|The Medical Palm Review |
May, 2006 (V7N5) - Up Tight and Outta Sight
I still don't have a good password program on my Treo. Do I really need one?
Lock 'em Up For Their Own Good
If all I needed to do with computers was log onto the Internet and browse from time to time, then Anonym.OS from the folks at kaos.theory security research would be all I need. Or I could use the Stealth Surfer specialized flash drive to ensure discretion. Booting PCs at public places like Internet cafés, using the Anonym.OS operating system on a CD, would keep me both anonymous and secure. But that wouldn't begin to meet my other computing needs or the security and privacy issues that go with them..
I keep a great deal of personal information on my Treo. Sometimes I also have patient data on it, or work-related files attached to my e-mail messages. It would be a Good Thing if that information could be protected from prying eyes.
To accomplish this I have to prevent loss or theft of the PDA itself. I may have to lock sensitive files on the PDA. And I need to secure my office PC (which synchronizes with my Treo). I should also consider how to secure the data on the card in the Treo's memory slot, in case it goes missing. In my more paranoid moments, I wonder about what happens when data flows back and forth wirelessly when I log onto my cellular provider.
Regrettably, security comes with tradeoffs. If my PDA is locked in a bank vault it is extremely safe but completely unavailable and unusable. How much security is enough? How much inconvenience is tolerable? The dilemma is very simple. The solution is not.
Bruce Schneier, a security expert and Treo owner, writes about security issues for mobile devices in in the February fifteen issue of his newsletter Crypto-Gram. The issue of tradeoffs and weighing security versus other goals is a perennial theme in his writing and he does a good job of exploring them in the context of mobile devices in this issue. Crypt-Gram is free to subscribers and is an outstanding (but sometimes lengthy) monthly newsletter. Highly recommended to anyone interested in security issues for computing devices and in the broader world.
Mr. Schneier also recognizes in many of his articles that some simple things enhance security better than the fanciest gizmos. Choosing better passwords, locking your office, not keeping sensitive files around longer than necessary all contribute substantially to securing your data and privacy. If you access hospital records with a wireless device, security is enhanced greatly if patient data is only displayed (not stored) on the PDA.
With all that in mind, what features do I want in security and privacy tools for my Treo? I want balance between a quick password for when I turn on my PDA but something hard to crack in case you try. Selective encryption of important files would be helpful. Protection of data on the external memory card in case it finds its way from my Treo into someone else's PDA. Measures to make theft more difficult.
Let's get down to cases.
I bought a case which will clip as easily to a belt as to a scrub suit waistband. This makes it less likely that I will leave my Treo sitting on a countertop somewhere, to be scooped up by some light-fingered passerby.
I used to like Gridlock, but found it didn't cooperate with some of my Palm OS 5 devices. There has not been a new version since 2004. The nice thing about it is the ability to tap a pattern instead of a password to activate the PDA. I find this faster and more convenient. The freeware version lacks some of the capabilities of the shareware one. If I receive an incoming call I have to key in my pass grid in order to answer the phone.
I also use CryptoPad to encrypt memos on my Treo. It has been updated within the last six months and comes with a handy accessory that can edit files on your Windows PC - easier than typing on the Treo 650 itself. CryptoPad cannot encrypt any files other than memos on my PDA so it has limited scope. But it's perfect for securing a small text file with bank account PIN numbers and other sensitive text data.
So much for freeware. What else can I find that will protect my other data files, my SD memory card and lock out people who attempt to skim my data? What can be done to protect my PDA from outright theft?
- Nomadsuite includes an application that encrypts your personal data, such as passwords. Essentially it provides a modest encrypted database. However it also includes the nifty BackupBuddyVFS which backs up your PDA to an external memory card. This provides protection against data loss in case of theft or power failure, but no data privacy. Reviewed recently at TreoCentral.
- PDA Defense (recently renamed Surewave Mobile Defense) has excellent features. Unfortunately it does not support memory card encryption on Sony NZ and Treo 650 PDAs. These are my two main devices so that's not good for me. But you may be very pleased with its data encryption, data wiping (if password entry is incorrect) and other capabilities. This program also comes in an enterprise version which supports Pocket PC PDAs and RIM Blackberries.
- mSafe, TealLock and Warden were all reviewed comprehensively in April this year on myTreo.net. The good news about these three is that they are all compatible with my Treo 650. TealLock has a corporate version which can enforce password features and remotely unlock PDAs. mSafe and Warden can send a special SMS (Short Message Service) message to erase defective or stolen files. All three provide log-in security features, data encryption and much more.
- Mobilock can lock your PDA and can accept SMS messages for remote control of security features but password entry is not disguised. That means that an onlooker might be able to read your password as you enter it. Not good.
- Butler is a suite of utilities for your PDA. It has only one security feature: remote locking by SMS, and no other security capabilities.
I haven't decided which of these programs is "best" -- I am still tinkering. But I like the range of choices.
Just for a change of pace, here is a web-based service that will help you use your PDA to protect some other assets. Alarm.com has a service that lets you monitor your home alarm through their website using a WiFi enabled phone or PDA. You can even control the lights.
Clearly, many software vendors are thinking about security issues. You should too.
Medical "Doc" of the Month
Archimedes is an almost free medical calculator from Skyscape. It has lots of built-in formulas, integrates well with other Skyscape products and is quite straightforward to use. I say almost free because, although there is no charge for use, the installation program loads Skyscape's update manager (called, for some reason, smART) without your permission and demands your e-mail address too. The result is that Skyscape ends up intruding into each and every HotSync you perform unless you change the default settings. The download from their site gives you no warning of this nor an instruction manual so it is difficult to modify this default setup until after the fact.
This sort of installation process creates two kinds of data security hazards. The first is that, through conflict with another program or programming glitch, somehow the installation will mess up your PDA. The second risk is that you may inadvertently get into trouble when removing the program (e.g.. to make room for some other software on your PDA). Fortunately, they have changed the software so that it is easier to remove from your PC than the last time I reviewed their products. Skyscape has a library of over two hundred titles for Palm devices. If you use several of them you may find the update manager more helpful than not.
The new version of PEPID ED includes an enhanced pediatrics module, a collection of images and even an eye chart. It also has lots of calculators. It is much more expensive than Archimedes (which is free). PEPID also installs an update manager which has given me a few headaches over the years. But PEPID, like Skyscape, has made steady progress at reducing the annoyances inherent in that setup.
Bottom line: both of these programs are worth having despite my concerns about their update managers.
Many medical organizations provide handheld computing resources on their websites. Here are just a a few:
The availability of these documents for mobile physicians is a definite plus. But what's with all the proliferating software viewers? It might be better to visit the parent website to view the guideline as a web document. You could then capture it and convert it to a Palm document using a web browser or a document converter like AvantGo, iSiloX or Plucker. Ironically, the ACP PDA services site offers instructions on web clipping alongside information about their proprietary reader software.
Nuts and Bolts
It's the little things that make life better.
MotionApps offers a range of very useful utilities for the Treo. If you already have most of the data security tools you need on your Treo but want the ability to lock it remotely by sending an SMS message, then mSafe is worth a look. Another is mVoice, which turns your Treo into a voice note taker.
Text entry on the Treo is hampered by the tiny thumb keyboard. Anything more than a few sentences becomes tedious. I already own two folding keyboards which I bought for older model Palm handhelds. Neither of them work with newer PDAs. One plugs into the Palm HotSync socket, and this changes in shape and features every year. The other uses infrared but has no compatible driver for my Treo. Both cost me almost C$100 at time of purchase. Both can be bought for as little as C$15 now because the PDAs they support are no longer actively sold.
New folding keyboards which connect wirelessly by infrared are available from PalmOne, ThinkOutside and Targus. They have driver software which is compatible with my Treo 650. Bluetooth models are made by ThinkOutside, Proporta, or Brando, among others. Bluetooth devices, like infrared ones, should theoretically be compatible with later model PDAs but I wouldn't bet on it.
A less expensive alternative is TapSmart's KeyLink software. For a third of the price of a typical external keyboard you can use your PC's keyboard to enter text into your PDA while it is in its HotSync cradle. Obviously this isn't a mobile solution but it is perfect for data entry with Palm applications that lack a desktop PC interface.
I don't want to pay premium prices this year for a keyboard I will use mostly at conferences and business trips (not frequent in my line of work). The alternative is to keep using one of my old keyboards with my aged Handera 330 as a pint-sized word processor for road trips. It's worked up until now. By next year there are sure to be less expensive keyboards available for the Treo....
Hack of the Month
Naturally, my Treo crashed while HotSyncing. After that it was unstable. Could not get Doc2Go to view spreadsheets. After all else failed I had to try resetting the beast. Turns out that it isn't so easy on a Treo because of nonvolatile memory. Even removing the battery doesn't help. The solution: not a soft reset, or a warm reset or even a hard reset. No, this requires a Zero Out reset. Fortunately the necessary instructions are available from the PalmOne website. Too bad the same instructions never found their way into the owner's manual that came in the box with the Treo itself. Similar info on resets is also available from myTreo.net.
It goes without saying (but I will say it anyway) that it helped to have backups on the PC and SD card of the Treo. That way I only lost one or two days of stuff. Could have been much worse.
In Times to Come
One of the reasons this issue is late getting onto the web is that I was tied up at disaster-preparedness courses for the past two weeks. Among other things, we looked at a variety of portable communications and computing technologies to assist emergency providers.
Next month I will describe some of the ideas and hardware that we tried out.
Also in the next issue, the aftermath of my Treo crash. I tracked down the problem to my project manager. Getting rid of it was easy. But what do I replace it with?
Until then, enjoy!
This is one of a continuing series of newsletters about Palm handheld computers, prepared for doctors, nurses, IT professionals, educators and other people who need tools that work. The Review is published monthly on our web site. Subscription is free; the principal benefit is receiving e-mail notification of new issues.
To subscribe, comment or complain, please contact us at the following address:
Visit the web site of the Medical Palm Review for the latest issue and the archive of back issues.