There are different ways to access the Colibri or Apalis modules running WinCE. Some of them could be a potential risk depending on your application. There are some points you may like to think about.
One of the most common way to access a module is over the USB Client port. By default the serial class function driver is loaded which allows the connection with ActiveSync. You can also choose other drivers like USB Mass Storage or RNDIS.
To prevent the device communicating on this interface you can either disable the USB Function Driver or disable this USB Port at all.
By default the AutoRun and AutoCopy functions are activated.
To restrict or deactivate either function, check out how to disable the launcher.
There are several network services running on WinCE. There is NO default password. If there is no initial password set, most services can not be used. An initial password can be set on the remote admin interface if you have not disabled this feature. Once you set a admin password FTP, Telnet and SMB server can be accessed with the credentials. For more information see Webinterface.
Our standard WinCE images host an SMB, Telnet, FTP, Proxy and Webserver. If you don't need these services, we recommend to disable them. You can prevent the system from loading these services by rename the service DLL in the registry.
|Webserver||[HKEY_LOCAL_MACHINE\Services\HTTPD]||This also disables the remote admin web interface|
If you want to enable / disable the services during run-time, you can use the command line tool services on the WinCE device. You can also get an overview of the running services by typing services list. Type services help to get more information. For more information also check the Networking documentation on MSDN.
A lot of settings are saved in the registry. If somebody clears the registry the system loads the default Registry in the image. This could have an effect on your security settings, users could get access to the explorer shell and file system. The registry can be cleared in the bootloader or the system itself. To prevent this, disable bootloader access and the Autorun feature.
If your applications crashes users may get access to the explorer shell. To prevent this, disable the explorer.
By default you can access the Bootloader over serial port1 when you sending a "space" while booting. You can change or deactivate the Bootloader Interface in the Bootloader configuration block settings. For example you can change the characters required to enter the bootloader.
With the Update Tool, you can save part of the flash disk and program it to another module. So it is possible to only change on part of the flash memory.
With JTAG it is possible to override any SW in the Flash and program a new Bootloader, Configblock, image or Registry. Prevent end users from accessing the JTAG interface.
With NVFlash you can reflash or backup the whole image or parts of it. To prevent this, prevent users to get into the recovery mode or prevent access to USB Client Port.
So far there have been no serious viruses for Windows CE. A reason is that most of the Windows CE systems are very different. However, there is already some virus protection software available from third party companies.