Over the last several months you’ve probably come across Google’s +1 quite a few times. You may have even clicked it, only to wonder what exactly you’d just accomplished. Because, at least from the user’s perspective, there hasn’t been any reward from clicking on it. You’d push the button for the treat, only to leave empty-handed. That hasn’t stopped the +1 button from getting huge distribution — it’s now on 1 million sites and appears in 4 billion impressions every day, but that growth has had more to do with the fact that it’s Google than it does with the button being useful.

The +1 button has always had a subtle purpose, of course: Google says that it impacts search results, so pages you +1 may show up in your friends’ queries more prominently than they would otherwise. But who knows how often that happens. And while these +1 clicks also get saved in your Google+ profile, they’re not anywhere your friends are going to see them.

Today, that’s changing: Google has just announced that the +1 button will let you share to your Circles on Google+, directly from whatever page you’re browsing. Which means that you have a reason to keep clicking on them.

The feature appears to look pretty straightforward, and lot like Facebook’s ‘Send’ button, which lets you send content to a specific group of Facebook friends.

When you click on the +1 button and elect to share it with your Google+ Circles, you’ll notice that the shared story is pre-populated with both an image and some text from the page (again, Facebook’s sharing features work much the same way). Google is also letting publishers designate exactly which text they’d like to include with these ‘+Snippets’.

This is a big, if obvious, step forward for Google’s +1 button, as it gives users a much bigger incentive to click on them.

Here come the Google+ games. Google has announced a big move toward mainstream adoption today, integrating Web-based games within the brand new social network. “We want to make playing games online just as fun, and just as meaningful, as playing in real life,” the announcement says. Titles include Angry Birds, Bejeweled Blitz, Zynga Poker and Sudoku. Google has launched a new Google Plus Platform Blog to help encourage more.

Google seems a bit concerned about the distraction factor, though, and it wants to make sure these games don’t get in the way of your +1ing, sharing and other important Google Plus business. “Games in Google Plus are there when you want them and gone when you don’t,” the announcement says. “If you’re not interested in games, it’s easy to ignore them.”

In every respect, from letting in members to developing mobile apps, the Google Plus project has been careful in its progress. A hasty implementation of games, or one that would cause a backlash, would be a major setback, and this announcement is worded to soothe that concern. But games have been expected since the launch of Google Plus (or earlier) and despite the company’s refusal to comment, multiple hints have been found in code and help documents.

As was reported last year, Google has quietly invested as much as $200 million in social game developer Zynga, maker of such illustrious titles as Farmville and Mafia Wars. Zynga’s business, while huge, has been almost entirely dependent on Facebook so far. As GigaOm’s Ryan Kim points out, Google Plus won’t have top Zynga titles like Cityville and Farmville because they’re exclusive to Facebook, but $200 million is sure to land Plus some fresh new titles of its own.

Games are an important feature for a social network that wants to compete with Facebook for users’ attention, not to mention its gaming business. “There is terrific potential for games on Google Plus,” Billy Pidgeon, a game analyst at M2 Research, told VentureBeat games specialist Dean Takahashi in a report on developer anticipation of games on Google Plus two weeks ago. “Opening up gaming on other social networks gives other publishers more opportunity to compete outside the Zynga-Facebook matrix, and can also help Zynga escape dependence on Facebook.” Takahashi wrote that he spoke to a number of game developers who were confident that Games on Plus would launch soon and that it “would change the game industry” when it does.

The battle for game developer attention is likely to be heated. Tricia Duryee reported late last month at All Things D that multiple sources told her Google would try to undercut Facebook by charging developers a lower fee for things like in-app sales.

Blog publishing platform WordPress announced this afternoon that its users can now automatically cross-post links to their new blog posts to a Facebook page. Previously, the feature only allowed publishing onto a Facebook account’s Wall. Pages are where organizations are supposed to communicate with a large number of interested parties.

WordPress.com’s Scott Berkun said that this was one of the features most requested by users. The new feature is fast and easy – but is it something that publishers ought to use? Experience and study of the results of this kind of automation don’t always make it look so good.

This spring, for example, The New York Times dumped its bot that automatically tweeted out links to all its articles in favor of labor-intensive human curation and publishing.

Last week the new ReadWriteWeb.com Community Manager Robyn Tippins posted the results of a study she did comparing how their articles performed on Facebook when they were posted manually vs. when they were posted automatically. The results very clearly favored one approach over the other.

Put simply: when ReadWriteWeb posted each story both automatically and manually, they found that manually-posted links saw twice as much traffic and more than twice as much engagement in the form of sharing and links.

Tippins concluded thusly:

“Manual posting is a chore. What takes the app seconds to post may take me 10 minutes. And, because I am not continually at the computer, some of our content isn’t posted immediately after posting. There are definitely cons to manual posting, but the increase in engagement and page views back to our site is worth the additional labor.”

Some readers said in comments that Facebook ought to help publishers publish automatically at times when they will see the most engagement. Something like what startup SocialFlow does.

In fact, Facebook’s algorithm punishes publishers whose content gets little engagement by making future updates from that publisher less prominent in a user’s experience. Ought Facebook instead help publishers publish better? Perhaps the answer is self-evident: publishers seeking maximum engagement and traffic from their Facebook Pages need to post to those pages manually and make an investment of time and energy in cultivating community there.

Had a chance to try out Google+ yet? For many, the currently invite-only service has been a haven of calm away from the chaos of Facebook and the short-form conversation of Twitter, and a contributing factor in that has been a lack of social games and associated “Be My Neighbor! Send Me Gifts! Please Love Me!” spam on the service.

According to Google’s own help document, though, pictured below, the addition of gaming to the service might not be that far away. But early adopters of Google+ hoping to escape the Hand of Zynga shouldn’t despair just yet, and here’s why.

Google+ Games Confirmed!

For those who haven’t yet made use of Google+, the key concept of the service is the use of “Circles.” These allow you to organize your friends, acquaintances and favorite celebrities into separate “streams” so that not only can you customize what you’re reading at any one time, but you can also share your own content selectively. This helps get around the age-old problem of suddenly realizing that your boss can see those pictures of that disgusting thing you did to that girl on Saturday.

When the addition of games to Google+ was first rumored, many questions were raised about how people would be able to avoid the game notifications if they weren’t interested. Would users have to manually add gamers to their own separate Circle? Would there be a means of filtering specific content out? No-one knew.

However, Google, it seems, has paid attention to users’ concerns and have decided to constrict game updates to their own separate stream.

That sounds like a good solution for everyone involved. Those who enjoy a game of CityVille (you know who you are) can play and send all their begging notifications to their friends while the rest of the community can remain blissfully unaware if they so please.

More Mac scareware is continuing to pop up which seems almost daily, with the cybercrooks following the same sort of strategy which has worked so well on Windows: regularly change the look and feel of the fake anti-virus software; use legitimate-sounding brand names (or steal genuine product names); stick to a price-point between $50 and $100; keep the fear factor high; but keep the core programming very similar so development costs are negligible.

Scareware, or fake anti-virus, is fake security software which pretends to find dangerous security threats – such as viruses – on your computer. The initial scan is free, but if you want to clean up the fraudulently-reported “threats”, you need to pay.

Once you’ve paid, the scareware stops lying to you about the non-existent threats, as though it really did clean them up. This means that many victims of this sort of fraud don’t even realise they’ve been duped. Until next time.

These latest OS X scareware variants come from the MacDefender group, though they identify themselves during startup as Mac Shield:

Mac Shield loading screen.

Once activated, the software pretends to look through your files, pretends to find malware, and invites you to clean up:

Mac Shield Virus Scan

But the cleanup isn’t free – you’re required to register:

Mac Shield registration screen.

Registration means payment. The minimum you can get away with is $59.95. But for just $40 more, you can get a lifetime software licence and lifetime support – which would be a good deal, were it not for the fact that the software is completely fraudulent, that the “lifetime” of the software ends tomorrow when the crooks move on to the next bogus brand name, and that there’s nothing to support, since there was no malware in the first place.

You even get a 30-day money back guarantee. Good luck claiming it.

Here are some top anti-scareware tips for Apple users:

* If you use Safari, turn OFF the open “safe” files after downloadingoption. This stops files such as the ZIP-based installers favoured by scareware authors from running automatically if you accidentally click their links.

* Don’t rely on Apple’s built-in XProtect malware detector. It’s better than nothing, but it only detects viruses using basic techniques, and under a limited set of conditions. For example, malware on a USB key would go unnoticed, as would malware already on your Mac. And it only updates once in 24 hours, which probably isn’t enough any more.

* Install genuine anti-virus software. Ironically, the Apple App Store is a bad place to look – any anti-virus sold via the App Store is required by Apple’s rules to exclude the kernel-based filtering component (known as a real-time or on-access scanner) needed for reliable virus prevention.

* Religiously refuse any anti-malware software which offers a free scan but forces you to pay for cleanup. Reputable brands don’t do this – an anti-virus evaluation should let you try out detection and disinfection before you buy.

If you would like to try a great free version of a REAL anti-virus software package for free, Sophos has a great free product you can try out here.

Twitter has just announced some photo news, as rumors circulating over the Memorial Day holiday weekend hinted it would. The big reveal isn’t exactly a new photo-sharing or photo-storage service – Twitter will not be hosting the photos you Tweet now. But that doesn’t mean that today’s announcement is irrelevant or unimportant.

Today’s announcement actually has two part: one dealing with search and one dealing with photos. It also involves two new partners for the company: Firefox and Photobucket.

Twitter says that it’s rolling out an updated version of its search today, one that will not just give you “more relevant tweets” and that will show related photos and videos on the results page so you needn’t leave the site to view them.

Twitter is partnering with Firefox in these improved search efforts – at least as part of today’s announcement. With a new version of the browser, users will be able to type a hashtage or a @username into the Awesome Bar and go directly to the search results page. There’s also an add-on that will give this same functionality. This makes Twitter search function much like any other address-bar-based search engine. (Well, except that it bypasses both Google and Chrome, of course.)

Twitter also announced that it has partnered with the photo-sharing and storage company Photobucket, which will be responsible for hosting these tweeted photos. In coming weeks, Twitter says, users will be able to upload a photo and attach it to a Tweet directly from the Twitter.com website. This will also be available via Twitter’s mobile apps, and the company is exploring ways to Tweet photos via SMS.

Just as the new photo-sharing service will be unveiled over the coming weeks to users, it appears as though developers will also have to wait for more information about the new “‘Tweet-with-photo’ API.” But as there are a number of companies who’ve staked their claim on providing just this sort of service – namely Twitpic and YFrog – the future of Twitter photo-sharing still appears cloudy.

This morning, Facebook launched a new feature called “login approvals,” which offers users the ability to further secure access to their Facebook account through the introduction of a second step to the login process. Once opted-in to this security feature, users enter in their email address and password as usual, but will then receive a second code sent to them on their mobile phone. This short, numeric code must also be entered before being able to access Facebook from that computer.

While an extra step may not be to everyone’s liking, for those looking for additional ways to secure access to their account, this feature will be welcomed.

This type of security feature is known as “two-factor authentication,” a term which refers to the two separate steps taken to ensure a user is who they say they are. A username (in this case, the email address registered with Facebook) and a password can easily become compromised, as anyone who’s had their Facebook account hacked can tell you. What’s less likely, however, is for anyone else to gain physical access to your mobile phone.

By requiring that this second code is sent to a device you have in your possession, you can easily keep unwanted third-parties from getting into your Facebook account.

To turn on login approvals, you’ll first need to confirm what computer you’ll be using, by entering in a security code sent via text message to your phone. Once you enter the code, you’ll be asked to save the device to your account, so you don’t see the message again when using that same computer.

After this initial setup is complete, if you ever login from an unrecognized device, you’ll be asked to enter in another security code sent to your phone.  You will also be notified of this change upon the following login to Facebook, and asked to verify the attempted account access.

If it wasn’t you who had attempted to sign in from the other device, you’ll be able to change your Facebook password to re-secure the account immediately. However, you can be assured that the person who attempted to hack into your account would not have been able to access it, as they did not have the code sent to your mobile phone at the time.

And if you ever lose your phone, you can return to any previously authorized device to log back into Facebook.

To enable this feature, go to the “Account Security” section of the Account settings page on Facebook, and look for the new “Login Approvals” option. You can access your Account settings by clicking on the “Account” link at the top-right of the Facebook homepage.

Google is opening up its Google Map Maker to U.S. users as of today, allowing anyone to submit updates, revisions and additional information to the company’s online mapping service. The tool was originally designed for users in other countries without access to the mapping resources we have stateside. Says Google, prior to the launch of Map Maker, only 15% of the world’s population had detailed access to online maps of their neighborhoods, but now, citizen cartographers in 183 countries and regions have created maps of the places they live. Today, 30% of users people worldwide have access to online maps, thanks to Map Maker.

Given the extensive mapping services available here in the U.S., why would Google open up this tool here? Google is crowdsourcing corrections and additions, the company says, by allowing its users to add more detail about the places they know best. But there may be more to it than that.

Google Map Maker

With the Map Maker, Google says you can fix the name of local businesses or add improved descriptions. You can also add more information about an area, like details on bike lanes or the names of buildings on college campuses, for example. To prevent any high jinx from occurring, Google notes that it will review the user-created submissions before they go live.

While on the surface, the launch of Map Maker in the U.S. appears to just be another useful feature to differentiate Google’s mapping service from its competitors, there may be some additional motives behind this launch.

One motive may have to do with the expansion of Google Places, the search company’s Yelp-like business locator service. In April, Google merged its socially-infused local business recommendation service called Hotpot into Google Places, the larger business database which provides reviews and venue information. Now Google is crowdsourcing edits to that same database via this U.S. launch of Google Map Maker.

Building a Better Location Database, Thanks to You

One of the primary assets of companies involved in providing location-based services is their database of venues. On this front, Facebook is a tough Google competitor, with its own database of locations called Facebook Places. In September 2010, a company spokesperson said the goal for Facebook Places was to be the “central platform for location data” across the Web. And in February 2011, Facebook made some under-the-hood changes to the way it houses venues listed on its site, a move that enables the network to have an accurate, universally standardized database of locations.

Location-based checkin service Foursquare also has its own venue database, and, like Google will now as well, uses crowdsourcing to help keep that database accurate. In theory, select superuserson Foursquare’s service are enlisted to clean up duplicate venues and make sure each pushpin is accurately placed. The job of crowdsourcing this cleanup is not going well in some areas with nearly every major venue having at least 2 or 3 clones, if not more. This may or may not be an across-the-board complaint, but it does highlight the challenges of creating a location database where users themselves are permitted to enter venues of their own, with no direct company oversight.

It should also be noted that another Google competitor, Microsoft’s Bing, has also gone the crowdsourcing route to some extent, partnering with Open Street Map (OSM) back in August 2010, to make it available as an additional layer on top of Bing Maps. The company has donated aerial imagery back to the Open Street Maps community too, and, in November, hired OSM founder Steve Coast to come work at Bing Maps.

To put it simply, today’s announcement from Google has a deeper impact to the company’s overall strategic initiatives than simply a case of “oh look, new tools!” Clean, accurate, robust, detailed and up-to-date maps and databases of locations will be key to growing any business that leverages location data in the future, which today includes a number of mobile services, and their online counterparts.

Spammers are now using Facebook Events to trick users into completing online surveys, taking part in online contests and perform other tasks which allow spammers to generate commissions. In some cases, users are also tricked into giving up their mobile phone number, which is then automatically signed up for expensive premium services.

According to multiple security firms, spammers using Facebook Events to promote their links have been highly successful in their efforts to dupe unsuspecting users thus far. According to a report from TrendMicro,”tens of thousands” of users had mistakenly registered for one spammer’s event. Meanwhile, Sophos found an example where over 10 million Facebook users had been targeted, and over 165,000 had accepted.

TrendMicro’s fraud analyst Paul Pajares says that spammers have turned to Facebook Events instead of posting their links to users’ walls where they can “easily get lost in the News Feed.” These bogus events often have tantalizing, link-bait titles like “How to Find Out Who’s Viewing Your Profile” or “Who Blocked You From His Friend List?”

Example of fake event.

For the record, Facebook doesn’t allow you to track profile views or blocks, either through its own user interface and feature set or via third-party Facebook applications. Facebook even explains in its own online Help documentation that “blocking someone is completely confidential,” and that no one will ever be notified that they’ve been blocked. It also does not permit third-party applications to track this information, either.

In addition, any application that claims it can show you who’s been viewing your profile should be reported, Facebook says in a separate FAQ (frequently asked question) available here.

However, the Event spam is new enough that Facebook has not yet updated its Help documentation to refer to both applications and events. The pages only mentions apps.

That said, any links promoting such activities should be avoided at all costs, no matter the source.

How these scams work:

Once on an Event’s page, users visiting the “More Info” section  are provided with instructions on how to find out the answer to the question the event promotes (e.g. who blocked you, who’s viewing your profile, etc.) The final step, of course, is clicking the spammer’s link.

This link is obfuscated using a URL-shortener like bit.ly, which takes a longer link and compresses it into a shorter one that redirects to the site in question. Bit.ly and other services like it grew in popularity thanks to Twitter, which limits the number of characters in its status update field to 140 characters. For Twitter users sharing news and other links with each other, these services are invaluable. However, for spammers, the shorteners can hide what would otherwise be questionable domain names and URLs from potential scam victims.

As a best practice, you should avoid any event invitations of a similar nature, even if you see a friend promoting them on their own Facebook Wall. The tricky, bogus events being used by these cyber criminals also automatically reshare the Event’s link to victims’ own Facebook pages. If you see something like this, you may want to inform your friend that they were a victim of a spammer.

Google has begun notifying users of its email system, Gmail, that “better ads” are on the way. Being sure to note that “ads in Gmail are fully automated” and that “no humans read your messages,” the company announced that it will be using a process similar to that of Priority Inbox to bring users fewer, but more relevant, advertisements.

Can the company pull off more precise advertising without creeping out its user base? Ads, of course, are no new thing to the email provider, but users may not be too keen on receiving more personalized advertising. The company clearly states in its privacy policy that it is careful about the advertising it shows.

“To ensure a quality user experience for all Gmail users, we avoid showing ads reflecting sensitive or inappropriate content by only showing ads that have been classified as ‘Family-Safe,’” reads the policy. “We also avoid targeting ads to messages about catastrophic events or tragedies.”

Google says that it plans on better targeting advertising not only to provide a better experience, but to show “fewer irrelevant ads” and provide “offers and coupons for your local area.” How? With the same technology it uses to categorize emails in your Priority Inbox.

With features like Priority Inbox, we’ve been working hard to help sort through the ‘bacn‘ in your messages — the unimportant messages that get in your way. Soon we’re going to try a similar approach to ads: using some of the same signals that help predict which messages are likely to be important to you, Gmail will better predict which ads may be useful to you. For example, if you’ve recently received a lot of messages about photography or cameras, a deal from a local camera store might be interesting. On the other hand if you’ve reported these messages as spam, you probably don’t want to see that deal.

Google told TechCrunch’s Jason Kincaid, who first noticed the feature, that it would be notifying users over coming days  about the feature but that personalized ads won’t go live for about a month. Users who don’t want any other eyes – computer or not – to be pouring over their emails will have to ability to opt out.

Will you keep the advertising machine running or will you opt out? (And did you know that you already could opt out of Gmail ads?)

This is the biggest news about Google Voice since the company behind it, previously called Grand Central, was acquired by Google in 2007. They’ve integrated with Sprint. What that means is you are one of Sprint’s 50 million U.S. customers, your Sprint phone number is now also a Google Voice number. And If you’re already a Google Voice subscriber, you can use that number on your Sprint phone without the need for any software. Details are at google.com/voice/sprint.

Here’s how it works. If you are currently a Sprint customer, you can opt in to make that Sprint phone number your Google Voice phone number. This isn’t number porting, Sprint retains control of your number. They simply tell Google when you make or receive calls, and forward that call to other phones if you’ve chosen those options. Google also takes over the voicemail for the phone, and long distance calls are completed by Google at Google’s very low international rates.

In other words, if you have a Sprint phone you can choose to make that a Google Voice phone as well. And get all the benefits of Google Voice, like having it ring to any phone you control, initiating and receiving calls from Gmail, hilarious voicemail transcriptions, etc.

And the partnership is two way as well. If you already have a Google Voice phone number, you can have your Sprint mobile phone make outbound calls using that number as well. Previously you had to use a Google Voice app, or initiate phone calls through a mobile web browser, to make that happen.

This kind of integration is far more useful to users, and far less painful to set up, than number porting, which Google launched earlier this year.

And if that’s not enough, Google is also announcing today the availability of its first 4G and CDMA version of the Nexus S Android phone, available with Sprint.

This is a meaningful partnership. Not just for Sprint users, who can now have the benefits of Google Voice and use their phone number anywhere they want. The carriers have rarely done much that makes sense for their users. The fact that Sprint is willing to give up control of the phone number for those who want to use Google Voice shows that there is actual competition breaking out in the U.S. mobile world, and a willingness to try bold new things to differentiate products. I’ve had my issues with Sprint in the past, but this is a brilliant move by them.

For more information, check out the post on the Official Google blog.

Google has long touted the speed of Chrome, most recently tying the Year of the Rabbit in to its announcement of a Chrome beta. Today, the stable version of the browser is being released.

Google says the speed boost correspondents to a 66% improvement in JavaScript performance in benchmark tests.

But speed isn’t just the “pure brawn” under the hood, says Google, and the new interface in this most recent version of Chrome is meant to help the user move more quickly as well, particularly when it comes to changing settings. The settings interface now takes up its own tab in the browser, and there’s a new search box so you can quickly find what you’re looking to manage.

Chrome speed benchmarks

The new Chrome also lets you synchronize your passwords across the various computers you use. You can encrypt these for additional security. To enable this feature, visit the “Personal Stuff” section in Chrome’s settings.

Google has also extended Chrome’s sandboxing to the browser’s integrated Flash Player, which will help protect you against malicious webpages.

You can download the latest version here, or if you’re already using Chrome, you’ll be automatically updated soon. Also be sure to check out these two YouTube videos that describe both the new settings menu as well as what exactly “sandboxing” is.

Microsoft has launched another salvo in its campaign to hammer the final nail into the coffin of an outdated, insecure product: Internet Explorer 6.

The problem with Internet Explorer 6 is that Microsoft no longer supports it, and the creaky old web browser simply doesn’t provide anything approaching a sufficient level of defence as severely critical vulnerabilities have been left unpatched.

A new website,  www.ie6countdown.com, attempts to convince users of the reasons why they should upgrade to a more secure version of the web-browsing software, and provides information for organisations on how they can best migrate.

What I found particularly interesting, however, was a graphic of the world showing the percentage of browser marketshare Internet Explorer 6 has in each country.

India, Saudi Arabia, Taiwan and Vietnam are all doing a poor job of choosing a hardened web browser, with IE6 responsible for ten percent or more of the browser usage in those countries.

But the worst country by miles is China, where – according to Microsoft – Internet Explorer 6 accounts for over a third of the browser usage. Hmm, I wonder how much of that is related to pirated copies of the software that users have chosen not to replace with legitimate later versions?

Anyway, this is a good campaign by Microsoft – and although it is clearly designed to switch people to Internet Explorer 9, anything which encourages computer users to throw its ageing predecessor IE6 in the garbage bin has to be applauded.

It’s not often that we encourage you to stop using one of our products, but for #IE6, we’ll make an exception: http://bit.ly/g0wt4m

March 4, 2011 2:24 pm via webReplyRetweetFavorite

@Microsoft

Microsoft

Lets make Microsoft’s day – help them kill off Internet Explorer 6.

For years, ads pimping malware disguised as legitimate antivirus programs have gone to great lengths to mimic the look and feel of Microsoft’s Internet Explorer browser and Windows operating system. Now Mozilla Firefox, Google Chrome, and Apple Safari are getting the same treatment.

A security researcher from Zscaler has recently uncovered a campaign that’s tailored to the browser that the intended victim is using. Those with IE will see the same tired graphic depicting a Windows 7 security alert, but look what happens when the visitor is using Firefox.

Fake Warning in Firefox

Not only does the image contain internal Firefox elements in the source code, it also spoofs the security warning the browser shows when users attempt to navigate to an address known to be malicious, said Julien Sobrier, a senior security researcher at Zscaler.

When the intended mark visits the page with Chrome, the ruse looks altogether different. The first screen shows a warning window bearing the browser’s distinctive logo and the words “Chrome Security has found critical process activity on your system and will perform fast scan of system files.”

Fake Google Chrome warning

The user then sees what purports to be a Chrome window showing a virus scan.

Fake scan in Google Chrome

Not to be left out, Safari is also spoofed, although with significantly less effort. The initial warning looks like this:

Fake Safari warning

But the scan page defaults to the look and feel of IE.

The ads are an attempt to trick visitors into believing they have infections that can be cured by the software being offered in the ad. By customizing the screens to the browser, it stands to reason, malware mongers stand a better chance of succeeding.

“I’ve seen malicious pages tailored in the past, but they were mostly fake Flash updates or fake codec upgrades for Internet Explorer and Firefox,” Sobrier said. “I’ve never seen targeted fake AV pages for so many different browsers.”

Some of the sites that redirect to the scam include columbia.faircitynews.com, www.troop391.org, jmvcorp.com. When successful, the redirected page pushes the file InstallInternetDefender_xxx.exe, where “xxx” is a number that changes frequently. At time of writing, it was detected as malicious by just 9.5 percent of the major (legitimate) AV packages, according to a VirusTotal scan.

No doubt, many readers are savvy enough to spot scams like this, but what about poor Aunt Mildred, who has being told by a well-meaning relative to never, ever use the heavily targeted IE? Makes you realize why fake AV can be such a huge revenue generator.

Sobrier, who blogged about his findings here, first spotted the customized ads on Monday.

Despite the abundance of cooking websites, finding a good recipe can be quite challenging. It isn’t simply a matter of finding highly-rated recipes or recipes with pictures. How do you wade through all the available recipes and find the one that matches dish you want to make, the cooking and prep time you have available, and the ingredients you have in stock?

To assist with that, Google has added a new feature to its search engine: Recipe View. The new view lets you narrow your search results to display only recipes. You can click on Recipes in the sidebar to view just recipe results. The new view also gives you a number of filters to help find the right recipe. You can clearly see the ratings, the pictures, and the ingredients. The latter is great as it lets you filter your recipe search so that, for example, you only pull up shepherd’s pie recipes that contain lamb (not beef, folks. Please, not beef).

Recipes Search Results

The Recipe View also lets you try more open-ended searches, so you can pull up recipes based on a specific ingredient.

Google says the new Recipe View is based on data from rich snippets markup. If you’re a recipe publisher, you can add the markup to your Web pages so that your content can appear with this improved presentation.

Google didn’t indicate if it has plans to expand this sort of markup into other search efforts, but it’s a good reason – at the very least for recipe publishers – to mark up your websites.

Given how much data we’re trusting to online sites these days — email, search history, even voice calls — the repercussions to having our account passwords phished, hacked, or guessed are worse than ever. Unfortunately as far as consumers are concerned, account security has been stagnant for years: nearly every service requires a username and password, and that’s it.

But today, Google is making things much, much better for those who want it and will be rolling this out over the next few days, so you may not see it quite yet.

The feature is called two-factor authentication, and it’s been available to Google Apps customers since September. Now it’s rolling out to everyone. It’s a bit confusing and the set-up process will probably intimidate a lot of people, but it’s well worth looking into if you value your account data. You can activate it by hitting the ‘two-step verification’ link on this page.  So what exactly does it do?

2-Step Verification

In short, it makes it so that when you go to login to your Google account, you need to enter both your existing password and a special new second passcode — one that you don’t have to write down or memorize because it’s always changing, so it’s nearly impossible to phish. You generate this second password by firing up a new mobile app available for Android, iPhone, and BlackBerry called ‘Google Authenticator’, or by having Google call or send you a text message to a phone number you entered when you set up the feature. That password will expire in just a few minutes though, so be quick (and yes, you will feel like a secret agent the first few times you use it).

It’s not as stressful as it sounds, because you can elect to only require this second password once per computer (this still keeps phishers from being able to access your account). There are a few more quirks to it — in order to save passwords in applications like iCal, Mail, and most other desktop apps, you’ll have to generate a unique app-specific password. But again, you can save this so you only have to do it once per app.

There are also a few backup measures in place should you lose access to your mobile phone. You can designate a second, backup phone number to send the passcode to, and you’re also strongly encouraged to print out a set of ‘one-time’ passwords to keep in a safe place. This is only for the secondary password — you’ll still have to keep that ‘normal’ Google password memorized.

To be clear, two-factor authentication isn’t a new idea. It’s been used by large businesses for years. But giving consumers access to this same protection is a big win, and I’m hoping other services will follow suit in the near future.

Google Authenticator

USB Flash Drive

Here’s some good news for anyone who has been struck by auto-running malware from a USB stick in the past. Microsoft has rolled-out an “important, non-security update” through Windows Update, changing the behaviour of Autorun when you plug a USB stick into your computer.

Not sure what Autorun is? It’s the technology which causes a program to start automatically when you insert a CD or USB stick into your Windows PC. You may have spotted the Autorun.inf files in the root directory of your USB sticks and on CDs in the past.

It may sound like a neat idea, but a lot of malware (The Conficker worm would be perhaps the most infamous example) has exploited the technology to infect computers via USB sticks in the past.

The more recent versions of Windows, like Windows Vista and Windows 7, have made changes to the way that Autorun operates and this has helped fight the spread of Autorun malware. But older versions of Windows, such as Windows XP, were still often at risk.

In fact, in a blog post published yesterday, Microsoft’s Holly Stewart presented statistics which suggested that “Windows XP users were nearly 10 times as likely to get infected by [Autorun malware] in comparison to Windows 7.”

XP vs. 7 using Autorun.

Yesterday, Microsoft rolled out an update via its Windows Update infrastructure, to users running versions prior to Windows 7, which effectively prevents Autorun malware from automatically infecting computers without the user’s permission.

Note, however, that this isn’t the death of Autorun entirely. As Microsoft’s Adam Shostack explains on the MSRC blog, Autorun is still available for “shiny media” such as CDs and DVDs.

Hmm. I guess that will be welcome news for any misguided company which tries to emulate Sony’s disastrous scheme from 2005 where music CDs automatically installed a rootkit as part of their DRM copy protection.

All in all, though, Microsoft has done a good thing here. Autorun was never a necessary technology in my point of view, and its exploitation by malware made it a dangerous liability. Locking it in a windowless room, handing it a service revolver and appealing to its sense of decency is probably the best move that can we make.

As of yesterday, businesses and individuals can opt out of recieving paper-based phone books in the mail using a new Website called the National Yellow Pages Consumer Choice & Opt Out Site.

Last month, ReadWriteWeb wrote about a study showing that nearly 70% of adults in the United States “rarely or never” use the phone book, and instead opt to use the Web-based search tools, which are infinitely more convenient and efficient. That research was conducted on behalf on WhitePages.com, who operates BanthePhoneBook.org, a site advocating opt-in-only delivery of phone books.

The new opt-out site was created by Yellow Pages Association, the trade organization that represents the publishers of phone books in the United States, signaling an acknowledgement that printing and distributing paper phone books to every household is no longer a sustainable practice.

To opt out of recieving the phone book on your door, head to www.yellowpagesoptout.com and register for the site. The registration process requires you to enter your address and phone number, but a note on the page promises that this information won’t be used for any purpose other than the opt out.

Once registered, you’ll recieve an email with your auto-generated password, which you can then use to log into the site. From there, you can select which phone books you would like to recieve (wishful thinking on their part?) or click the grey “Opt Out of All” button in the lower left and then click “Save Changes.”

After opting out, you’ll get a confirmation email listing which phones you’ll be recieving moving forward, if any.

Google Latitude

Google has finally hopped onto the check-in bandwagon, but with extra twists that make it more appealing than many of the other options. The company announced Tuesday that it had updated its location-based social media service, Google Latitude, to support check-ins at local businesses. Although Google is a little late to the party, the new feature may have been implemented so that it could tie in with Google’s soon-to-be-introduced local discount service.

Users of Google Latitude could previously share their locations with friends and family—it was one of the first major services to let users do this in such a user-friendly and visually pleasing way. Now, however, users can also check in at various locations, such as the coffee shop down the street or the art museum on the other side of town. This allows them to post photos and comments about what they’re doing and lets their friends see exactly where they are instead of just an abstract location on a map.

Numerous other companies—Facebook, FourSquare, Gowalla, BrightKite, etc.—also allow users to check in and share photos of the businesses they are patronizing, and people have already flocked to one (or more) of those services. Google is stepping up to the challenge, though, by making it painfully easy to check in through Latitude.

One of the main problems with check-in services is that they usually rely on the user to remember to check in whenever he or she enters a place—Google is addressing this by either letting users’ phones automatically check in for them, or sending notifications to users to remind them to check in when the app detects that they have arrived somewhere. Latitude also checks users back out of a place once their GPS locations show that they have left, and Google has even added a FourSquare-style “status” game for extra appeal.

Why would you want to check in somewhere? Google has built in its reviews system (called “Places”) so that you can read what others have said about the business in question or see if your friends are there. Additionally, it’s likely that Google will tie in the new check-ins with Google Offers, its Groupon-like local discount service. Offers has yet to be formally announced by the company, but Google did acknowledge last month that it was “communicating with small businesses to enlist their support and participation in a test of a prepaid offers/vouchers program.”

Facebook’s check-in service, also called Places, already lets businesses give discounts to users when they check in, so the idea isn’t entirely novel. Still, Facebook implements it differently than Google probably would—the combo of Groupon-style “deal of the day” with location-based check-ins would at least differentiate Latitude from its competition.

Many people have been pleased to hear that Facebook is now allowing users to choose full SSL/HTTPS encryption throughout their session to prevent their accounts from being compromised through unencrypted WiFi using tools like Firesheep.

After the announcement though, lots of people are confused and requested we provide better instructions on how to choose this more secure option. I was able to find a brief (only 1.5 minutes!) YouTube video on how to enable this feature.

As of the time of this article (January 28, 2011) only a fraction of all Facebook accounts have been enabled to use this option. I expect it to be available to all Facebook users in a short amount of time.

The myth that HTTPS sessions consume a large quantity of resource needs to be quashed. While encryption may seem to be a heavy duty task, modern algorithms are designed to create the maximum security for a minimum impact.

If you are a web master or IT administrator who is responsible for providing services to your customers, please look into securing your pages and following Facebook’s lead. If they can provide an extra layer of protection for more than 500 million users, surely you can provide the same protections to your users.

For Facebook users, in addition to selecting the new HTTPS option, take a look at this guide on how to secure your profile. I hope this can help some of the people out there, as of lately, there have been a lot of bad things going around on Facebook.