Why you can't sync your Pocket PC over WiFi with ActiveSync 4.x
One of the main complaints people have had about ActiveSync 4.x is that Microsoft took away the ability to synchronize your Windows Mobile device with your computer over WiFi. If you want WiFi syncing, you have to go back to ActiveSync 3.8 or ealier.
Microsoft has long maintained that they removed WiFi sync for security reasons, but that's pretty much all they were willing to say. Users were dubious because you can still sync over WiFi if you're syncing with an Exchange Server.
Well Mike Calligaro has posted a detailed explanation on the Windows Mobile Team Blog. And here's the deal: Microsoft had taken absolutely no steps to protect your data when syncing over WiFi.
Essentially ActiveSync was designed for connecting your PC and your PDA over a serial connection. Later, USB support was added. And eventually when Microsoft saw hardware manufacturers making CompactFlash Ethernet cards they enabled Ethernet connections. And then they added WiFi syncing using the same protocol as Ethernet.
The problem is they didn't account for viruses or security in any way. There's no encryption. When you're connecting two devices via a cable, that's fine. But when you're connecting over WiFi, you're sending all over your personal information out over an unsecured network. And Calligaro says ActiveSync doesn't do a very good job of making sure the correct device is connected. That means if someone observed you syncing your PDA to your computer, they could theoretically trick your PC into thinking it should connect to their device.
So they eliminated WiFi syncing. At some point, it may return, but only after Microsoft builds a layer of encryption into ActiveSync. Encryption is already part of Microsoft Exchange Server, which is why you can still sync to a server over WiFi. Calligaro says there's no telling when The Windows Mobile Team will get around to WiFi sync.