internet connection would mean it’s likely to be a known address. Now, that makes it even more unsecure because people can tap into your stuff over the internet.

    Thirdly, Activesync through WiFi locally, has the lowest chances of someone even try to find out about your address having Activesync. And of course, they can’t even bypass your firewall or router if they haven’t install any trojan in your computer.

    So, tell me, what are the chances of people hacking in your personal information through Exchange Server compared to a locally activesynced connection?

  73. scyost says:

    Kevin – I can give some examples of things that the sync team did in the past instead of this work

    – AS 4.0 had some very serious problems that completely blocked WM5/AS4 deployments in enterprises. They worked around the clock to troubleshoot, document, and fix those problems, and ship AS4.1 to address them.

    – Always Up To Date for MSFP was a big work item

    – Windows Mobile Device Center for Vista was another big work item.

    Those are some examples of large things that got prioritized higher than this work since we shipped AS4.

  74. barkeylives says:

    Andy, couldn’t help but to comment on your post of November 9th:

    <QUOTE>

    Luckily I have Verizon Wireless Sync.  If I did not, I would be forced to deal with ActiveSync and become frustrated when it (often) fails without reason.

    </QUOTE>

    I have a Palm Treo 700W on Verizon, and ActiveSync rarely fails, maybe once a month, and usually due to network issues.  I used Verizon’s Wireless Sync, and had to stop because it was very cumbersome and killed my battery.

    <QUOTE>

    I’m lucky enough to not require Outlook, which has terrible PST-file corruption problems,

    </QUOTE>

    Have you actually USED Outlook in the last, say, 5 years?  I have PST’s that are literally 5 years old (and older) that I use (both read and write) every day, and they’ve never been corrupted.  Your statement is outdated by many years.

    <QUOTE>

    because my company is lucky enough to not use Exchange, which has terrible mailbox size limitations.  </QUOTE>

    Exchange allows you to impose size restrictions, but it also allows you to have no size restrictions.  You’re blaming Exchange for something a messaging administrator imposed on you.  Don’t kill the messaging system!

    <QUOTE>

    Sorry to bring all of this up.  Do you see where I’m going with this?

    </QUOTE>

    Unfortunately no, I don’t see where you’re going with any of this, unless it’s to spread anti-Microsoft FUD.

  75. Terry Wrennall says:

    Its a feature I never used

    From the reading i saw

    YOU are going to get it back but you have to wait for other higher prioity tasks to be finished first

    Unfortunatly no ammount of complainint is going to speed that up

    and nice reply barkeylives

  76. Amit Ranjan says:

    Hi Mike,

    Nice article.Though I may not agree comepletely with the reason given for removing Sync over Wifi but still it sounds plausible.

    What realy beats me is that why the WiFi should be disabled when we have attached the device to PC.I will give a real scenario.We were building a VoIP solution and for that we needed to debug the application using VS2005.Its a real pain to debug when WiFi is switched off as soon as device is connected to development PC.In this scenario only option left is log file and I dont need to tell you how big a pain they are..:-)

    Thanks and Regards

    Amit

    http://amitranjan.wordpress.com/

  77. Kevin says:

    To me, it sounds more like a decision to cut a feature and provide a convenient security excuse. Just as there’s no such thing as perfect security, there’s also not always a need for security.

    You say that you refuse to load the gun to shoot ourselves with, but that’s a gross exaggeration of the situation of most people. People also create password-less accounts, print out emails and leave them in the printer, and sell unwiped hard drives.

    It’s more like you’d be providing the screwdriver for the carpenter to make things with and the suicidal maniac to stab himself with.

  78. MikeCal says:

    Here’s a question for you folks to ponder.  "Is MikeCal a bald faced liar?"  (No need to post your answers.)  

    I realize that, at the point where you’ve decided that I AM a bald faced liar, there’s nothing I can say to convince you otherwise.  Anything I’d say would be a lie too.  

    But, as pointless as my saying this is, I’ll tell you that over the last year and a half of posting here, I’ve never said anything that I knew to be wrong.  It’s possible that I’ve made mistakes.  It’s possible that I’ve unknowingly gotten my facts crossed.  But I’ve never intentionally said anything that was false.  

    No, we didn’t decide to cut the feature and then come up with the security excuse to justify it.  The security flaw was bad enough that we had to either fix it or cut the feature.  And we didn’t have time to fix it.  

    No, it’s not fiction that we see an important difference in ability for a user to make his system insecure and the inability for a user to make his system secure.  

    And, however bad a job I’ve done of explaining the severity of the security flaw, it’s not a lie that we really do consider this one to be huge.

    Maybe everything I’ve said all along has been a lie.  Maybe the backlight actually generates battery power rather than burns it.  Maybe RAM is really a fancy name for a hard drive.  Maybe pressing and holding the 0 button on the phone actually makes it explode and I was just hoping to catch a few users unaware.

    Or, maybe the previous 34 articles and countless comments have all be true, but were really part of a grand scheme to build your faith in me so I could pull the wool over your eyes regarding this particular feature.

    You be the judge.  MikeCal: Modern day Machiavelli, or just an honest developer trying to explain how things get done here at Microsoft.  <stifles a maniacal cackle>

    Mike

  79. MikeCal says:

    Amit, I believe you’re talking about a different thing.  You said that WiFi is disabled when you connect to a desktop PC.  Do you mean that the PC’s WiFi is disabled or that the Device’s WiFi is disabled?

    Mike

  80. klax says:

    My pocketpc have a wifi, but don’t have bluetooth. I only can syncronize by usb. Aaghh.

  81. Ryan Smith says:

    I’d like to take this opportunity to thank the Windows Mobile team for putting security first, rather than the typical Microsoft strategy of adding everything and the kitchen sink to their products.

    I look forward to the feature being readded in the future. I also wonder what the team is working on that is more important than WiFi. Maybe a teaser would appease the masses?

  82. scyost says:

    @bill: The decision about what changes go into AKUs is primarily driven by what operators want to ship their devices, and not by whether or not we "care" about security. That said, a fix for the client auth bug you mention did go into one of the versions of AKU3.

  83. Murat Kaygusuz, MD says:

    This is all BS!…And you very well know why! I won’t get into details, the above comments are clear enough! After using Microsoft from DOS 3.0 dates, I finially decided to let Microsoft go! after reading about this. If you can make a .NET developer like me say this then  RIP Microsoft!, Welcome linux/Intel MAC as well as micrsoft stocks!

  84. mike,

    i started laughing after reading your blog. maybe someone believe you, but not a technical expert.

    you can exchange the keys at the first secure connecten by usb. and then allow a encripted ip connection. i did this in my application in a couple of hours with available classes…

    maybe you don’t know, but smtp is not encripted. it is very easy for me to read EVERY email our exchange server receives. the only thing i need is ethereal / Wireshark and use my card in promiscuous mode. why didn’t microsoft stop supporting smtp??? maybe because it will be useless??? why does ms still support unencripted ftp or unencripted webdav or a lot of other protocols?? why not stop supporting for tcp-connection??? they are unencripted. ohh, i forgot: the whole internet depends on unencripted tcp connections…

    it is a pain in the ass to debug a wm5 device with a usb 1.1 connection.

    please stop telling us unbelievable stories and come back with the facts.

  85. Stephen says:

    I am amazed at the decision brought by microsoft, I am new to Windows Mobile 5 just to find out that I have to own an exchange server to do what I bought the thing in the first place for.

    I run a small hosting business, I actively manage one of the nets large security sites. I deal with SSL, IMAP, POP, WPA-PSK etc on a daily basis.

    There are holes in not only Microsofts decision but in many of the comments posted on here.

    1) Someone said that since MS does not require standard IMAP and POP to be IMAPS and POPS then whats the big deal for AS? Pretty simple actually MIM attacks might get your password on a standard pop authentication but thats all they will have access to "your email". But if they had access to everything that AS transmits such as your contacts then the decision you have made to transfer this data unencrypted is actually a privacy violation and leaves the door open for lawsuits (It is not your right to transmit other peoples contact data without protection look at Visa and Mastercard’s policies if you need to get schooled on privacy of people’s information you look after).

    2) Microsoft is wrong in disabling all forms of wifi AS because a simple code change could make it so you are only able to access IP ranges on the local network such as 192.x (Enabling this would get rid of 80% of the people who have an issue with this decision, because most of them just want to be able to sync wireless inside their home or office WiFi netowork)

    3) 3rd party certificates would be an unnecessary cost for end users; Microsoft already has their own CA and for them to release an update for windows XP machines in order to provide an encrypted tunnel via SSL/TLS would not be an issue for them. in fact the time to delivery if they really wanted to do this would be fairly quick. But MS has other agendas and that is why they don’t provide this functionality.

    4) I wish MS would put this at the top of their list cause I sure don’t want to fork out a monthly premium for exchange email hosting. I will go with a free push email service such as:

    http://www.emoze.com

    before I spend a single dollar on exchange hosting.

    Their client actually does encryption and integrates with pocket outlook for those wondering

  86. Loki says:

    Mike,

    I have to hand it to you, kudos for explaining this in real non-marketing terms to us.  I can see that lots of people are angry here about this but they forget that they wouldn’t even be able to vent their anger unless you had come forward with the raw truth.  

    Even though I have a problem with corporate MS, I like the people like you are still real and willing to talk to the end users.  

    It is only through mistakes that we really learn.  

    Thanks,

    /D

  87. Charles says:

    I thought I should add to my previous comment on this old post because I finally understood what you meant by ActiveSync being unsecure over IP:

    (after all I have zero knowledge of AS/Windows mobile as I stuck with Palm OS until WM is stable/frozen -probably the 2007 version?)

    you mean that there *no* level of authentification for AS on the desktop, right?

    So anyone polling the on the IP:port can get access to user data…

    Although I too would find very unsecure for a user to enable the feature I still do not see the rationale for disabling the feature all-together.

    After all if the user want to put full access to the HD in aninymous ftp it is still possible in Windows (after a lot of un-ticking).

    So why not leave it for ActiveSync?

    Just to show that I am not always siding with the user: I too think that leaving memory management to the user is not the best. So "hiding" on X is fine by me (provided the OS memory management works).

    Charles

    SOC developper

  88. Charles says:

    "So why not leave it for ActiveSync?" I meant:

    leave the feature off by default and let the user enable it after a lot of unticking;

    plus add a group policy to it so that in corporate environment it can be disable by policy.

    Doesn’t that seem resonable?

  89. James says:

    Mike, to get the first bit out of the way: Thanks for the excellent article. However, this really hurts us and we want sync over ethernet back asap. Please, Thank you.

    To the flamers:

    I know a lot of chaps working for Microsoft, and to a man, they are honest and hardworking.

    Microsoft does not hire crooks (why would they do that?).

    Microsoft does not tell us pointless lies (it’s far to easy to get caught).

    The bad old days when Microsoft might have done certain things to manipulate the market to make it impossible for other software/hardware vendors are gone (I think they’re getting tired of being sued by goverments!).

    This guy gave you the facts as they stood and you’ve done little but flame him. Well done for shooting the messenger (Muppets!). Instead if whingeing, hit the contact button the Windows Mobile homepages and call them to register your displeasure.

    Don’t bother flaming me, I don’t care, and i’ve ignored way more important people than you. I came here to read this article and now I understand the issue, might never come back – that is the beauty of the internet.

    Don’t tell Mike how irritated you are, tell Microsoft!

    Cheers

    James

  90. SSrikonda says:

    I’m curiuos about something.  If WiFi sync is insecure, what about Bluetooth sync which hasn’t been disabled?  Sure, it’s a limited range but by the same argument, it’s also insecure.

    Right?

  91. Chris E says:

    Now I’m curious.

    Why hasn’t someone interfaced a raw socket, IP-driven interface to a COM port so home users like me can trick activesync into believing there is a local COM port attached to the machine?

    Yeah, you know, the virtual kind.  I’ve been looking into this a bit but unfortunately don’t have time to dabble in a client-server application to enable this idea, so I’ll throw it out there and hopefully someone will develop it.  Please let me know if you do, it’d be appreciated.

    PPC client app –> internet –> server socket, masquerading as COM port –> Activesync setup to use said COM port.

    Yeah, it’s possible, doesn’t take a rocket scientist to figure that out.  As far as encrypting this well, yeah, it takes a certain open source developer to imagine that part up 😉

    Chris

    Victoria, B.C.

    Canada

  92. scyost says:

    Ssrikonda – like it says in the main article there are several differences with bluetooth. It has some authentication via pairing, link-layer encryption, and it has short range.

  93. Marc M says:

    Mike, will you do an explanation on the how and why of the removal of backup from AS as well for us. I like your way of writing and taking the effort of explaining the hard to accept matters.

    Marc.

  94. Steve M says:

    Mike,

    I seriously don’t understand why people have become SO bitter over the lacking WiFi situation – Yes, in the short term people will have reduced functionality within AS, but if it’s a choice of ‘reduced functionality’ over ‘data security’ I’d choose to use a secure environment every time.

    I guess a lot of people (developers and users alike) just don’t appreciate the significance that a security flaw can have in an Global Operating evironment.  It’s easy to sit at a computer and say ‘give me the option to enable this facility’, but in doing so it leaves room for human error and the ramifications could be significant (why anyone would choose to open up a security flaw in a business evironment eludes me?!?)

    C’mon guys, can’t you see that Mike IS telling the truth in this Blog, and that the WM Team are simply looking out for our best interests?!!

    Lets just hope that priorities get sorted and securing WiFi is dealt with soon…

    Keep up the good work Mike…

    Cheers,

    Steve.

  95. Martin says:

    Mike,

    I must admit I would like you to answer the question about what higher priority features are being developed instead of focussing some effort onto this.  Personally, I can’t think of anything that would be more gratefully received than the abililty to remote sync.

    By removing this feature, MS have made it impossible to do a remote sync to Exchange 2000 servers.  A cynic might suspect that this has been done to force businesses to upgrade their servers to Exchange Server 2003/2007 at a time when syncing outlook to mobile devices is becoming so important.

  96. MJ Napier says:

           The MicroShaft people in this forum seem to like relying on Stalinist answers and sure, many things can be answered by ‘the greater good’. Before we seize that authority, or miss the original responsibilities though, I’d like to remind everyone that these standards don’t appear in the vacuum of space, but in consensus building standards committees which, are dominated (at least by interest) in working with Microsoft products.

    The Pocket PC is a Microsoft incantation, as is outlook, activesync and everything else in the ‘chain of responsibility’ save the WEP standard that could not exist without Microsoft’s support and adoption. If Microsoft cannot honor the original commitment to connect these devices, all excuses should be left to their attorneys.

    I worry anytime I hear; “for your own good”, and not surprisingly I’ve found that the decisions being made for me are never made with me, or in consideration of – me. Your dogma, like your fingerprints, is all over this problem Microsoft. Don’t weep (and please contain the whining), when it bites back. This issue, like many others, is why you’re known as a bully, a tyrant and a self interested megalomaniacal enterprise.

    MJ Napier

    PS: I’ve had a Pocket PC since the ipaq 3600. Every member of my family has one now and every member of my enterprise does too. We will be throwing them all out (well, likely eBaying them), as soon as a non-Microsoft option is approved. You guys systematically killed an appliance I wanted – and relied on.

  97. MikeCal says:

    (I’m back after a nice long vacation.)

    SSrikonda the main difference between BTh and WiFi is that BTh is a direct connection to the PC that doesn’t go over IP (the internet).  WiFi is an internet connection that can be made from anywhere in the world.  You CAN use BTh to connect to the internet, but you can’t use that to sync to AS.  As I’ve said before, we didn’t remove WiFi Active Sync.  We removed internet->desktop Active Sync (IP sync).  It’s just that WiFi needs IP and BTh doesn’t.  So by removing IP Sync, we removed WiFi.

    Martin, I really can’t start announcing unannounced features.  But I will give you one example of a work item the AS team prioritized higher than WiFi AS. If we hadn’t done work in Active Sync, then it wouldn’t have worked in any way in Vista.  Not WiFi, USB, serial, anything.  Having no desktop sync whatsoever in Vista would have been a bigger problem for a larger number of our users than not having WiFi desktop sync is.  I know this won’t make anyone planning to stay on XP any happier, but these are the kinds of decisions we have to make.

    Mike

  98. Ian Jones says:

    I personally think that given Mike’s explaination of the security flaws in Wi-Fi active sync, Microsoft we right to disable it.

    People would be even more angry if all there personal details were spread around the world, than if they had to enable Bluetooth to sync their devices.

    Ian

  99. gundling says:

    Mike,

    I REALLY appreciate this blog.  Kudos for having the guts to say "hey we know this is really bad" rather than acting like nothing is wrong.  I bought my latest phone in hopes that syncing over my wi-fi would be a non-issue.  That eventually led me to this blog where I can see my frustrations are shared.  

    I fully understand the encryption issue having security being a constant issue in my consulting career.  But, there are a lot of people out there like myself that only have the Windows Mobile team to actually hear us "backlash," if you will, about how important this is to us.  

    You do realize you will have effectively trumped any other non-enterprise mobile sync market if you guys do get this desktop sync over internet fully working with encryption… and that would be good for Microsoft.  

    Shoot, I will probably be crucified for mentioning something like this, but make it a Vista only feature to force more home users who are savvy to upgrade.  In my line of work parting with $150 to have this  feature is a drop in the hat.  That’s less time I need in front of my box at home and even less of a need for a secretary..  you guys have a vested interest, also…  I’m just sayin’.

    Anyway, thanks again for the blog… I’m sure I will be checking for updates again regularly.

    Regards,

    Rob

  100. gundling says:

    Just another note… I played with emoze (www.emoze.com) for about 30 minutes and got it fully functioning on my T-Mobile/HTC Dash.  A NOTE: You need to restart the phone completely once you get it installed to reset the EDGE internet connection.  

    I’m going to test it for a while, but it already has this functionality working 100% so far.  I’m impressed…

    Regards,

    Rob

  101. Eric Cha says:

    Well, I was disappointed to see I couldn’t wifi sync (or sync over ethernet in general) my brand spanking new Cingular 8525, but I can now see why the feature was disabled.

    So, to skip over all the ranting I would like to do and get down to the meat of it:

    When will this feature come back? It’s been about a year and a half since it was removed.  Is it coming back any time soon?

    Eric

    p.s. Hiya Mike!  Long time, no talk.  Didn’t know what you were up to until I stumbled on this blog.  That last Rose Bowl kinda sucked didn’t it…

  102. Andy S says:

    Mike,

    I’d also like an ETA for activesync over encypted wifi.  

    In the meantime, I’d be grateful for it to be reactivated with a disclaimer ‘popup’ ("connecting over unencrypted wifi is not secure, do you wish to continue?") if you feel it necessary to shake your head in dissapointment at the plebs.

    How about it?  🙂

    -andy s

  103. MikeCal says:

    Oh wow.  Are you the Motorcycle driving, Tae Kwon Do Master, college roomate 15+ years ago Eric Cha?  How cool to hear from you!  Hit the "Contact Us" link and send me your email address.  

    Mike

  104. Andy S says:

    Cough…cough…answer…his cough..question.. Mike cough…cough..!  

    😉

  105. MikeCal says:

    Sorry Andy.  Even if I had a firm date, I wouldn’t be the person who would announce it.  Development makes features happen, but it’s marketing that decides when the public learns about them.  Things would go poorly if the marketers decided to start writing Windows Mobile code.  Things would go equally poorly if developers suddenly thought they could marketing’s job.

    Mike

  106. gleffler says:

    I think there’s a tremendous disconnect here between "Wi-Fi" and "The Internet".

    I run a private Wi-Fi network in my house. When data is sent over the air between two devices on it, the Internet isn’t involved at all. The red herring of "We don’t want your data on the Internet" is a pointless argument. I’d wager that almost everyone that has a Wi-Fi network doesn’t have it setup so that every device that connects gets a direct connection to the Internet – it’s done through NAT. Communication between two devices behind the same NAT gateway never touches the Internet, so all this talk of some alleged attacker reading your address book is utter nonsense.

    I agree with other commenters that it’s reprehensible that the feature was just completely removed with no way to reenable it for ‘advanced’ users (as someone with a several hundred dollar phone, probably all of us fall in as ‘advanced users’.) Bluetooth isn’t even close to Wi-Fi, mostly in the area of range (I have to be close enough to my laptop that I could just plug in the USB cable for it to work) and speed. Bluetooth 1.2 (which these devices have) is slow. Slower than USB, and much slower than Wi-Fi.

    Speaking of disappearing ActiveSync features, whatever happened to the ability to make device backups? I guess that was a ‘security risk’ too? Someone might break into your computer and read the data out of your compressed device backup instead of just opening Outlook and reading it in the first place?

    There’s also the issue of deliberate crippling of S/MIME so that it only works with Exchange Server… eh, I could go on for a while.

    I appreciate the fact that you took the time to make a post at all, but at least be honest with the reasons. If Wi-Fi ActiveSync was removed because of some internal bureaucracy, that would be a lot easier to accept than some sort of fantasized security risk. It just seems like the platform is removing features at an alarming rate and moving towards some sort of centralized, managed model, that might be great for Microsoft and other corporations its size but that SUCKS for individual users.

  107. gleffler says:

    Oh, I should also mention the scenario of ActiveSyncing across the actual Internet with poked holes in gateways, etc.. in that case, the user in question should KNOW that there’s a security risk – and it would’ve been much easier to have AS check to see if the device and the host PC are in the same subnet before syncing, and if not, to prompt on the device "This operation may be insecure…" instead of stripping out the feature entirely.

  108. LowMein says:

    Well, since Windows Mobile Device Center has been released for Vista – without any sych-over-IP capability – apparently I have to pirate an Exchange 2003 server in my basement in order to get this functionality.  Such a pity – forced into a wanton life of crime for want of a meager TLS certificate…now I know how John Valjean felt.  Les Miserables du Microsoft!

  109. tweakradje says:

    Just installed and analyzed AS 4.5. Guess what?

    In Connection Settings I find "Allow wireless connection on device when connected to the desktop" checkbox. When checked it sets the related dword value in the registry to 1. (HKCUSOFTWAREMicrosoftWindows CE ServicesDual-Home)

    Can some check if WiFi works again?

    Cheers

  110. Tweakradje says:

    addendum: if you set HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows CE ServicesAllowDTPTOption (dword) to 0 the Wireless connection checkbox doesn´t show (of course ;O)

    Cheers

  111. Mark Tomin says:

    Tweakradje, I tried it and WiFi works.

    http://nationwidevpn.com

  112. It’s been a long time sicne I last updated my blog… Work and baby issues take up a lot of my time now.

  113. jallison says:

    Just got a Cingular 8525 and have been frustrated with WiFi getting shut off whenever I’m syncing. I don’t really mind syncing over Bluetooth, but I hate the fact that WiFi just gets shut off with no notice.

    I read gleffler’s comments above and totally agree. I am using WiFi to get on my local WLAN and am perfectly comfortable with the security level. The fact that I have to decide between being on my own WiFi network and doing a sync through ActiveSync is broken.

    I have to admit I don’t really follow the last two posts about reg hacks and AS 4.5…perhaps there is light at the end of the tunnel but I can’t tell.

  114. moosedude says:

    Security is good, but should NOT be manditory.  It is like a car salesman selling you a car that is locked, and ONLY giving you the keys to the trunk through which you enter.  The other doors and windows are superglued shut, and will not open, ever.  Good call Microsoft.  Play big brother for us.  We are unable to make decisions for ourselves anymore.  What will happen when WWIII happens>  Will you hold our hands for us then?  Please? After all, we are stupid lieele morons who don’t know any better.

    Thanks for nothing.

  115. MikeP8RSON says:

    Apologies if this has already been asked before but I would like to know from Mike ~ If the reason Wifi was removed because of ‘security reasons’, then why has it never been removed from ActiveSync 3.8 (of which I use very happily on my Loox720)?

  116. MikeCal says:

    MikeP8RSON, There’s no way for us to "unrelease" software.  Once it’s out, it’s out.  The only real way to remove something from a piece of software is to release a new version that doesn’t have it, and hope people will update.  That’s precisely what we did with Active Sync.

    Mike

  117. Tom says:

    This is typical Microsoft way of thinking! American style! American usually leave some room for errors or always have a plan B in case things go wrong. This make sense and it is scientific/logical. You reallly cannot eliminate error completely. But hey you know what Japanese/Asian thinks?

    Japs don’t want/allow error at the first place. Why do you leave room for error when you can do it right at the first place?

    This is why the interior inside American cars have huge gaps and nothing fits. While every interior piece inside Jap/German cars fit each other well. No big gaps, just perfect fits.

  118. George S. says:

    IMHO, this whole post is absurd. I do not know (and honestly, do not care) whether this decision was made to make another product (Exchange in this case) more appealing… BUT, I know that removing WiFi Sync from AS was a very bad idea. I only used to Sync my PocketPC with my desktop via WiFi NOT the Internet and our WiFi network is pretty well protected. Why SHOULD NOT I be able to sync with my desktop via WiFi? Luckily my laptop has built in Bluetooth and I think I can somehow manage to sync via it (though not sure).

    Anyhow, this decision brings only discomfort to those users who know how to proect their system. Someone has mentioned above having Wifi sync disabled by default and having a choice to enable it via group policy. That would be the best thing to do and by the way…

    "It’s clear that, as little as 5 years ago, most Microsoft employees didn’t understand security well enough."

    If 5 years ago most MS employees did not understand security issues… well… I’d better leave that with NO COMMENTS.

    I beg pardon for my tone but I’ve  just bought a $900 device (switching from an equally expensive Nokia device) and I am not able to even sync it with my PC via WiFi, this is totally absurd.

    G.S.

  119. MikeCal says:

    I’m going to try this one more time.

    There have been a bunch of comments to the effect of, "My Wifi network is secure.  You should allow people who know what they’re doing to enable this." Every one of them has been an example of why we had to remove the feature.  

    I’ve explained over and over again that this is insecure even when you have a secure Wifi network.  I’ve explained why.  I’ve devoted considerably more text to this than any dialog box ever could.  If it’s still unclear, how could we possibly word the warning on the dialog box to explain why you shouldn’t enable it?

    What if we had an option to enable IP sync, but when you clicked it, it popped up a message that said: "I understand that, by checking this box, all of my personal information will be sent to an overseas crime syndicate who will steal my identity and turn my machine into a spam bot.  I further understand that there’s nothing I can do to stop this from happening.  Continue?"

    The repeated comments I’ve seen here have said that people would STILL check the box.  

    It’s productive to tell us to add a new "secure ip sync" feature.  But all the name calling in the world isn’t going to convince us to reenable the previous insecure ip sync.  I wish I had the writing skill to adequately explain why.  This thread has made it clear that I don’t.

    Mike

  120. George S. says:

    Hello Mike,

    First off, thank you for your response. I do appreciate you taking time and answering our (angry) comments. Again, I beg pardon for being too critical. But you should understand our position too. I run a small IT company and we do take security seriously, indeed. But again, imagine yourself buying a new device that cannot even be synced over the wireless. It is the 21st century and why should I be forced to use the cable?

    But even if it is not possible (though I seriously doubt this) to make it secure with the previous method, then please add some sort of encryption to it. The fact that it works with Exchange only makes people believe in conspiracy theory.

    Thank you again for your attention to this matter.

    Respectfully,

    George S.

    P.S. When I was posting this, I finally configured to use ActiveSync over Bluetooth and luckily both my laptop and my Pocket Loox T830 support Bluetooth 2.0 and quite good speed was achieved.

  121. John Parker says:

    OK, I’ve read this entire blog to date, and I’m very sorry, but there is clearly a misunderstanding somewhere with how IP security is supposed to work!

    Firstly let’s just clarify why the feature was removed – it was because one or more "enterprise" customers has expressed concern over security – sorry but they clearly do not understand either.

    If I was a home user and I wanted to sync over wifi within my home, I could potentially be at risk because wifi does not stop at walls, and sync uses an insecure and unencrypted protocol. Fine.

    Similar situation if a user wants to sync via a wifi hotspot – but this time I’d have to open the firewall on my home router to allow this protocol through – which would let any external through to my AS host that stumbled on my IP address.

    If I was a corporate customer I would have similar concerns.

    But this is why secure protocols exist and why everyone should lock their home wifi down to mac addresses and possibly place them outside their own firewall.

    If the sync was to be done over a VPN connection (many routers will act as VPN endpoints) why is this any more insecure than any other use of VPN?

    Put the functionality back into ActiveSync and let everyone secure their networks properly.

    John P.

  122. MikeCal says:

    John, I’m sorry, but just about everything you said is incorrect.  

    The feature wasn’t removed because enterprise customers expressed concern over security.

    The reason home users are at risk has nothing to do with Wifi not stopping at walls.

    Wifi hotspots have nothing to do with the problem at all.

    If you locked your home wifi down to a mac address, it wouldn’t solve the problem.

    The sync isn’t done over a VPN connection.

    If we put the functionality back in, 99% of the people who have commented here would think they know how to secure their network against the threat.  Each of them would be wrong.  

    When I first wrote this entry, I was pretty convinced that removing IP sync was necessary.  The comments here, though, have really opened my eyes.  You folks are firmly driving home how badly we needed to remove the feature.  

    If people can read me saying over and over again that WiFi has nothing to do with the security flaw and STILL think they can protect their network by locking down their WiFi, I can’t imagine how we could educate people on how to use the feature safely.  

    Mike

  123. John Parker says:

    Well Mike,

    Your replay has I am afraid done nothing to convice me, or probably anyone else that you (nothing personal) or Microsoft know what they are doing – at least on this subject.

    The announcements of ActiveSync 4.0 posted all over the web clearly state the feature was removed due to security concerns from enterprise customers.

    Home users could only be at risk of criminal access to desktop PCs running activesync if either they had incorrctly set firewalls (a proper one in their router – not the "windows" firewall, or an open wifi access point. If you’re not sure you have a secure firewall then visit the Shields Up part of http://www.grc.com

    The activesync protocol is not encrypted, so the fact that wifi does not stop at walls means that any clever criminal can snoop the wifi traffic, unless the wifi is correctly set up with all security features turned on. Locking down mac addresses will only deter the idiot criminals, not the clever ones.

    The reason why hotspots are a problem is that if you have your home/corporate pc exposed to the internet, even just the port that is needed by AS, this is easily accessed from anywhere on the internet, but the only reason you would do this would be to enable yourself to sync from outside your own network, most likely via a hotspot.

    If however I have a VPN configuration and therefore a completely private link from my PDA to my desktop PC, usable from anywhere on the internet, even wifi hotspots, any IF traffic will be secure, even AS!

    Please explain why this would not be the case – because otherwise every user of VPN is at risk, not just AS users.

    The only thing I can think of is that WM5 is so insecure that allowing sync over IP would allow any imposter to steal info directly from the PDA. If that is the case, the basic AS protocol is severly flawed and needs fixing fast.

    Again please explain.

    Microsoft should be listening to it’s customers for a change to make this work.

    Unfortunately for you I’ve been working in this area far too long to simply accept anything anyone says about computer security without knowing ALL of the facts.

    (I was one of the first people to run IP traffic over a transatlantic public network – you’d better believe I know all about security!)

    John

  124. MikeCal says:

    John,

    I’m sorry that I misunderstood your post.  I thought you were saying that AS always goes over a VPN, not that you yourself had gone out of your way to set one up.  

    If the only time you ever communicate with your PC is over a VPN, you’re probably safe.  But, of all the people who said that they’re secure, you’re the first one who has set up a VPN.  

    Yes, it’s POSSIBLE to secure Sync over IP.  But the majority of people will think they’re safe and won’t be.  If the only guy who can secure his IP Sync is someone with so much experience that his bits were the first to cross the Atlantic, then I hope you can see why this isn’t something we can just leave enabled.

    An expert in the field could have protected himself against many of the famous security flaws found in Windows over the years.  Yet, never did anyone ever say, “Good for you, Microsoft.  We’re glad you left protection in the hands of your users.”  No one ever said, “Hey, a hardened security veteran could have protected himself, so this flaw is okay.”

    We have a responsibility to fix egregious security flaws in our code.  Sometimes we’ll do that by rearchitecting the code to make it secure.  Sometimes we’ll do it by removing the feature.  Sometimes we’ll do it by removing the feature until we have time to rearchitect it.  What we will not do is leave it as an option to the user when we have documented evidence that the majority of users will get it wrong.  It’s not that we think people are stupid.  You know as well as I that this is complex stuff.  And it’s not that we’re trying to be paternal.  It’s that we’ve been told time and time again that the responsibility for making our products secure is ours.  We agree with that assessment.

    Mike

  125. John Parker says:

    Mike

    Thank you for your comments.

    So I guess we have to wait in line for this to be "rearchitected".

    When you come to do that it would be very good for all those with WM5 or earlier devices, if this could be applied to their existing devices rather than being only available for MW6.

    Meanwhile, from what you have said, anyone using WM2003 et al with AS3.8 etc to sync over IP is clearly at risk of having data stolen (unless they have secured their IP) which is good enough reason to encourage everyone to use AS4.

    All the best.

    John

  126. CraziFuzzy says:

    I thought I had discovered a possible solution to microsoft’s challenge with funambol, went through the setup and everything.  funambol connects perfectly with the WM device, and syncs everything on the funambol server with my WM5 phone, over any network connection available.  Unfortunately, the Funambol Outlook plugin is PIM only, so I can’t get the outlook email onto the server.  

    Oh… but the funambol EXCHANGE connector works just fine… if you have exchange…  but that’s kinda pointless, isnt’ it, since we CAN sync email if we shell out for exchange.

  127. Coolmobile says:

    So let’s get this straight…

    I have a laptop computer which is designed to connect to everything wirelessly (except when I am charging it).

    I have a smartphone which is designed to connect to everything wirelessly (expect when I am charging it).

    But to sync data between the 2 I need a wire?!

    The situation is so mad it is almost perverse. Do Microsoft not realise that as soon as you have to connect a mobile phone with a wire it is no longer a mobile phone.

    My phone cost £500 – more than my laptop. It has far less functionality than my laptop, because it is (meant to be) far more MOBILE. That is the ONLY reason I have a mobile phone in addition to a laptop. Which part of this concept is hard to grasp? Do the people who write the software understand what a phone is? – they don’t appear to be able to "see the wood for the trees".

    If there are security reason, then fine, resolve them – with some urgency. But this is surely a case of "throwing out the baby with the bathwater".

    For the last time, it’s a MOBILE phone. […bangs head against wall repeatedly…]

  128. SteveR says:

    So why not enable over bluetooth when you removed WiFi. Lots of phones support bluetooth synching. Lots of DUMB phones can do it. What about a Microsoft smartphone?

  129. MikeCal says:

    SteveR, BTh sync works just fine.

    Mike

  130. kunz says:

    Mike,

    Thanks for your comments. I just have some questions and I would really appreciate it if you would answer this without trying to deviate from, or ignore the question by stating unnecesary information which do not have any direct relevance to my particular question:

    If Microsoft are so concerned about security, why is it that the end user can:

    1) Connect to the internet even if they have no firewall (hardware OR software) in all its operating systems, even with the so called ‘more secure’ Vista?

    2) Enable autorun for all removable devices by default on in XP/Vista? Disabling the autorun is the users responsibility (i.e holding shift while inserting the device).

    In every MS release to date, security of their data is more or less left to the enduser. Why double standards with AS?

    You also seem to forget that something as simple as a registry bit which activates the AS over IP setting would satisfy the nerds. Whether they set up a VPN or NOT is up to them, and its hypocritical for you to state otherwise.

  131. MikeCal says:

    Kunz, you’ll have to ask those questions to the Vista team.  This is the Windows Mobile Team Blog, not the Vista Team Blog.  We’re not the same group.  

    Mike

  132. kunz says:

    Mike,

    Bravo for trying to dodge the question and pointing the finger at someone else. This is starting to get hillarious; and I’m sure most of the techies here will agree with me.

    You repeatedly speak of "Microsoft" as a ‘whole’, and representing the company when you try to explain the ridiculous reasons for why AS over IP was disabled – great writing Mike 🙂 .. might be an excellent idea if you actually starting writing ‘fiction’ professionally; you’re quite good at beating things around the bush.

  133. Kevin D says:

    kunz, read through the previous comments. Everyone knows the security explanation is only a cover up. You’ll never get a straight answer from these people..just got with Exchange.

  134. MikeCal says:

    kunz, imagine you work for "the Government" and you’re working to pass a law that requires that Company X stops dumping toxic sludge into a river, "because it’s killing people."  But someone comes to your blog and says:

    "I would really appreciate it if you would answer this without trying to deviate from, or ignore the question by stating unnecesary information which do not have any direct relevance to my particular question:

    If the government is so concerned with people dying, why is it that end users can:

    1) Drive automobiles when more people die in car crashes than due to toxic sludge.

    2) Eat food, when more people die of obesity induced heart attacks than due to toxic sludge."

    Now, you might try to point out that "the Government" is a big organization, and that you don’t work in the Department of Motor Vehicles or the Food and Drug Administration.  

    But, then, the commenter would just point out since you represent the Government, you’re just beating around the bush.

    I don’t know what you want out of me.  We’re not going to leave gaping security flaws in our code open because some group 3 miles away allowed you to access the internet.

    Mike

  135. Randall says:

    Dude!

    Having never blogged before this is a first, but I read this with great amusement. (Having just gotten a Smartphone, and discovering to my chagrin that I couldn’t sync over wi-fi).

    First, kudos on your patience.  I’m sure I couldn’t keep answering the same questions over and over again without blowing a gasket.  (and maybe some name calling for good measure)

    I am also surprised on how little people understand how commercial development happens, and the concept of "priortizing"–where you have more work than resource to accomplish goals.

    I am also surprised, at all the folks who want to have this feature enabled regardless of the risk.  Even with all the warnings, I’m sure some of those same folk would be the FIRST to blame Microsoft for the security flaw when it affected them. Ah well.

    Having said all that, hurry up and fix it!!!!

    🙂

    oh yeah, and cut and paste whilst you are at it?

  136. RyanD says:

    This is a real bummer…  I was just looking for an alternative to sync my new PDA to my laptop and BlueTooth just will not work (been trying for weeks).  I could care less about syncing over the net.  I just wanted to do something like setup an Adhoc connection and use that.

    I can see MS point of view.  Unfortunatly a few bad apples (hackers) have really messed up a good thing (the net).

    But, I am sure everyone here is willing to pay $200 for AS5.0 so MS can double their development effert to grant everyones wishes! (and are willing to wait until 2010 to get it completly debugged, and rock solid stable)

  137. Ben Dilts says:

    Well, the change is pretty upsetting.  Maybe the ethernet ActiveSync is not encrypted, but the VPN connection I use to get connected to the computer I sync with is definitely encrypted.  Why not allow ActiveSync over a fundamentally encrypted connection?

  138. Richard Nobel says:

    USB sync does NOT function correctly (for me and some other people at least).

    It seems to me that my PocketPC/WM5 PDA connects as an NDIS device (isn’t that Ethernet? Sorry, I’m really not a network expert :-P)

    So, when I connect the PDA to my laptop through USB, I can still SYNC – but at the same time my (laptop’s) entire WiFi network is messed up! Which I can only solve by rebooting the laptop!

    As a workaround I decided to setup BlueTooth sync, which seems to work fine; only that’s ofcourse a Serial (virtual COM port) connection – probably slower?

    Maybe I should try Serial over USB aswell.. (instead of NDIS/network) – but again, wouldn’t that be slower?

    Anyone here who knows ‘the’ answer?

    Greetings from the Netherlands,

    Richard

  139. MikeCal says:

    Richard, you’re correct that, by default, most WM5 devices USB connect via Remote NDIS (RNDIS) instead of the older Serial USB method.  This was supposed to be an improvement for everyone because the desktop windows team actively develops and supports the desktop RNDIS drivers where our serial USB driver was really old and hadn’t been updated in a long time.  

    However, while RNDIS worked fine in testing, when we released WM5 we started getting reports like yours of people having trouble.  RNDIS effectively shows up as a second network card and it seems that some laptops get confused when there are two networks connected.  It’s a relatively small number of laptops that have this problem, but that’s no consolation if you’re one of the people who has one.  (It does partially explain why we didn’t see the problem, though.  We didn’t happen to have any of the problem laptops in our tests.)

    Switching back to Serial USB is the easiest solution.  

    There is the potential for a speed decrease using Serial USB instead of RNDIS, but a slower connection is better than no connection at all.  I never profiled the two connection types so I can’t tell you exactly how much of a change you can expect.  I have vague memories that it wasn’t large, but I’m not sure.  Ironically, we made the change to RNDIS for stability, not speed.  

    BTh sync is another potential.  The downside there is that your device doesn’t charge when syncing.  If you’re going to be next to a charging USB plug anyway, you might as well charge the device too.

    Mike

  140. Richard Nobel says:

    @MikeCal: Thankyou for your quick reply 🙂

    On my WM5 PDA i switched the Sync settings to "Serial USB" and after a soft-reboot (on the PDA side) it was correctly recognized by ActiveSync on my Laptop.

    You are right that "a slower connection is better than no connection at all", and I didn’t find a really noticeable speed decrease yet – I was kinda ‘thinking out loud’ in my message above.

    FYI, my laptop is an Acer Aspire 1690 with Intel(R) PRO/Wireless 2200GB Network Connection (and a Broadcom NetXtreme Gigabit Ethernet adapter).

  141. Dennis George says:

    Mike, I totally respect your willingness to continue discussion with such a clearly hostile audience… Hopefully you are still keeping up with the comments here, even after this long.

    I’ve read thru all your reasonings which were given, and theyre fine. IP/WiFi sync is inherently insecure, fine, given.. Priorities must be considered to implement a secure and authenticated sync, fine also given..

    What I have to simply flat out disagree with though is that providing a workaround solution for the people who want it is a ton of work..

    Serial port sync is still available.. its what BT uses. This was suggested earlier in one of the comments.. Why not write a virtual com port app? Basically you’d have an app which provides virtual com ports on both ends, device and desktop, and uses IP to connect client -> server, securely authenticating and encrypting the communication in the process.

    And you know, just release it as a "PowerToy" or something to appease the hordes. It would of course be even better if all this were integrated directly into activesync, but im sure a lot more hoops would have to be jumped thru for that.

    I firmly believe this is not a ton of work at all.. All the pieces you need to do it are already available to you for the most part. Am i wrong about this? I’ve already found several open-source projects which show how to do virtual com ports, and others for how to do encryption. The rest should be trivial.

    Its been what, nearly 2.5 years now since Wifi sync was removed? It just doesn’t sit right… Conspiracy theories abound.

  142. Having just bought a t-mobile Wing PDA phone, I was very surprised to discover the lack of remote sync abilities (even though the phone has built in wi-fi).

    I’ve read through almost all the posts here so far, and basically I’ve arrived at an overall feeling of disappointment and helplessness.

    Yes, I understand that wi-fi and ethernet is insecure, but that’s only when it’s un-encrypted!

    Seriously, how hard would it be to tack on some encryption on the ethernet/wi-fi ActiveSync code and call it done? Have the user define the encryption key over on one end, then have them define it over on the other end. Encrypt any data using the key, before sending over the open network, then decrypt it right before processing on the other end.

    Geez.

    There’s literally no reason why I shouldn’t be able to sync with my computer remotely using my device’s EDGE or Wi-Fi!

    If this feature has really been left out for 2.5 years now and the only reason is that it’s "insecure", well… that’s just un-acceptable. Securing things is not even nearly as difficult as you’re making it out to be.

  143. May be your not hearing any market demand because you are only listening to customers, big customers with big installs. That would mean the 50 million others who would love this, but are forced to use Rim blackberry products, old  versions, MobileSync mNotes, Intellisync, Synthesis AG – SyncML Client & Server Solutions…

    Sync’ing is tough, developers know this, but add my one quite voice in the wilderness to the chorus. This should be a high priority. How can you expect the platform to take off without it. Tell the live.com folks to make a hosted solution for it, I’d pay $5/month or $40 a year for a trusted company to do this for me.

    I look about every 8 months for a new solution to this problem. One that I keep expecting and am half way temped to write for myself is a VIRTUAL USB DEVICE.

    Create a wrapper to connect intercept the USB info on the mobile device. pipe that over wifi using https to a know sync location. The sync location receives the info and has a virtual USB device on it that activesync sees and thinks you’ve plugged in your device. ActiveSync is non the wiser that it was all virtual and happened over the network.

    Feasible? Let me know, I hate rabbit trails.  

    Eamil: first . last at comcast . net

  144. Oops, looks like Dennis George and I where thinking along the same lines….

  145. David Boreham says:

    Clearly someone smart should write an application that terminates an EAS session (which the devices support natively) and talks to the outlook PIM store (via MAPI or CDO or whatever API MS has deemed to be usable these days for this purpose).

    I have a few spare hours this evening, perhaps I’ll

    go write it…

    😉

  146. David Sim says:

    Someone else disappointed at the removal.

    While I admire the quest for a technically perfect solution, surely the only steps required are:

    1. Check that the WiFi connection is secured

    2. Check that the destination IP is a private one.

    By adding (2) you would ensure that either I was operating within my own private network or I was VPN’d into it.

    Of course I could have someone intercepting traffic on my own private network, but frankly if that’s the case then I’ve bigger problems than worrying about my calendar information going astray. After all, mobile devices are far more likely to suffer from physical loss than intrusion like this.

  147. Disappointed Home WiFi User says:

    Not being able to sync over WiFi to my new imate Jasjam (HTC TyTn) is one thing, but not being able to backup/restore or install new applications to my Psion Teklogix Netbook Pro CE 4.2 any more over WiFi is a real pain in the butt.

  148. Daffyd Thomas says:

    As far as i am concerned, the only logical reason for disabling WiFi is to perpetuate outdated  bluetooth technology, and allowing it’s manufacturors to recoup their investment.

  149. Sven says:

    so, PALM is able to sync over WIFI… funambol enables database syncing over WIFI (http://www.funambol.com/opensource/) … but mighty microsoft cant be arsed to get it working.

    look, my wifi is wep encoded. my PDA can connect to my desktop through VPN… i have firewall and antivirus… and even so i could just close activesync…

    NOW GIVE ME MY WIFI SYNCING BACK ALLREADY!

  150. C.Walker,Jr says:

    Well, time for mere "user" level muggle to chime in…

    (and I’m sure somebody else has asked this in a why I didn’t understand)

    {and I understand you don’t make this decision}

    why not allow ActiveSync via Peer-to-Peer wi-fi connections and make it ABUNDANTLY CLEAR to enterprise level customers that it’s a bad idea for them?

    Isn’t  VPN hosting already available in XP?

    I don’t know…

    In the meantime, I’m looking for a cheap BT adapter for the laptop. It would give me an excuse to buy a BT headset to use with Skype!!

    Wait a minute – are you going to tell me that I shouldn’t give out sensitive info during a VOIP call??

    DAMN IT, MIKE!!!

    (frustration)

  151. Ian Burrowes says:

    I am another user who is disappointed by this.

    Anyone know a work around?  I have a WM6 device.

  152. Greg says:

    I still don’t understand this security handwaving of how "WiFi has nothing to do with this." Let me give a simple hypothetical situation, and I’d like you to please explain to me where the insecurity is:

    1. I have a wi-fi network that isn’t connected to the internet. It’s WPA2 encrypted.

    2. On this network is just my Windows desktop and a router.

    3. I want to perform ActiveSync over IP to that Windows desktop.

    I don’t care that ActiveSync over IP opens up the entire device to changes. Only trusted devices are on this network anyway. Where exactly is the horrible, terrible security risk that you claim to have spent so long explaining but, as far as I can tell, exists only because some sort of imaginary malicious device (or "the internet") could intercept the communication?

    How is this imaginary malicious device any different than bringing in a malicious laptop that reads off the entire device RAM whenever it gets plugged in?

    How is this any different than syncing over BTh?

  153. MikeCal says:

    Greg, if your PC isn’t connected to the internet, then you’re right that IP Sync isn’t a security risk.

    However, the vast majority of people who will use ActiveSync will also connect their PCs to the internet.  So, even though you don’t have internet connectivity and could get away with IP Sync, we need to cover the majority case first.  

    Mike

  154. sven says:

    mike, thats just bullshit. when we connect activesync through BT or USB a network device is created and we even can use our caddles to navigate the web on our PDAs when connected to a caddle. how is that any different, huh?

    besides, ever heard of VPN?

    tell them to give us wifi activesync back (like palm and funambol) and stop the lame excuses.

    besides, having windows is allready a big security flaw, what’s all the fuzz about syncing now? just give users a big huge red warning popup telling em the risk, bill gates loves those popups.

  155. MikeCal says:

    Sven, you’re describing browsing the web.  In that case, you’re a client going out to web pages and pulling data back.  

    IP Sync sets your desktop up as a server.  This enables the world to connect to your desktop at will and pull data from it.  

    Call me whatever names you’d like, but servers and clients are different things.

    Yes, we’ve heard of VPNs.  Had ActiveSync used a VPN to do IP Sync, we probably wouldn’t have needed to remove the feature.  It didn’t.  If you’d like to know more about why it didn’t, please read the blog entry these comments are in response to.

    Mike

  156. Greg says:

    Mike:

    Thanks for at least showing me that I had a correct understanding of the situation. Hopefully this can be reimplemented securely in a future release.

  157. Liam says:

    This has been stated before, Microsoft could have required the use of a VPN, WPA, or WPA2 with Network ActiveSync instead of removing completely.

    MikeCal said above previous versions of Network ActiveSync didn’t work with a VPN connection and ActiveSync 3.8. I thought it did, but I could be wrong. Even if it didn’t, this could have been implemented when using Windows Mobile 5 Network ActiveSync and ActiveSync 4.x.

  158. Mike Jackson says:

    So it is now over a year.  Any progress on IP Sync?  I really really miss this feature.  Although I suspect that it’s become an orphaned feature as the number of people who might use it have moved to a Blackberry or similar devices.  Too bad, I have one as well, but still like my PDA to read my personal mail at home.

  159. Paul says:

    "The official (and true) reason has always been stated as “We removed it for security reasons.”"

    How about leaving it up to the user whether they want to take that security risk or not?  I have always hated companies that make blunt hammer decisions for their customers.

    "Desktop ActiveSync over WiFi was sending all your contacts, calendar, and email data over the internet without doing anything to keep people from reading it."

    By the way, using WiFi to sync doesn’t mean your info goes out over the INTERNET.  It means it goes out over the air to your LAN.

  160. Enrice says:

    Or, alternatively, have a look at:

    http://z-push.sourceforge.net

  161. Manuel Mendonca says:

    Hi! I would like to customize the PassThrough driver to avoid disabling the WiFi. How can I do that?

    Thanks.

  162. Bit late to the party with this, but I just bought my first smartphone (WM6), totally thinking I’d be able to do exactly what’s described here, and I just found out that I can’t.

    I gotta say I’m a little bit miffed.

    Apparently the reason I can’t do this is because my 802.11 network is sending data in the clear?

    Really?

    Well if that’s the case I’ve got bigger issues than a few people getting at my contacts don’t you think?

    And there was me thinking WPA was supposed to encrypt the data, oh I feel so stupid now. Funny thing is you guys didn’t disable WiFi entirely, which is interesting because exactly what’s mentioned above – because I’m such a dumbass believing WPA is encrypted I’m browsing sites and doing banking and pushing files between my device and the internet, thus anybody can read what I’m up to.

    How about having a big message that states unencrypted WiFi networks are dumb? I mean seriously, that’s not an Activesync issue, it’s a general customer education issue – you guys don’t seriously think the next step is to disable wifi entirely in both desktop versions of Windows and all mobile devices?

    I don’t understand why I pay such a large amount of money for my device Microsoft believe I’m an idiot that’s never seen a computer before.

    Seriously Microsoft, who do you think is buying WM devices anyways? I can assure you that a big chunk of us are IT professionals who don’t need to be looked after like we were born yesterday.

    Also @ Enrice – thanks for the link, looks great.

  163. sven says:

    over 1 year since this was posted… still no solution?

    what does microsoft pretend, that we just forget the whole issue somedays? or wait till every1 gets indows vista (eewwwwwww) and forgets about activesync?

    tell bill to invest less millions into developing new eye-candy crap and more millions into his paying customers and fixing bugs in his programs.

  164. Enrique Tutte says:

    1) "But I don’t care if anyone reads my data.  Enable me."

    I don’t agree with your response.  It’s clear that other people have presented scenarios where it’s not a problem (such as isolated encrypted networks).  But this seems to be undiscussable so…

    2) Then fix it

    From the clamoring it’s clear this is a high priority for customers.  Now it is 2008 and still nothing.  Please prioritize this and make it work, somehow!

  165. scyost says:

    I don’t deny that there are scenarios where it’s not a problem. Customers can choose to accept the risk or they can put appropriate mitigations in place. That was a small number of customers though – not enough for us to justify spending resources on it compared to other features that are for broad use.

    If I could turn back time, I wish we had left the feature in to be enabled with an undocumented reg key. That would let the power users still get to the feature but keep it from endangering the majority of customers. Undocumented/unsupported features do have a tendency to break though – unsupported means we’re not going to spend resources on it to test it or keep it compatible with the other parts of the system.

    As for the likelihood of it coming back, I don’t work on the sync team and I can’t make any official forecasts, but I don’t see it coming back in the short term. (like in some sort of WM6.X release)

    I don’t want to give you the wrong expectations. This blog entry isn’t an argument that you can win in order to get the feature back. It was an attempt to clear up something that I think should have been explained better. Even if you were to convince Mike and I that the Windows Mobile team had made the wrong decision back in 2004, it wouldn’t bring the feature back today. The sync team would need to decide that it is more useful for customers to do that than the other things that are on their list. (like improving WMDC or any number of other things)

    Scott

  166. Mike,

    I bought a WM5 PDA in August, and dutifully installed ActiveSync. However, the cradle is never near my (also portable) laptop. Therefore my last PC sync was (you guessed it) in August. I’ve resorted to using a 3rd party Exchange Server to sync calendar/contacts, but cannot sync files. I therefore have files on my PDA which are neither backed up nor shared to my laptop–so much for connectivity.

    1) I’ve read this entire blog, and appreciate your candor. I also understand your position, even if I disagree with MS’s priorities. Several times you’ve suggested that a dissatisfied user should "Tell us to bring a secure version of the feature back.  Tell us about the pain we’re causing you by disabling the feature." Well, I’d like the feature, and I’m in pain. Who should I tell, and how will I know if it does any good?

    2) Is there currently _any_ method of using AS to reach my PC? It it possible, for instance, inside a RD session, or on top of a VPN, or is there simply _no_ way? If not, then it’s likely that I’ll never sync until either MS releases a fix or I buy other hardware, whichever comes first.

    I suppose my data’s secure, since even _I_ cannot reach it! But that’s certainly not the "feature" I expected …

    — Todd

  167. MikeCal says:

    Martin, no it has nothing to do with the security of your 802.11 network.  The problem that forced us to remove IP Sync is still present if you turn off WiFi entirely.  I’ve tried a number of times to explain this, but I’m just incapable of getting that message across.

    sven, we know very well that you’re not just going to forget this.  Part of the difficulty in our job is that we have to choose where to spend our time.  Every feature we do means 9 others we didn’t do.  Even if the feature we chose was good for 99% of our user base, that’s still hundreds of thousands of users who wanted something else.  You folks are part of the hundreds of thousands of unhappy users that are losing out to the millions who want other features instead of WiFi sync.  Not that this will make you any happier, or make me any less sympathetic to your cause.  But it’s the reality of the situation.  The Active Sync team considers putting back WiFi AS with every release, but things that help more people keep getting done instead.  

    Enrique, yes we understand that it’s a high priority for the customers who need it.  It’s just that there are more customers for whom there are different high priority issues.  No one ever says, “People want this, let’s not do it.”  We say, “People want these 10 things and we can only do 1, we have to choose the one that helps the most of them.”

    Todd, the two main options you have for active syncing to your PC are BlueTooth and IR.  If you have neither, the only other option I can think of is to manually transfer the files via an SD card (since you have a solution for calendar and contacts, etc).  I wish I had a better answer for you.  Sorry.

    Mike

  168. Sam says:

    Martin Nicholls said it much more eloquently.

    MS you’re talking balderdash!

  169. Jeff Lewis says:

    "Martin, no it has nothing to do with the security of your 802.11 network.  The problem that forced us to remove IP Sync is still present if you turn off WiFi entirely.  I’ve tried a number of times to explain this, but I’m just incapable of getting that message across."

    It’s because there are two different security issues and to most people, they’re the same thing even though they’re not.

    They think you’re talking about eavesdropping or man-in-the-middle attacks when you’re really talking about general insecurity that comes from having any ethernet port open to a device with no content transfer security. As you note – it would be just as insecure if you had a physical connection to the internet over CAT-5 or through a Bluetooth passthrough.

    The real answer, of course, is to fix the actual problem. You’ve already noted several times that things like FTP and SMTP/POP are okayish because they at least have some kind of password protection (it’s in cleartext – so it’s pretty meagre protection, but hey)… so why doesn’t the WM team (or better the WinCE team) implement some kind of basic device access authentication? Besides fixing this problem permanently – it would also give a way to uniquely ID each device in a way that would allow it to be usable as a security token.

    I know back in the day WM/WinCE devices were supposed to be exactly that – devices – not tiny computer systems with many of the same functions found in a full OS, but that day has passed. If security is really the issue (and I think it is) then let’s get on with real world security solutions rather than patching stuff up or worse, removing useful features.

    The other problem with the answers we’re getting is that this was a feature that did exist. It worked. It just had one rather significant defect: it was insecure. Your comment about them not having the time to fix is seems strange since they had the time to remove it. Agreed, it’s not the same amount of time needed, but it seems weird (and badly planned) to us to remove a feature with no consideration on how to replace it. That makes it feel like the decision was a panic decision and not well thought out.

    Should MS have panicked? Well that depends on how severe this defect is – and that depends on what you’re doing. Very few people use their PDAs to run air-traffic control systems or nuclear plants (and BTW – this is why every OS comes with a Statement of Usability – that weird thing that states that you can’t use the OS to operate a nuclear power plant…) so while you’re technically right – you’re justifying what to most people is a small flaw by using huge and unlikely examples.

    At most – someone can read or write my files remotely – which is, of course, what I want to do. So, you put an alert that says ‘If you turn this feature on – people may be able to read or modify your files without your permission.’ similar to the warnings XP and Vista give when you turn on things like drive root level sharing.

    I agree that security is essential – but what’s bugging a lot of us is that it’s applied *inconsistently* at Microsoft. Some things we think should be very secure seem to be insanely easy to break – while things, like ASoE, are things we don’t really worry too much about but are locked down tightly.

    It makes it very hard for us to anticipate what’s coming up – and equally hard for us to understand the rationale for the decisions. And that makes us cranky. 🙂

    One last comment: the group that always gets it in the neck on these things are the developers. How exactly do we develop for WinCE 5 if we have a device that doesn’t HAVE a serial port, IR, Bluetooth or USB client capability and only has an Ethernet connection?

  170. Richard Amiss says:

    Ok, so it is now January 2008 and about 1.5 years since ActiveSync 4.5 was released. I am completely confused by

    "I can tell you definitively that the team responsible wants to re-enable desktop ActiveSync over WiFi.  But I have to also tell you that they have a lot of other things they need to do first."

    Maybe I am missing something but:

    1) Where are all of these "other things"?

    2) If the "other things" are completed by now. As shown by the lack of an update in over a year, then where is the ActiveSync over WiFi feature?

  171. mwormwood says:

    "A.S."  sucks even if it’s plugged is with a USB Cable

    How about Giving me the option to Connect to my PC with out "F"ing up my contacts every Time.

    what’s so Dangerous about an option of Don’t Sync When I Connect

    OR let me see my WMD on my Home network

    I’ll move files on my own.

    forget "AS"

  172. Tim says:

    To Richard Amiss:

    The "other things" that have been happening since ASync 4.5 was released include the release of Vista and incorporating and updating the Mobile Device Center incorporated in Vista… So yes, there has been activity on this front, just not in the so-called legacy systems.

    What I think needs to be revised in this article is the statement that Bluetooth is "inherently encrypted".  That’s a big fat lie — or at best a complete misunderstanding of Bluetooth!!

  173. Beau Sinclair says:

    Well I’m not happy at all i think a update should be issued that allows the payer of the Pda/Pda phone to turn this feature on or off I’m sick and tried of Microsoft taken away my options. It’s up too me if i don’t wont data stoleen i think what you have said is load of crap and i do believe it’s just so users do have to use Exchange server i very angry at Microsoft and demand that you release a update or a new version to fix what once again Microsoft think their doing the right thing for the customer Wrong Very angry

  174. Don says:

    So, I’m using WEP and my PC and PPC are behind a firewall.  Where’s the security problem?  I’ll keep using AS 3.7.1 and PPC 2003SE.  Another option would be to buy a Palm.

  175. Sven says:

    so Mike, basicly what you are telling me is that the "all so mighty" microsoft, does not have the manpower or money to get manpower to fix activesync AND still create more things?

    are you telling me that MS only has like 5 persons to work on activesync, release patches for vista, take phonecalls over the whole world and code new versions of office, windows mobile, direct x, etc etc etc?

    get frigging people to work on this NOW. it’s 2008 and this problem exists since 2006 and there are millions of users as you said, who do absolutely NOT care about whatever else you might have on your todo list. they DO however care that you fix their activesync.

    how long since activesync 4.5? still no update. enjoying your porsche much? or your bungaloo in the bahamas?

    some people got windows mobile device exactly for that reason, to sync over wifi… you sold devices thx to that, and then you remove the feature?

    hello! i sell you a nice car, with a nice engine! but oh! after 3 month i’ll remove the engine!

    only MS can pull this kind of crap off. it’s disgusting!

    get AS 4.6 out already with the option off by default but the possibility to turn it on. my wifi encryption will take care of my security problems and if some1 hacks my PDA while i am on an airport, bad luck. at least i’ll be able to work properly the other 364 days of the year.

    let ME care about my security, i don’t need YOU for that.

  176. Rodrigo says:

    Since Microsoft does not give a d*** about its user, are there any alternatives to ActiveSync/WMDC that allow wifi sync?

  177. Andreas says:

    Well, we are in March 2007 now and I am one of those millions of users. The clock is ticking, Mike…

    I think it it should be obvious by now that this issue will never go away, the only thing that will happen is that the mighty MS so shiny reputation is moving deeper into the drain in the eyes of many customers.

    You remove something for "security reasons", but are not able to fix a simple thing like this within a year and half?!

    My only question is this and it is one for marketing: Do MS have the intention to fix this problem? If not, I am so wating to hear why. If yes, how is it possible that it can take more than a year to solve a security related problem?

    It is amazing to see that a multibillion dollar corporation is able to ignore the voice and needs of millions of users for this long. Or maybe it is only a multibillion dollar corporation that can afford to do a thing like this? I can promise you Window Mobile will not be in the next device i buy.

  178. Andreas says:

    Sorry, that is March 2008.. 🙂

  179. Bob says:

    I am absolutely sick of this daddy knows best attitude that Microsoft have to security. I am sick of coming up against security defaults that I don’t want and didn’t order. It is up to the USER to configure the security he wants, no-one asked Microsoft to do it.

    I am the guy that gets to visit sites that have all been security configured according to "best practices" by some firm of chartered accountants turned IT consultants. Six months later everyone has the SA password out of sheer frustration. This overcomplicated security is the biggest security risk I know!

    Please let ME decide whether ActiveSync over WiFi is a security risk. It’s my computer, my PDA and my data.

  180. Don says:

    You said:

    "You can have a fully encrypted WiFi connection to a router so that everything going over the air is protected, and then have it go unencrypted from the router to the desktop PC.  If anyone is capable of listening to that connection, then they’re capable of doing bad things to your desktop PC (if you have Sync over IP enabled)."

    The last time I looked behind my computer desk, no one had hacked into the 6 foot cable between my router and PC.  If that is possible, then the cable going from the hotsync cradle to the PC can also be hacked.  Yea, right.

    I suppose in the next release, network printing and the ability to access shared folders on a PC will be disabled.  Why not just remove WiFi and Bluetooth from it all together as a security risk?  If the PPC is supposed to be a wireless device, wouldn’t you think it should work wirelessly?  Duh!

    I don’t even know where my cradle is.  I’ve synced wirelessly ever since I got the PPC.  I charge it every night from solar batteries using a 12 volt charger cable.

    From the other recent posts, it would seem that for the user, this is top priority.  For MS, this seems to be at the bottom of the list.  Do you wonder why people seem to think MS is not in touch with the users?

  181. Julian says:

    Mike, Why don’t you answer THE question?  Why didn’t you just turn the wifi feature off and give us the choice to use it or not?  You give us a choice to use windows firewall.

  182. Bubba says:

    Nice explanation, but you guys still suck.

    I’m really, really pissed to find out that my shiny new Windows Mobile 6 device has FEWER features than the ancient Axim that it replaced.

  183. MQ. says:

    I’m posting this to voice my frustration about the fact that after all this time and several versions of ActiveSync you still haven’t come up with a reasonable fix or workaround for wifi syncing.

    After all, there is existing code to securely sync to exchange servers. Surely it shouldn’t have to take any company, especially such a large company, TWO YEARS to still not implement some kind of protection in a DESKTOP PRODUCT. It’s not like wifi has stellar ranges, so the average Joe Homeuser, would have to fear a few coworkers and close neighbours. AS Wifi Syncing doesn’t need CIA grade protection, so get your act together and fix the damn thing.. or reimburse me for the extra costs of the wireless radio.

    Had I known this was going to take such a long time – and still no fix – I wouldn’t have shelled out the extra money to get a wireless PDA in the first place!

    Seriously pissed off that you continue to ignore your existing customers while at the same time finding enough resources to produce 5 AS releases, Vista, WM6 and Mobile Device Center, only because these generate NEW income. Well I got news for you: Customer Loyalty & Word Of Mouth Advertising can only be improved by customer CARE, not by ARSING them.

  184. MQ. says:

    In a similar fashion I don’t understand why the backup feature has been removed since AS4.0 ?

    My family and myself used this feature in previous versions, for the first generation pocketpc’s, and you can imagine the disappointment when I found out it’s impossible to backup these days.

    Reliability of alarms is an ongoing issue on the WM5 machines that we own. The HP Jornada was more reliable, and dad still uses that one, even though syncing that one is no longer possible with AS4+

    (forcing him to manually make double entries).

    Even though the new hardware has become more powerful and very impressive, the mircosoft part of the deal has left us in the cold on so many aspects.

    I’ll be looking at the competition next time we’re making a purchase!

    Please feel free to relay my feedback to your superiors.

  185. Jules says:

    Typical Microsoft, always what cannot be done, we’re too busy making Bill Gates a Trillionair to worry about those pesky customers.  Amazing to to see that the pathetic completely non-customer focused approach reaches every employee in Microsoft.

    Remember the first rule is that the customer is always right, oh unless you have a 100% monopoly on the market, then they can all get stuffed.

    Nice attitude.

  186. Jay says:

    Well i just got an imate 9502 running wm6,

    and im another unhappy customer.

    Also where i live there are few wifi networks, i really dont have an issue with the potential security flaw. Which i understand as: the – wifi to ethernet port on the device being open during sync could be exploited. I have enough internal security and backup. But at the end of the day I just doubt that anyone with the knowhow lives around me or would even care enough to exploit any kind of security hole.

    You should warn people about the risks, help however you can but still allow them to use wifi sync.

    My situation is that my laptop is always either setup at work home or university. All of them have wifi networks and i would like my phone to automatically sync when ever i come into range.

    I dont want to have to be sitting at my computer. My devices shouldnt make me stop what im doing to update. They should be truly mobile.

    Dare i say make it work as best you can, then release the source so other people can finish it off.

  187. Miguel says:

    "All of them, however, are a ton of work that needs to get prioritized against all the other things we need to do in ActiveSync."  Seems to me that prioritizing is done by what’s more profitable, instead of what customers want.

  188. olli says:

    the only time I ever use wifi on my mobile device is in my own house directly on the same secured wifi network as my server, or at work on secure wifi tunnelled over a vpn to my home server. how would using activesync over wifi in either of these cases be insecure?

    having to plug in a usb cable to my pc every time i want to update the calendar on it is enough of a chore, but not getting emails pushed to my device in my own house is the worst bit.

    is there really no way to re-enable this?

  189. kyle says:

    Thanks Mike for your efforts. I’ve just stumbled onto this thread randomly and it’s been very interesting to read. I agree with your reasoning.

    I found it kinda of funny though- of all the inconviences in the world it’s kind of sad that we get so so outraged over such a little loss. There are really better things to get upset over.

  190. Eddie says:

    Hey I got an idea. you guys already have encryption in exchange server why don’t you copy it from one windows program to the next one. probably could use cut and paste and make sure you stick it in at the right place. can’t be that hard.

  191. Brett says:

    Come on, seriously?

    Nobody puts ANTHING Microsoft on the open internet unless they absolutely have to – the number of security flaws in ANY Microsoft product is always hidden and numerous.

    Making it off by default = we might have believed you.  Then it becomes a feature that you must implicitly enable and could be an insecure feature.  Windows has so many of these it wouldn’t surprise any of us.

    Removing completely = Something else – Maybe it’s Laziness, maybe a way to sell more of something, who knows.  But it certainly isn’t security.

    You haven’t fooled anyone – all you did is force me to stick to 3.8 so I can keep doing Visual Studio development with Activesync over Ethernet.  That’s all I use this feature for.  I’m just thankful the devices I’m developing for are still PocketPC.

    Boo sir, Boo.

  192. Beau Sinclair says:

    Wow Back again and there are heaps of angry people Mike so get off you butt and releases Activesync with the optional on/off

  193. JPinSL says:

    So I have WinMo 6.1 and set whatever version (can’t see an "about" screen anywhere) of ActiveSync is on the device to schedule a sync ever 5 minutes. I don’t have a data plan, only WiFi. Even with the phone’s  (Samsung i760 PocketPC on Verizon) radio turned off, it will sync with my hosted exchange service.

    Seems to work fine for me. Am I missing something?

  194. Allen Gee AKA Sonofaglitch says:

    I’m sorry but I have to call B.S.

    #1 ActiveSync doesn’t send your information to the "Cloud" (I am not talking syncing to an email server)

    For syncing from my desktop over a PRIVATE NETWORK

    to my handheld, the Internet is not involved.

    Unless ActiveSync is purposely broadcasting my private information to the Interwebs (sic.)

    I have ABSOLUTELY NO FEAR of some freak hacker sitting in a van across the street sniffing my WiFi and SOMEHOW knowing how to spoof my handheld.

    Does anybody else think this scenario is re-friggin-diculous???  Because I DO.

    Besides I would notice a suspicious van parked across the street, especially since that’s where my mailbox is. LOL.

    Now, for CORPORATE ESPIONAGE, yes, it could be a serious threat, but for 99% of us, going about our daily tasks, it is an utter joke of an excuse.

    Correct me if I am wrong.

  195. Lee says:

    what if I’m telling you I can setup a point to point wifi connection (sort like adhoc) that between only two device? that is my pc and handheld? Isn’t that like bluetooth or irda link. And also the link is totally encrypted?

    will that bring wifi sync back?

  196. William says:

    I know this blog is old and this issue is relatively pointless as of late, but I noticed the lack of positive, encouraging comments, and I would like to state that Microsoft has done an excellent job, coding is no easy task and to be at the top of world software/hardware engineering deserves extreme respect. I am happy with my windows mobile 5 device (dell axim x50 mid), I am more then willing to simply PLUG IT INTO my computer to sync it, and I just want to say thank you for putting so much time and effort into such a brilliant and excellent software system.

  197. miki says:

    I cannot believe this is real. Make user check 100 disclaimers but for god’s sake leave the most useful feature in.

    Do I care if somebody sniffs (WPA+PSK, yeah, right!) my contacts, appointments etc.? NO! Stop behaving like it’s a national security concern.

    I have spoken.

  198. Craig says:

    Can you try one more time to explain why a Wifi connection between two machines on an encrypted Wifi network is somehow unsecure?

  199. SaltyDawg says:

    Okay, it’s been like 3 years now. Has there been any progress on fixing the sync over WiFi? It kind of defeats the whole purpose of the device. We buy a MOBILE device, and you require us to tie it down with a cable? And while I’m on the subject- why can’t I sync my Windows Live calendar/favorites/etc in Windows Mobile?

  200. Marcelo/Porks says:

    3 years without this feature… And I also don’t understand why a connection between two machines on an encrypted wifi network is unsecure.

    Windows Mobile Team, YOU ARE RIDICULOUS

  201. Rob says:

    I have a device in my hand… I have a device on my desk. Both on a secure wifi network. But I cant sync over Wifi

    Using MS remote desktop I can take control of my PC from my phone…