none
Windows CE Embedded 6 OS Patching and Antivirus RRS feed

  • Question

  • Hello,

    We are using a Moxa devices that runs MS Windows CE Embedded 6.0

    We have received a request from a customer regarding automatic updates (OS patching) and antivirus solution for this OS version.

    I have tried to located any whitepapre regarding this online but have not been able to find any good documentation regarding these topics.

    Do anyone have any feedback regarding the possiblities and/or any whitepaper/documentation that describes why such procedures are not needed on an embedded OS ?

    Friday, May 18, 2012 10:09 AM

Answers

    1. Patches - patches must come from the device OEM in the form of a new OS.   So no automatic updates.
    2. Virus - a virus to attack Windows CE would be difficult - not impossible.   Every Windows CE device is different, so no standard to write the virus against.   The virus would need to be built for Windows CE and the CPU that your device runs, and the storage device doesn't have a standard name.

    Bruce Eitman (eMVP)
    Senior Engineer
    Bruce.Eitman AT Eurotech DOT com
    My BLOG http://geekswithblogs.net/bruceeitman

    Eurotech Inc.
    www.Eurotech.com

    • Proposed as answer by Misbah Khan Friday, May 18, 2012 2:22 PM
    • Marked as answer by Frode Jensen Saturday, May 19, 2012 2:12 PM
    Friday, May 18, 2012 12:11 PM
    Moderator
  • For Virus part, although as Bruce mentioned CE tends to be customized device, so it is harder to write a generic code for every platform.
    But still it is possible; some of the API are common across all CE platforms, also once figure it out, the CE system is more vulnerable compare to desktop Windows. Many APIs opened to user mode can still cause a serious damage or can be used to attack to the system.
    For a higher security standard, you may consider to employ trusted platform and only allow trusted application to be executed, for more info please refer to http://msdn.microsoft.com/en-us/library/ee498576(WinEmbedded.60).aspx

    • Marked as answer by Frode Jensen Saturday, May 19, 2012 2:12 PM
    Saturday, May 19, 2012 1:40 AM

All replies

    1. Patches - patches must come from the device OEM in the form of a new OS.   So no automatic updates.
    2. Virus - a virus to attack Windows CE would be difficult - not impossible.   Every Windows CE device is different, so no standard to write the virus against.   The virus would need to be built for Windows CE and the CPU that your device runs, and the storage device doesn't have a standard name.

    Bruce Eitman (eMVP)
    Senior Engineer
    Bruce.Eitman AT Eurotech DOT com
    My BLOG http://geekswithblogs.net/bruceeitman

    Eurotech Inc.
    www.Eurotech.com

    • Proposed as answer by Misbah Khan Friday, May 18, 2012 2:22 PM
    • Marked as answer by Frode Jensen Saturday, May 19, 2012 2:12 PM
    Friday, May 18, 2012 12:11 PM
    Moderator
  • For Virus part, although as Bruce mentioned CE tends to be customized device, so it is harder to write a generic code for every platform.
    But still it is possible; some of the API are common across all CE platforms, also once figure it out, the CE system is more vulnerable compare to desktop Windows. Many APIs opened to user mode can still cause a serious damage or can be used to attack to the system.
    For a higher security standard, you may consider to employ trusted platform and only allow trusted application to be executed, for more info please refer to http://msdn.microsoft.com/en-us/library/ee498576(WinEmbedded.60).aspx

    • Marked as answer by Frode Jensen Saturday, May 19, 2012 2:12 PM
    Saturday, May 19, 2012 1:40 AM