(January 14, 2002) - Another crucial aspect of the wireless world came back under the spotlight in Las Vegas: security. Specifically, concerns have been raised this week about Microsoft's latest OS for embedded devices, namely Windows CE.NET.

CE.NET is the mobile version of Microsoft's .NET initiative - the Redmond giant's ambitious vision of software as a Web-based service - and at his Las Vegas keynote, Bill Gates proudly announced CE.NET as the OS behind a new class of devices which Microsoft are calling Mira.

The problem with Mira from a security point of view is that when you detach the portable screen of a Mira device from the body of the device, in order to use it in other parts of the house, wireless connectivity is handled using 802.11b - which regular readers of WBT will already know is widely recognized as having security problems.

Dependence on the 802.11b wireless LAN standard arguably makes CE.NET itself questionable, so the WBT News Desk tracked down respected industry commentator Derek Ferguson to ask him whether this means that Microsoft's attempt to go wireless are doomed.

Ferguson, who is a world-renowned author, speaker and developer, was adamant that to a certain extent those raising the alarm are missing the point. "As FDR said, the only thing we have to fear is fear itself," he explained. "I don't pretend to believe," he continued, "that the outlook for security under .NET is 100% rosy. I do believe however that, as good developers, we should always pattern our thinking along the lines of Dragnet's Joe Friday character: 'Just the facts, ma'am.' "

If supporting 802.11b access makes CE.NET insecure, Ferguson argued, "then surely this should be counted against 802.11b, which is an open standard and not a part of Microsoft's homegrown .NET technologies. Similarly, although Microsoft Passport may have a couple of security issues on its track record, let's not forget that - so far - it's the only service of its kind to have progressed far enough along in its development to have generated much of a track record at all!"

Ferguson also contends that "Redmond's business practices - whatever their moral implications - are nowhere near as unsettling to most developers as are the ever-shortening project turnaround times that .NET promises to help them meet." This, in his view, is the crucial point, and scaremongering doesn't do anyone any good.

As Ferguson puts it: "The bottom line for .NET developers is that vague expressions of fear about unnamed, potential .NET security problems do us all a grave disservice. While it's true that we need to know about valid .NET security issues and their solutions as quickly as possible, baseless fear-mongering like this only makes it harder for us to sell even the most innocuous and useful of .NET technologies to customers and colleagues alike. Worse yet, this greatly increases the likelihood that the valid issues underlying such concerns - in this case, the generally poor security of a popular wireless networking protocol - will go unnoticed - until it is too late."