PDAs are so portable as to make them susceptible to loss or theft - in a business environment the net result of this can range from inconvenience and embarrassment, right on up to serious problems with the regulatory authorities. Which is where SafeGuard PDA enters the frame. Like similar offerings from F-Secure and Pointsec, the software is designed to make a Pocket PC-based PDA as secure as electronically possible.
Two versions of the software are currently available: personal and enterprise. We tested the latter, which operates as two editions (administrator and client), and required a lot of configuration and referrals to the PDF documentation files on the installation CD-ROM - a task definitely not for the novice or faint-hearted.
Aside from the configuration process, installing the software, as with almost all Pocket PC packages, was a simple two-stage process: first the software has to be installed on the host desktop or notebook, and then, using an ActiveSync or compatible distribution system, relayed to the PDA itself. (You'll need to make sure you have version 3.6 or later of ActiveSync.)
The host software runs on all desktop versions of Windows from Windows 95 upwards. Once installed on the PDA, SafeGuard operates in three broad ways. Firstly it secures the PDA itself using a variety of password/authentication options. Secondly it allows the encryption or decryption of any form of data on the PDA or through most data storage media, including flash cards. Thirdly, it integrates with the Pocket PC version of Outlook Express, a 'lite' email client called PocketMail, allowing self-decrypting (on a Windows-based system) mail attachments to be created.The encryption system on the package is AES 128-bit, with the option of using X.509 authentication technology if required.
The mention of authentication brings us rather neatly back to the first protection system, the securing of the PDA. The PDA security system operates in one of three ways: alphanumeric passwords, symbols or biometrically-enabled signatures. The symbols option, with a matrix of four by three symbols in place of alphanumeric input, depends on the use of the Pocket PC touchscreen/stylus system for data entry. The use of symbols instead of an alphanumeric password system may sound a bit odd, but the sequence of 'heart-house-football-apple' is more memorable than something like A5L9.
Most users will want to use a four or six-digit password/symbol entry system, but the actual length is down to the installer's choice. The signature biometric system of securing the PDA seems to be the most secure, since it is very difficult for a fraudster or unauthorized person using the PDA to forge the legitimate user's signature. In the event that someone unauthorized makes multiple attempts to gain access to the PDA, then the software will lock down the machine and require a reset, either by the system administrator or a central help desk operation. In the case of Pocket PC devices with GSM/cellular functionality, the software will also prevent a change of SIM card on the device, if required.
We tested the software on a standard Compaq iPaq PDA and O2's XDA variant of the Pocket PC, which is notable for its quirky settings. The software installed and worked well on both machines. The number of valid attempts on an alpha/symbol PIN or biometric signature before lockdown can be set when the software is installed or by the system administrator - this prevents any clever actions by a thief who steals the PDA while it is active. The other features of the software are thanks to the fact that Utimaco has included Pocket PC versions of its PrivateDisk and PrivateCrypto desktop applications in SafeGuard PDA.
PrivateDisk, as the name suggests, is an encryption system that creates a 'virtual disk' on the PDA. Data moved to and from the virtual disk is encrypted or decrypted on-the-fly using the 128-bit AES algorithm. PrivateCrypto extends this concept to the email environment, meaning that attachments to messages are encrypted before they are sent, and are self-decrypting on any Windows platform, meaning that the recipient of the message does not to have download or install any new software on their machine. These two package's functions are integrated seamlessly within SafeGuard PDA.
Most operations take a little over a second or so, in line with the SAVE or LOAD functions within most Pocket PC applications. We suspect this speed limitation is less due to the program code of SafeGuard PDA and more to do with the way that the Pocket PC pages the memory on the PDA.
Because the Pocket PC platform has been around for several years, there are several freeware and shareware applications that compete with SafeGuard PDA personal edition although very few support the AES algorithm. We think this software wins out.
This comment is bound to raise the hackles of the shareware supporters out there, but we conclude this is a well-rounded commercial package at a very reasonable price. We also noted that SafeGuard PDA can prevent unauthorized PDAs synchronizing with unauthorized PCs such as home computers, an important consideration for security-conscious administrators.