The folks at Asus once were a very good hardware manufacturer. Their motherboards enjoyed fame among overclockers, power users and OEM’s alike due to their excellent stability, durability and longevity. Unfortunately, this eventually changed with the delivery and success of the eeePC…one could say that the success went to the head of each and every Asus employee/contractor except for Lars Schweden (who recently left to LG).

The company no longer provides press samples in a manageable fashion, and silently reduced the battery capacity of its eeePC devices without informing customers about it. Now, however, neglicgence/hybris have reached a completely new level!

Purchasers of ASUS laptops have found various “goodies” on the recovery CD’s that shipped with their laptops. We aren’t talking about gimmicks here, but rather about:

* A directory called “Crack” that appears to contain serial numbers for other software packages

* A directory containing a large number of confidential Microsoft documents for PC manufacturers, including associated keys and program files

* Various internal Asus documents and source code for Asus software

….
One of the confidential Asus documents includes a PowerPoint presentation that details “major problems” identified by the company, including application compatibility issues.

It IMHO is very difficult to explain how something as stupid as this can happen. Not only does a huge company use cracks (I hope that somebody publishes a list of the affected applications so that their owners can sue), but they actually are too lazy to check the recovery CD’s before shipping them out to customers.

For me, all of this speaks a clear language: keep your fingers off whatever box the folks at ASUS’s may spit out. Even though their stuff may be dirt cheap, it is likely to bite you in the long run…

via PCpro

Recently, I was the beneficiary of a “sweet” deal from Resco. Resco Suite is comprised of many of the company’s apps for PalmOS (See Tam’s review). Since I already owned Resco Explorer 2007, Resco Viewer, and Resco Backup Pro, the suite didn’t really interest me until they decided that users who owned 3 or more Resco products could get a 70% discount on Resco Suite! I was sold so I now own the lot. My first idea was to use IDGuard instead of SplashID to keep all that information protected on my palm.

What about a desktop conduit? I should get this out of the way right at the beginning. SplashID has a desktop conduit and IDGuard doesn’t. I spoke to Jan Slodicka at Resco about what he thought the timetable for getting a desktop component for IDGuard would be. He thought that there could be a conduit in about 6 weeks. In my opinion, this is the major benefit of SplashID over IDGuard. Once IDGuard has a conduit, it will be hands down the best PalmOS Identity protection app out there.  IDGuard NOW has a backup conduit!

Importing records: The first hurdle was getting the data from SplashID into IDGuard. At first I had problems, the import feature in IDGuard choked when importing a vID export file from SplashID – it imported just 29 of over 300 records I had. On the Other hand the import of the SplashID pdb went fine (once I took the password off the SplashID database). Resco was great when it came to troubleshooting this and now the import works perfectly, vID or pdb file. For your own protection IDGuard can’t decrypt the SplashID database, you must know the password and remove it first.

Some benefits of IDGuard over SplashID:

  • Documents: Safe storage, safe processing
  • Audio/image attachments
  • Reminders

You can attach documents to a record. These documents can be in most formats you find on your device – doc/xls/ppt/pdf/images/html/zip/txt/audio/etc. When you attach a file IDGuard asks if you wish to delete the original. In this way you encrypt a file and delete the unencrypted version. You can open the document directly from IDGuard, with 2 caveats – 1) you need a reader for the type of document you are opening (e.g., Documents 2 Go for .doc files) and 2) the reader needs to be in RAM. By default I keep all my D2G applications on my card (you can move applications to the card from within D2G). When I tried to open a .doc file the screen blanked for a second then returned to the login screen of IDGuard. After I moved the application into RAM it opened beautifully. Depending on the application, IDGuard will either make a temporary file that is opened, then deleted when it is finished (as with images viewed with Resco Viewer), or the app will warn you that a file will be made in a certain directory on your card and you will be responsible for deleting it (if you view an image with Media).

I played an audio file (mp3) directly from IDGuard without any problems whatsoever. If you have a mic on your device you can also record your own audio attachments.

Another great feature is the reminders. You can set a reminder on records.

I found when I was recategorizing my records in IDGuard that it had so many fewer choices of icons than SplashID had. This can be somewhat frustrating in that I like to be able to quickly look at records and know what they are from their icon (especially if I’m in the icon view). When I imported my database over to IDGuard all my SplashID entries that had been marked with an icon of a PDA were now marked with a CD icon or a question mark. I prefer distinguishing my software serial number entries between PC software and PDA software. It is categorized that way and should be “iconized” that way. There is a smartphone icon, so I decided that was how I would differentiate. There should be a book icon, in my opinion. I guess I’d just like to see more of a selection.

Overall IDGuard is a superior piece of software. The ability to encrypt so many different kinds of documents/files and view them straight from within IDGuard is a tremendous advantage. Once the desktop component for IDGuard is out I’ll be taking SplashID off my device. Jan as Resco said they will be incorporating the encryption technology used in IDGuard into Explorer 2008 – I can’t wait! I also spoke to Nikolai Filipov at SplashData. Nikolai hadn’t even realized that Resco had released their IDGuard product until I had contacted him. Nikolai said in his email, “… it appears that their application is based on SplashID. SplashID has been the best-selling password manager for Palm OS for over 6 years.” SplashData even provided me with a reviewers guide and a serial number to help with my review. In going through both apps, I became more and more impressed with IDGuard’s abilities. At the same time It is evident that the SplashID interface /GUI has had more time to mature and has slightly more flexibility. Some graphical components are the same on both apps, lending some credence to the assertion by SplashData (for instance, the font selection dialogues are very similar in both apps – note that all skinning in these screen shots was done by SkinUI).

idg font view no datasid font view no data

A nice ability that SplashID has is to be able to change the background colors in the list view. Although this seems minor, it is extremely useful when you change to hires mode. In IDGuard, I can barely discern the background colors, which makes it easier for my eye to accidently slip from one row to the next. In SplashID I changed the color of the colorized rows in hires to a darker color, and that made all the difference in the world.

IDG list view no dataSplashID list view no data

The below screenshot show the SplashID choose color dialog:

SplashID color picker

To wrap it up I’ve made a chart showing the differences and similarities (I’ve highlighted in red the items I believe are the most important differences):

Feature SplashID IDGuard
GUI Customizable in different views – generally more flexible Customizable in different views
Encryption 256-bit Blowfish Industrial standard AES
Desktop Component Yes – Vista compatible Yes (edited)
Document processing No Yes – encryption of all types of documents
Attachments No (except notes) Yes – Attachments can be created also with built-in camera or audio recorder
Reminders No Yes
Customizable record templates and categories Yes Yes
Secure memos No Yes
Special data editors for address/ phone number/ e-mail No Yes
Data Sources (Databases) Yes – Synchronize multiple SplashID databases single data source on palm Yes – Multiple data sources on Palm
Backup/Restore Yes Yes
Export/Import/Send Yes Yes
Password generator Yes Yes
password strength meter Yes Yes
Auto-locking Yes – auto lockout after 10 failed attempts, Time to Auto Lock after exit is configurable at immediately, 1,2,3,4,5,10,15,20,25,30 minutes Yes – wait time gets longer after each failed attempt, Time to Auto Lock after exit is configurable at immediately, 1, 2, 5 minutes
Hint for Password Yes Yes
Web Auto Fill – one click to open a website on the desktop and login automatically Yes Yes
Custom icon support Yes No

For several years, now, security experts have been talking about the threat posed by Palm OS malware and malicious hackers. And, really, it’s all been talk. There have been a few, not-very-successful trojans, and an exploit for Treos that would let someone retrieve a few bits of info even if the Treo was locked. But that’s pretty much it.

Still, the security people have a point. The average Treo-toting businessperson uses their device as a way to carry around the documents,programs, and media that they need to have handy. In other words, the really important stuff that they use a lot resides on their Treo. Of course, that would be a luscious target for crackers if they could get in. But, with no multitasking or services, the Palm OS is probably one of the most secure operating systems developed.

Of course, that’s all going to change when Palm OS 2 comes out.

Okay, before everyone jumps on me yelling “But Linux IS secure!”, let me say:I like Linux. It’s definatley secure. But a basic truth is that the more complex you make a computer system, the more bugs you get. And the more bugs you get, the easier it is to break into a system. And let’s not forget multitasking, the lack of which has been the primary factor protecting the Palm OS from a storm of viruses and other malware.

So, how do you fix that? You focus on making a PDA, not a tiny computer that has 3000 ports wide open. At the same time though, you leave the door open for third party developers to design this sort of thing. In other words, you give your users a choice–the not-that-security-conscious business people can have a PDA, and PDA enthusiasts(who are probably more security conscious) can mod the thing to their heart’s content.

Dialer scams were very popular a few years ago. Cutting a long story short, a dialer is a program that calls special premium-rate numbers without your consent and generates income for the ‘scammer’. These were effectively banned in Austria and Germany a few weeks ago…and the Mafia now strikes back with premium SMS.

A premium SMS is an SMS or MMS that you are charged for by the carrier – and a part of the money goes to the sender. Now, premium SMS scammers send out SMS like the one shown below(translated: have fun, you already wasted 10€):
0 Public service announcement: SMS scam running rampage in Austria

This serves two purposes: first of all, outraged user could potentially call back, causing income for the operator. But the scammer even earns money without you calling back -the carrier charges for delivery.

In my case, the price of the SMS was 3Euros(appox 5 UsD)…a sum that many people will not notice on their bill. Given a few thousand ‘sheep’, the scammer can make a nice living.

Defending yourself against scammers is easy, however:

Check your bills
in Austria, there is an old saying that goes along the lines of: vigilance is the mother of the crate full of china. Checking your bills for weird charges as they arrive will protect you from scams – if someone tries to rip you off, just call your carrier. Every somewhat cooperative carrier will then book the charge back…if he doesn’t, swapping carriers is a very good idea.

Consider a premium rate number lock
If you don’t need premium rate numbers(call proxies,…), why not block them all. Your carrier will offer this service for almost nothing – the peace of mind gained by this could well be worth the tiny fee(T-Mobile does it for free after a scam has occurred).

I am currently pursuing an interview with T-Mobile’s on the matter – stay tuned!

SplashData has recently updated their password manager to version 4.03. The new version of SplashID introduces a number of new features, including:

  • Enhanced Security
  • Web AutoFill (In the Windows version)
  • The ability to synchronize multiple SplashID databases
  • Enhanced Lookup Feature
  • The ability to e-mail securely encrypted SplashID records
  • The ability to add additional standalone desktop users
  • Updated Icon set (with the ability to add custom icon sets)
  • 100% Vista Compatible

So, why, should you use SplashID over, for instance, SmartList To Go? SplashID can not only be used as a Password Manager, but also as a secure way to store other tidbits of information, such as contacts, and small notes that you would like to keep separate from your normal data set. For example, my application registration keys now exist in SplashID, rather than an unencrypted Pilot-DB database:
SplashID 4.03 Reviewed html 550eff42 SplashID 4.03 review  Brand New Ways to Protect Your Data

When you first start up SplashID, you are greeted with this rather foreboding password screen:
SplashID 4.03 Reviewed html 7e35d6dd SplashID 4.03 review  Brand New Ways to Protect Your Data

After 10 tries, you are locked out of the application and your database is erased. This prevents password cracking programs that may rely on a Brute Force Password Cracking Technique (yes, I have seen applications like this in the wild, running directly on the device…)
SplashID 4.03 Reviewed html 4ceaec8 SplashID 4.03 review  Brand New Ways to Protect Your Data

As I said before, SplashID has plenty of uses outside of a password manager; Even from the first instance you start it up, you know that there are plenty:
SplashID 4.03 Reviewed html m1536e2f1 SplashID 4.03 review  Brand New Ways to Protect Your Data

One of the features that I saw very interesting was a view called List View. As implied, List View presents you a tree that you can use to view records by categories, type, etc. Pretty cool, imho:
SplashID 4.03 Reviewed html m4946ea2c SplashID 4.03 review  Brand New Ways to Protect Your Data

So, if you have a bunch of data sitting in an unsecured database, or you have a snoopy relative, or you are just plain paranoid, SplashID is a wonderful application to keep your data safe! This review covers version 4.03 of SplashID, which can be purchased for 29.95$ at the TamsShop, however, previously registered users can snag this wonderful application at 9.95$

© 2013 TamsPalm - the Palm OS / web OS Blog Suffusion theme by Sayontan Sinha