Microsoft's Pocket PC operating system for handheld computers has major security issues that will block its widespread adoption by business, according to research firm Gartner Group. Accusing the software firm of not taking enterprise security seriously, it said 'some of the most basic security features required by an enterprise are noticeably lacking in the Pocket PC'. The research report highlighted seven issues Gartner said should be addressed by Microsoft, whose software runs on the majority of the world's desktops and has been making its way on to handhelds. Pocket PC has yet to dominate the handheld space, but is gaining in popularity on devices by Hewlett-Packard, Toshiba, Acer and Legend. The system is also used on next generation smart phones such as the O2 xda. Users in Asia include Coca-Cola bottler Swire Pacific, which employs Pocket PC devices to record orders, and Taiwanese convenience store chain Hi-Life, which uses them for inventory control. Security issues in Pocket PC need to be fixed before more companies adopt the platform, according to Gartner. The research firm criticises Microsoft for not making password-protection a default option on the Pocket PC OS. Stronger versions of file encryption were either unavailable or inaccessible by the general user and system configurations could not be locked by administrators, making the devices vulnerable to tampering, the report said. Gartner analyst Dion Wiggins, based in Hong Kong and one of report's authors, admitted some of the security issues also affect makers of the Palm and Symbian operating systems, two of Pocket PC's major competitors. 'What differentiates Microsoft from other platforms is Microsoft is the only company that's made a sweeping commitment to 'trustworthy computing'.' Trustworthy computing is the name of a campaign declared by Microsoft chairman Bill Gates earlier this year. The campaign included a temporary halt to new software development and special training for programmers on security issues. Mr Wiggins said his discussions with Microsoft had revealed the company did not intend to include Pocket PC in this campaign and that many security issues would not be addressed until the next major release of the OS, expected in 18 to 24 months. With both Palm and Pocket PC, data can easily be downloaded from unattended desktops by changing the device name and performing a synchronisation via a cradle, which many people leave permanently connected. No password was required to do this, Mr Wiggins said. Moreover, with Pocket PC, 'I can do a connection and erase the connection and you would be none the wiser'. A recent white paper on Pocket PC security issued by Microsoft listed a number of third-party vendors that address some of the security gaps identified by Gartner. These include file encryption, locking application configurations, managing passwords, securing data and virus protection. The fact that Microsoft was not putting more of these security options into the core of the Pocket PC OS showed the company was not serious about protecting its enterprise customers, Mr Wiggins said. Commenting on the report, Microsoft product marketing manager Eleanor Teng defended the reliance on third-party software vendors. 'The PC industry has been built with the same platform model that the Pocket PC is using. Third-party applications continue to be critical for creating complete end-to-end enterprise solutions with both PCs and Pocket PCs,' she said. Many personal digital assistants (PDA) are bought by individuals and used to download calendars and e-mail from office desktops, without official support from corporate IT departments. Viruses or unauthorised users can enter a firm's internal system if the devices are used to access internal networks. Such network access is still rare, but may become more common as businesses look at using wirelessly connected devices to improve efficiency and allow workers to access networks from outside the office. For now, the biggest danger is that a lost or hacked PDA means calendars and e-mail can be seen by anyone. 'Even e-mail is considered private by many people, and I agree,' Mr Wiggins said. Ms Teng said some of Gartner's conclusions are erroneous. 'Gartner mistakenly blames the Pocket PC for potential security breaches that are in reality related to insecure usage of desktop PCs.' According to International Data Corp, just over one million handheld computers were sold in Asia in the first half, a 19 per cent drop from last year. However, shipments of the Pocket PC-based iPaq from HP rose 6 per cent to 111,600.