Apple claims Macs to be more secure than Windows PCs. In the light of recent malware attacks on the Mac platform, there are several articles on the Web questioning this claim. What is your take on this matter?

A:

Macs aren’t invulnerable to malicious software. No computer is. But the people who produce viruses and spyware have traditionally focused on Windows—and still do, primarily. There have indeed been a couple of recent instances of malware that spread among some Macs in the real world. But bear in mind that, despite the steady growth in Mac sales, Windows still powers the vast majority of the world’s PCs, and, because of that, there are hundreds of thousands of malicious programs targeting it, versus just a handful of known ones for the Mac.

So, my take on this is that while Mac users must be careful where they surf, and Apple will have to step up its game against these attacks, an unprotected Macintosh is still, in daily use, far less likely to become infected than an unprotected Windows PC. How users handle this depends on their habits and their tolerance, both for risk, and for the downsides of constantly running security software, which can sap resources and be annoying. I advise all Windows users to run such software. But I see it as optional for Mac users, at least today. Time will tell if that changes.

Q:

Do you know of any apps that work well with dictation on older iPhones?

A:

One that I have used successfully is Dragon Dictation from Nuance. The same company makes an Android app called FlexT9, which I haven’t tested, that includes dictation, among other features. Both apps work on a wide variety of models.

Q:

I love my BlackBerry for the ease of emailing and maintaining my schedule but not for accessing the Internet. I am a T-Mobile customer. Is there any device that has the good features of the BlackBerry and also easily and comprehensively accesses the Internet?

A:

T-Mobile offers a wide range of Android phones that include very good Web browsers and typically have two email apps: one for Gmail and one for all your other email accounts. They also have calendar apps.

Overall, I prefer these smartphones to current BlackBerrys and find the email experience fine. But people who are used to the BlackBerry for email—especially corporate email—sometimes complain that email on other devices isn’t as fast. This is partly because BlackBerry email is routed through a proprietary system. I’d advise asking friends or colleagues with newer T-Mobile Android phones about their email experience.

Write to Walt at mossberg.@wsj.com.

Gamemaker Rovio and antivirus firms are cautioning of malware-laden software disguising itself as the latest installment of the popular game series.

“As you get ready to pop pigs in zero gravity, watch out for fake versions of Angry Birds Space, and make sure to download safe by getting the official game from Rovio,” the Angry Birds maker warned on its Web site Thursday.

Sophos warned that a program purporting to be the Android version of the game actually installs malware and could render infected phones vulnerable to control by hackers. The malware-laden titles showed up on various alternative Android app marketplaces, not the official Google Play store.

“The Trojan horse, which Sophos detects as Andr/KongFu-L, appears to be a fully-functional version of the popular smartphone game, but uses the GingerBreak exploit to gain root access to the device, and install malicious code,” Sophos senior technology consultant Graham Cluley said in a blog post. “The Trojan communicates with a remote website in an attempt to download and install further malware onto the compromised Android smartphone.”

The space version of Angry Birds has soared to the top of the charts since being made available last month for Android, iOS, Mac and PC. Rovio said 10 million copies were downloaded in the first three days after it was made available on March 22.

By my scorecard, the article amounts to the first public comment Apple has made on the subject, period. And it’s very interesting indeed, especially in light of all the flak the company had been taking over what appeared, to some eyes, to have been an inadequate response.

First and foremost, Apple says, it is working on software to detect and remove the malware from an infected machine. Secondly, the company says it is working with Internet service providers around the world to disable the servers that are being used as the “command and control” network that’s basically telling compromised machines what to do.

Apparently it’s this effort that has caused trouble for the security outfit Dr. Web, which originally discovered the vulnerability in the first place: In working on shutting down the C&C servers, Apple apparently got servers that Dr. Web had used to track the spread of the outbreak shut down as well, according to this report on Forbes.com.

The vulnerability that allowed the malware to get through in the first place wasn’t in Apple’s Mac OS X itself, but in Oracle’s Java. Apple agrees with me at least with regard to machines running older versions of Mac OS: Disable it.

Anyway, here’s Apple’s article, in its entirety:

About Flashback malware
Summary

A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.

Products Affected

Java, Mac OS X 10.6, OS X Lion

A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs.

Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6. By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates.

Apple is developing software that will detect and remove the Flashback malware.

In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network.

Additional Information

For Macs running Mac OS X v10.5 or earlier, you can better protect yourself from this malware by disabling Java in your web browser(s) preferences.

That remains the reality, even after a bunch of media reports on how a vulnerability in Java has led to the creation of a Mac botnet about 600,000 strong.

Today I’ve been getting calls from people who say something roughly in line with the following: “I thought you said Macs didn’t get viruses? What about this?”

No, I explain, I never said Macs will never get viruses or other Malware. But historically its record versus other platforms compares favorably. As is the case with investment instruments, past results are no guarantee of future performance, and let’s face it, there’s no such thing as a perfectly secured computing platform.

But let’s look closely at the facts around the Flashback Trojan causing all this consternation, and clear up what it is versus what it is not, and put the results of the incident in perspective.

Yes it’s true that some 600,000 Macs are confirmed to have been infected. The claim, first made by Dr. Web, an outfit I had never heard of, has since been corroborated by Kaspersky Labs, whose research and analysis capabilities are well-respected. More than half of the compromised machines are in the U.S., 95,000 in Canada, 47,000 in the U.K., and 41,000 in Australia.

The trojan targets a vulnerability in software that is not even an Apple product: Java. You’ll recall that Java is add-on software created by Sun Microsystems and now the property of the software giant Oracle. Rather common, it is no longer shipped as a default add-on to Apple’s Mac OS X beginning in 2011, when Apple first shipped Lion.

Through this hole in Java, certain Web sites are serving up malicious Java applets. Once inserted on the machine, the software then prompts the user to enter the password they use to run the machine. It attempts to trick the user by appearing as an update to Adobe’s Flash video and animation software.

If the user doesn’t fall for the trick, it tries something else. Here again it checks to see if there are any Microsoft Office applications on the machine, or Skype. If there are, it deletes itself.

Then it does something interesting. It scans the contents of the Mac’s hard drive to determine if certain applications are present, and if they are, it deletes itself. Among those applications are security tools such as Little Snitch, a networking security tool, or Packet Peeper, another security tool. It also deletes itself if it sees the user has installed XCode Mac developers tools, and any kind of anti-virus software.

Presuming it finds none of them, it proceeds to contact a command-and-control server for the purpose of downloading and installing more malware. That malware is being used to commandeer the Macs and generate Web traffic to boost revenue for some pay-per-click ads on Web sites, making money for someone who’s behind the scheme. Nothing surprising there.

Apple has issued a fix to Mac OS X that closes the hole in Java, and you can protect yourself by running Software Update from within your machine’s System Preferences. Today would be a good day to do that if you haven’t already. Once you’ve done this you’re no longer vulnerable to the attack.

If you’re among the 600,000 already compromised you can turn to third parties to help you remove it. F-Secure has some instructions here for determining if your machine is affected. If you’re comfortable running some commands in the Mac’s terminal program, there are also some good instructions here at ArsTechnica.

So what does all this say about the state of security on the Mac? Nothing that wasn’t true already. No system is perfectly secure, and this, along with MacDefender, amounts to exactly the second security incident worth mentioning to hit the Mac in about a year. The number of machines affected is less than 1 percent of the 63 million Macs currently in use around the world.

The conventional wisdom has often held that Macs are targeted by malware less often than Windows machines because of their relatively small market share. This still has some merit, but the fact is that Windows is also where the vulnerabilities are. Historically, Mac OS X has been substantially less vulnerable to this sort of thing than Windows.

Does that let Apple off the hook entirely? No, though to its credit, Apple had a fix ready within a week of learning of this vulnerability. That’s not exactly a pokey response, especially when the problem lies not directly within Apple’s software, but in Oracle’s.

Here’s a thought: Turn off Java in your Web browsers. You probably won’t miss it. Here’s some instructions for that.

The Mobile Threat Tracker app consolidates the most recent two weeks’ worth of Lookout’s security data into a kind of mobile heat map. The user sees dots flying around the globe as a real-time visualization of where threats are happening.

When users scroll over the globe, a timeline appears, showing how much of the threat is malware and how much is spyware; the top three threats are listed along with plain-English descriptions, and why Lookout has identified them as malicious.

Kevin Mahaffey, Lookout’s co-founder and CTO, said the app isn’t necessarily about offering immediate solutions, but more about making people aware of when they might be particularly vulnerable on mobile. “People shouldn’t have to be security experts to stay safe. We want to remind them to download apps from reputable app stores, to not go to shady download sites; to look at the developer name behind an app, and make sure it’s legitimate.”

The Mobile Threat Tracker is only available on devices running an Android OS to start, and Mahaffey says it’s unclear whether there will be a version for iOS devices. “Right now, it makes less sense, because there isn’t any real malware on the iPhone,” Mahaffey said, “though at some point there might be a need for it.”

Lookout Mobile Security launched in 2007, and now claims more than 15 million users worldwide. The company says it takes an educational approach to informing people about products for malware and spyware, rather than using fear-mongering in its marketing; it offers most of its apps for free, with additional features available at a premium.

While threats on mobile devices still aren’t as high-scale as malware and spyware on PCs, Lookout’s internal research shows that the amount of malware on mobile has increased.

Lookout said the likelihood of an Android user encountering malware increased from 1 percent to 4 percent over the course of 2011. The company has identified more than a thousand instances of infected applications, double the number it saw in July 2011.

The Lookout report notes that Web-based threats like phishing can carry over easily from PCs, making the likelihood of clicking on a bad link higher than that of acquiring malware through mobile apps. The global yearly likelihood of an Android user clicking on an unsafe link is 36 percent — up 6 percent from just six months ago — while in the U.S., the likelihood is higher than the global average, at 40 percent.

(Photo courtesy of TheTechBlock/Flickr)

1971: Creeper

The first known virus-like program was written by an employee of a Cambridge, Mass., company that built part of Arpanet, the predecessor to the Internet. The program was a lab test to see whether it was possible to create a self-replicating bit of software.

1982: Elk Cloner

A junior-high student came up with the first self-propagating program released outside the lab. The program spread via floppy disks on old Apple II computers — displaying a short poem on infected machines.

Read the rest of this post on the original site »

Lookout’s analysis of data collected from more than 700,000 apps and 10 million devices worldwide reveals a significant increase in mobile malware since January, and while some of it was geared toward devices running Apple’s iOS, much was intended for Android. There were 80 Android apps infected with malware in January. By June, there were 400.

“Currently, malware and spyware have primarily targeted Android devices, though there are commercial spyware applications available for jailbroken iOS devices,” Lookout explains in its report. “According to our data, in June of 2011 Android users were two and a half times more likely to encounter malware than just six months ago.”

The reasons for this are well known. iOS apps are curated by Apple via a manual review process that hews closely to some very strict security guidelines. Apps in Google’s Android Market do not undergo the same rigorous review process. And while that might allow Android developers to update their apps more quickly, it also makes it easier for miscreants to distribute malware, or to update or repackage legitimate apps with malicious successors. Earlier this year, for example, a piece of malware dubbed DroidDreamLight infiltrated some 34 apps in the Android Market.

But if iPhone users are largely unaffected by malware, they’re not entirely immune to it — particularly if they’ve jailbroken their devices to run apps not sanctioned by Apple. Lookout charted a troubling spike in Web-based threats in the first half of 2011. These are cross-platform and thus of concern to Android and iOS users alike.

“In the past year, iOS has seen multiple web-based exploits in the wild that allow an attacker to run code as root if a user simply visits a web page,” Lookout said in its report. “These exploits first take advantage of a browser vulnerability to run code as the browser process, then take advantage of a local privilege escalation vulnerability to run code as root. Thankfully, we haven’t seen evidence of these exploits being used maliciously: they were primarily used to allow users to jailbreak their devices.”

Writing on Google’s blog, Damian Menscher, a security engineer, said the company discovered “unusual search traffic while performing routine maintenance on one of our data centers.” After collaborating with security engineers at several companies that were sending the data traffic, he said, Google concluded that the computers associated with the traffic were previously infected with a particular strain of malware.

A Google spokesman said the company believes more than a million computers were affected by the malware strain. The malware appears to have been downloaded by people who were fooled by online scams that offered them anti-virus protection but were really malware in disguise.

Read the rest of this post on the original site »

The company’s 16th report still sees attacks in which specific industries or even individuals, are targeted as one of the main threats, but highlights the developing vulnerabilities that social media and mobile devices open up.

The report identified more than 286 million unique variants of malware, which together were responsible for 3.1 billion attacks on computer users in 2010. The number of attacks delivered via the internet almost doubled, Symantec reported a 93 percent increase in the volume of Web-based attacks in 2010 over the volume observed in 2009. Shortened URLs appear to be playing a role here too. During a three-month observation period in 2010, 65 percent of the malicious URLs observed on social networks were shortened URLs.

Read the rest of this post on the original site

That’s the essence of a new report from researchers at George Mason University.

George Mason professor Angelos Stavrou and some colleagues used an Android smartphone to launch a covert attack, but Stavrou said that any smartphone could be vulnerable when synchronizing to a computer or even just plugged into a charger. Once a cable is compromised, Stavrou said, it can attempt to act as an input device. Like a mouse or keyboard, it can then send signals to take control of a connected computer or phone.

The attack vector is especially pernicious because users aren’t even thinking they might be vulnerable.

“The typical user inherently trusts the connection when hooking up devices using a USB cable because they think they know what it is supposed to do, and they own the two connecting devices,” says Stavrou in a blog post. “Attacks through USB cables haven’t been seen before, so there are no defenses in place to prevent or even detect them.”

They’ve been working on this particular scam for many months. Jeff Horne, director of threat research for anti-virus vendor Webroot, says an email account he set up to attract and study these types of email has received over one million phony tax-related messages since November.

These cyber-crooks also begin publishing malicious sites early in the tax season, with pages that allow people to download IRS forms for filing. “They automatically deliver the malware without you even realizing it,” said Horne. Whether delivered via email or a visit to a malicious site, the viruses lurk on your hard drive looking for keywords related to tax filing, such as social security numbers, street addresses, employer names and income, and then sends it back to the cyber-crooks.

Read the rest of this post on the original site

The so-called “Droid Dream” attacks took place earlier this week, prompting Google to quickly remove some 58 infected applications from its Android storefront. On Saturday, the company said it was taking several further steps to mitigate the damage.

The biggest action it is taking is to remotely remove the malicious applications from any devices that did manage to download the programs. It’s an option that Google has maintained, but has also reserved for only egregious cases such as these kinds of attacks. It is also pushing a security update to those devices to prevent attackers from gaining any further information from the infected devices.

“This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications,” Android Security Lead Rich Cannings said in a blog posting. “We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices.”

The latest action marks only the second time that Google has used its power to remotely remove applications from a user’s device. The first time it did so was last June, when a proof-of-concept malicious app made it to the Android Market.

Google said it will also e-mail those who are affected and the devices will post a notice saying that “Android Market Security Tool March 2011″ has been installed and such users may also see a notification that applications have been removed from their device. Droid Dream worked by attaching malicious code to a number of seemingly useful applications.

Although the infected apps collected some information to identify the device and which versions of the Android software it was running, Google does not believe that any other information, such as personal user data, was compromised. The exploit used vulnerabilities that Google had closed in the most recent releases of Android, including Gingerbread. Only devices running versions of Android prior to version 2.2.2 could be affected, Google said.

The attack, which cropped up Tuesday evening, was attached to multiple applications posted to both the Google-run store and various third-party app markets.

Although Google managed to expunge the 50 or so affected apps within minutes of learning of their presence in the store, the fact they made it that far indicates the game is changing. In the latest attack, the malicious code was attached to legitimate applications, but also was collecting identifying data from the phone and sending that information to a remote server.

Experts have warned for a while now that as smartphones gain traction, there will be an increasing number of attacks. Anti-virus firm Symantec says that threats have been increasing significantly in recent months after being quite rare, often limited to more proof-of-concept type exploits.

Not only are today’s smartphones the equivalent of a desktop computer, each one has a connection to not only personal information and the Internet, but also to a carrier billing system–putting would-be attackers one step closer to where the money is.

“For first time in history, a malicious attacker can send a packet of data and money goes flying,” said John Hering, CEO of phone security software maker Lookout Mobile Security. “Think about that.”

Already there have been attacks that cause an infected phone to send a premium text message, generating instant revenue for the attackers. Those attacks, against both Symbian and Android, have been confined largely to Europe and Asia–areas where premium SMS is more common and where carriers are sometimes less vigilant about monitoring traffic, Hering said. An attack in December, centered in China, took a significant amount of data from Android phones and sent it to remote servers.

That the phone has been seen as less vulnerable than the PC is largely an artifact of the fact that the devices have only recently gained powerful operating systems and fast Web connections.

“It’s not like phones are inherently safer than computers,” Hering said. “It’s just been more attractive in the past to attack computers.”

In general, Android malware has been attached to applications–often to legitimate applications–and posted to various third-party stores, rather than to the Google-run Android market. Indeed, sticking to the official stores has been one of two major recommendations from security experts (the other is to pay careful attention to what permissions an app is requesting).

Keeping up to date on a phone’s operating system can also help. Droid Dream, for example, exploited a security flaw that was closed with the Gingerbread release of Android. However, unlike on the PC side, users don’t always get to choose which updates they install, as carriers and device makers often get a say in which apps are provided to customers.

The Android attack is also sure to raise the question of whether an open platform is less secure than a more closed one and also whether it is better to have a curated market or one that is community-managed. Hering said it is not fair to say that Droid Dream suggests Android is more vulnerable, noting that both open and closed systems have their benefits. Open-source code does mean everyone can look at things, but it also gives the community a chance to report flaws before the bad guys do.

Naturally, there is also a market that has emerged for security software that can be installed on a device. Lookout and Symantec both offer phone products, and Hering said that Lookout’s software was updated within hours to protect against infected applications from both official and non-official sources.

Given how quickly Google removed the infected apps, it still makes sense for the cautious to stick to the Android market. However, it is clearly not a failsafe.

The other big recommendation is to not just blindly click OK to all those warnings that pop up when installing an app. On Android and many other platforms, users have to explicitly give an application permission to do certain things, such as access location data or make phone calls.

“If someone is downloading a scientific calculator and it wants to send text messages, it should raise some eyebrows,” said Vikram Thakur, a principal security response manager at Symantec.

SecureWorks, which is privately held, says it has about 2,900 customers in 70 countries, and that its customers include 15 percent of the Fortune 500, as well as 1,500 banks and credit unions, though typical of a security company, it doesn’t name any of them. In 2009 it acquired the managed security business of VeriSign. It has about 700 employees and projected revenue of about $120 million.

It’s also known for its top-flight malware research team. Last year it was involved in the research and response around a banking Trojan called Origami, which originated in Russia and was designed to steal sign-in credentials.

Dell says the deal will expand its IT-as-service offerings. It also looks to be, at least in part, a reaction to Hewlett-Packard’s acquisition of security firm ArcSight in October. No financial terms are being disclosed, but Dell had been involved in a reselling partnership with SecureWorks since July of last year. It’s also Dell’s second acquisition in as many months. On Dec. 13 it spent $820 million for the health IT company Compellent.

I have had a little disagreement with my IT guy. He says that when taking my laptop out in public, I should never type anything with passwords or confidential information. He says that someone can pick up my information. I say that I can’t believe that everyone in public is totally exposed. There must be some way to protect yourself while on a public network. Who is right?

A:

There’s no single correct answer. It’s true that thieves in public places can and do steal passwords and other sensitive information transferred over public Wi-Fi hotspots. But it’s also true that methods like Virtual Private Networks can mitigate this problem, and that most public hotspots are, just by the odds, unlikely to harbor these thieves at any one time. However, my advice is to avoid doing any sensitive tasks, like banking or stock trading, while using public hotspots. And, if you’re doing anything confidential on your company or home network remotely, use a VPN, which is like a secure tunnel through the internet.

Q:

I recently purchased a new iMac and am considering installing anti-virus/spyware/malware programs on it. Reader forums in MacWorld magazine say it’s not needed. A local newspaper computer columnist says he’s had Macs since the early ’80s and has never run an AV program and has had no problems. Other online computer advisers say Macs are always vulnerable and advise to run AV programs. Any recommendations here?

A:

No computer is inherently invulnerable to malicious software, and that includes the Macintosh. However, nearly every malicious program known is meant to run on Windows and simply won’t operate on the Mac operating system. The handful of Mac viruses and other malware that have been discovered are either proofs of concept, or have spread to very few users and done little or no damage. Most Mac users I’ve known don’t run third-party security software and haven’t had malware problems. So I don’t routinely recommend Mac security software.

There are two caveats, however. If you are running Windows on your Mac, you should install Windows security software, to run while Windows is in use. Also, Mac users are just as vulnerable as Windows users are to online scams, or to insecure public networks. So, even though you may never get a virus, you still have to be careful about doing sensitive Internet tasks via public hotspots or careless behavior like clicking on links sent you by unknown email senders.

Q:

My car has an audio jack that integrates any input into the sound system. I know that Kindle has a text-to-speech feature. Would I be able to use that feature via the audio jack in the car?

A:

Without having tested your car’s input jack, I assume the answer is yes. The Kindle has a standard headphone jack.

However, note that the text-to-speech feature works only on certain books, not all of them. Publishers have the right to allow or disallow it for any book.

Also, even if it’s enabled, it isn’t the same as an audio book, which is usually read by a trained narrator or by the author. Instead, it’s a computer doing the reading.

You can find Mossberg’s Mailbox and my other columns at the All Things Digital website, http://walt.allthingsd.com.

Lookout said Geinimi displays botnet-like qualities and is the most sophisticated wireless malware it has seen. Thus far, infected programs have only been seen on various Chinese app stores.

“Geinimi is effectively being ‘grafted’ onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets,” Lookout said in a blog post on Wednesday. “The affected applications request extensive permissions over and above the set that is requested by their legitimate original versions.”

The security firm said it has already updated both the paid and free versions of its software to protect against Geinimi.

Lookout raised $11 million in Series B funding back in May.

The company was launched in 2007, with its founders taking 18 months to develop a new core technology focused on mobile devices. While some of the big-name security firms are in the mobile arena, their approaches are brought over from desktop and PDA security efforts, CEO and co-founder John Hering told Mobilized.

“I think there’s a very reasonable opportunity to create the next Symantec but built around the mobile platform,” Hering said, noting that over the next three to seven years mobile devices will become the primary computing device for millions of people.

Although threats to mobile devices are still comparatively rare, their highly mobile and always connected nature makes them an increasingly attractive target for those seeking to do harm. A year ago, Hering said that most attacks were proof-of-concept or attacks for notoriety. This year, though, has seen the rise of financially motivated malware, including an attack on Android where an app posing as a movie player sent premium SMS messages costing infected users $5 a pop. A separate attack in China infected more than one million phones, Hering said.

Lookout aims to stop those kinds of attacks and also allow capabilities like device tracking and remote wipe capabilities. Its software currently works on Android, BlackBerry and Windows Mobile (but not the new Windows Phone 7) operating systems. Hering said the company plans to expand to other popular operating systems and said some of the new funding will be used to expand to new platforms.

Ping Li, a partner at Accel and a board member at Lookout said the company’s approach of splitting work between the device and the cloud to more efficiently work on a mobile device is part of what attracted him to the company. He also pointed out that Hering and his co-founders are in their twenties and just have a different awareness of the devices than their older competitors.

“They grew up hacking mobile phones,” Li told Mobilized. “They never grew up hacking PCs.”

Part of growing as a security company is having the right product in place when a new threat emerges, Li said, pointing to Webroot, which came out of nowhere to become a significant business when spyware emerged as a major security issue.

The company has more than four million users of its software, although the vast majority are getting the software for free. The company recently launched a $3 per month premium service, but Hering won’t say how many customers it has.

Hering said Lookout’s model aims to follow that of desktop antivirus firm AVG, which has a popular and well-known free product but makes money by selling a premium service.

As for whether the company could make an attractive acquisition target for another security company looking to jump-start its mobile efforts, Hering was noncommittal.

“We’re just trying to keep up with the growth,” he said.

Here’s a sample, from Google’s blog post announcing the change (via SearchEngineLand). Click on the image to enlarge:

Google has already been flagging sites it thinks are distributing malware, so this is just an incremental step. And Google apparently thinks a “compromised” site is less dangerous than one it thinks “may harm your computer”: If you click on the link for the latter, Google will send you to an “are you really sure you want to go there?” message, but Google won’t actually slow you down if you want to head to a hacked site.

[Image credit: Picture Perfect Pose]

In April, a federal appeals court found that the FCC had overstepped its bounds when it censured Comcast (CMCSA) for violating its net neutrality principles and in so doing, called into question the agency’s authority to regulate the Internet. In May, 282 members of Congress, from both political parties, petitioned him to suspend the FCC’s plans to reclassify broadband as a telecommunications service, a move that would, once and for all, put broadband under the agency’s purview and clarify its jurisdiction.

And so today, Genachowski heads an agency whose legal authority is in question, as is its ability to implement a much needed National Broadband Plan. And his ambitious policy agenda is, for all intents and purposes, on hold.

What will he do now to regain momentum and fix the country’s ailing broadband policies?

1:19 pm: You’re a different sort of FCC chairman, aren’t you, Walt asks. You have somewhat of a tech background.

Genachowski: I do. I spent the last 10 years in the tech space. I’m probably the only FCC chairman who worked for the same company as Jeffrey Katzenberg.

1:21 pm: The conversation quickly moves on to an issue top of mind today: broadband and how lousy it is in the United States. Genachowski talks for a moment about broadband, saying the U.S. is grievously behind. He cites a survey that ranked the U.S. 40th out of 40 when it came to rate of change of capacity. “That means we are moving more slowly than any other country in that survey.”

1:23 pm: Walt jumps in to note that U.S. broadband customers are being screwed on performance AND cost. “They have slower broadband than lots of other people and they pay more for it,” he says. “You’re the head of the FCC: Why won’t you fix this?”

Genachowski: Because I thought you might invite me, I spent the last year working on a broadband plan. But there’s no silver bullet. There are things we can do to drive more innovation. Unleashing mobile is the most important thing we can do. There’s no doubt in my mind that mobile broadband will drive innovation. We have an enormous chance with 4G.

1:25 pm: Genachowski–The FCC plan that I inherited provided for new spectrum coming on the market that’s about a threefold increase over now. Until you see the new demand being driven by devices like the iPhone and the iPad. It’s 40 times. And we need to address that.

Walt jumps in, noting that spectrum is finite. Is there enough spectrum available to solve the problem?

Genachowski: There’s enough available if we have the right policies in place. We’ve got to work on policies that themselves create better efficiency, policies for trading spectrum, for example.

1:28 pm: Genachowski recalls that a few years ago there was a band of spectrum that no one knew what to do with. Finally, someone said, ‘why don’t we just put this spectrum out unlicensed and see what people do with it?’ And the first thing that people came up with were garage openers…and later someone discovered that it could be used for Wi-Fi. Obviously, an important innovation, but also part of the congestion problem. So what we’re trying to do is identify things like that,” he says. We’re also looking into spectrum-related efficiency.

1:30 pm: Walt–Are you going to take spectrum away from TV broadcasters?

Genachowski says he has offered them the opportunity to put their spectrum up for auction. We think this creates a mechanism for freeing up spectrum that’s currently tied up, he says.

1:31 pm: Walt asks about Genachowski’s broadband plan. Does the FCC have the power to bring it to fruition?

Genachowski: First thing to understand about the plan is that we were asked to develop a plan that would apply to the FCC and other parts of the government as well. It includes recommendations for the FCC, for Congress, etc. So focusing on the things we recommended for ourselves, there’s no dispute that we have authority. With respect to others, there’s a court ruling that’s created problems for us. So what’s important is that we move forward on the broadband policies and strategies.

We run something at the FCC called the Universal Service Fund. It promotes universal phone service and it does a good job of that. One of the recommendations of our plan is that this fund be used to support broadband instead of legacy phone service. This court decision is preventing us from doing that.

1:34 pm: Genachowski–No one really cares what section of the statute we point to except for the lobbyists and lawyers. It would be unfortunate if that process slowed us down as a country on improving our broadband infrastructure.

1:36 pm: Genachowski–We need to have enough of a broadband infrastructure in the United States that companies want to do business here.

1:37 pm: Walt wonders if it’s even possible to get some sort of policy implemented that would improve broadband for consumers.

Genachowski says it is, but concedes that “some elements of the system are broken” and prevent the country from moving as quickly as it could on its infrastructure initiatives. “We’re kidding ourselves if we think that the infrastructure will come simply because we want it to come….We need dramatic investment and we need an environment that encourages innovation.”

1:39 pm: Walt recalls a question from yesterday’s session with Steve Jobs about AT&T’s capacity problem. Noting the dramatic increase in demand for data on AT&T’s network, he asks if Genachowski can fix it so that people who complain about not being able to make calls on AT&T (T) will be able to make calls.

Genachowski: I think on an issue like this where AT&T hears from its consumers every day about how bad it is, I don’t worry so much. I worry more about issues where consumers are disempowered. Things like the number of consumers who don’t know what their broadband speeds are, for example. Ultimately, we want to give consumers the information they need to be better consumers. … What we’re looking at is digital labels that will show consumers what their actual broadband speeds are as opposed to the speeds they’re told they’re getting. I think we’re in an era when information technology creates opportunities to empower the consumer to make the market work more efficiently.

1:44 pm: Walt talks a bit about the state of the set-top box. The boxes that the cable companies give you are awful, he says. But there’s a law meant to promote options. Why aren’t you enforcing it?

Genachowski says he is, noting that consumers can buy CableCards.

Walt: Why don’t you make companies make better CableCards and better cable boxes?

Genachowski concedes that the CableCard strategy hasn’t quite worked out the way the FCC had hoped. The agency is now looking to see if there’s a sort of universal gateway that will solve the set-top box issue and allow innovation in the living room, he says. But the pay folks are concerned about how this will preserve the integrity of the pay stream. We’re at the point technologically where we can explore devices that preserve that pay stream while improving the broadband experience, he says, and we’ve set a goal of 2012 for developing a device like this.

Q & A

Q: Why is the FCC putting the 4G spectrum next to the Wi-Fi and Bluetooth bands?

A: I don’t think that will happen. At the FCC we have terrific engineers who understand these interference issues.

Q: What do you think about rewriting the Telecommunications Act of 1996?

A: I think it’s true that the act gives us the authority that we need. But I also think that by virtue of its structure, it’s not quite ideal. I’m doing everything I can with the following goal: We need solutions, speed, etc., because we’re not just competing with ourselves, we’re competing with the rest of the world.

Q: Does Obama have an iPad?

A: I don’t know whether he has an iPad yet, but I’m sure that will be taken care of.

Q: Your thoughts on malware and security?

A: The dangers are very serious. The systems that should be in place aren’t in place yet. I’m very concerned about the substance of this and whether in Washington we can do what needs to be done to ensure the security of our networks.

A note about our coverage: This liveblog is not an official transcript of the conversation that occurred onstage. Rather, it is a compilation of quotes, paraphrased statements and ad-lib observations written and posted to the Web as quickly as possible. It is not intended as a transcript and should not be interpreted as one.

Accel Partners has been pretty busy handing over giant wads of dough to start-ups this week–and today is focusing its largess on San Francisco-based Lookout, a smartphone security provider.

The Palo Alto, Calif.-based venture firm will be the lead investor in an $11 million Series B funding round for Lookout, which offers solutions to protect phones from malware and viruses, back up and restore valuable data and help users find their phones in the event they are lost or stolen.

Accel Partner Ping Li will join the start-up’s board.

Lookout currently works only on phones using Google (GOOG) Android, Research in Motion (RIMM) BlackBerry and Microsoft (MSFT) Windows Mobile operating systems.

Previous venture investors Khosla Ventures and Trilogy Partnership are also participating. The pair, along with angel investors such as Chris Sacca, had already put $5.5 million into Lookout late last year. The company was founded as Flexilis in 2007.

Lookout said the former CEO of Vontu and executive at Symantec (SYMC), Joseph Ansanelli, would become chairman of Lookout and that it had brought in other execs, including a former Yahoo (YHOO) staffer. Ansanelli has been an angel investor in Lookout.

Here’s the official press release:

Lookout Closes $11 Million in Series B Funding Led by Accel Partners

Explosive Growth in Smartphone Market Underscores Need for Mobile Security

SAN FRANCISCO–May 18, 2010–Lookout, the leader in smartphone security, today announced an $11 Million Series B round of funding led by Accel Partners with Khosla Ventures and Trilogy Partnership also participating. The company also announced that it has added several new executives to its leadership team, including former CEO of Vontu and executive at Symantec, Joseph Ansanelli, as Chairman of the Board.

“The smartphone market is exploding, and consumers are downloading third-party apps by the hundreds, making security an increasingly vital component of the mobile market,” said Ping Li, Partner at Accel Partners, who will join the board. “Consumers need to know that their applications, their data, and their phone itself are protected. We are excited to work with Lookout as they continue to extend their lead in this dynamic market.”

The global smartphone market grew more than 50% during the past year and as a result, consumers have been introduced to thousands of third-party applications across leading mobile platforms through app stores and downloaded sites. The Android Marketplace alone gives consumers access to more than 50,000 applications. While they enjoy the benefits of these applications, consumers are often unaware of the risks that accompany their increased data and application usage. Similar to the PC market, as consumers do more with their phones, they need protection from threats such as mobile viruses and malware, data loss and theft of the phone itself.

Lookout has developed cross-platform, cloud-connected applications that immediately identify and block threats before they compromise a consumer’s mobile phone, backup and restore mobile content, find a lost or stolen phone and wipe data from a phone if necessary. Available now on more than 400 mobile networks in 170 countries, Lookout prevents thousands of malicious applications, finds countless lost phones and restores important information for users every month.

“We are thrilled to receive such enthusiastic support from Accel Partners,” said John Hering, CEO and founder of Lookout. “Their backing is recognition of Lookout’s accomplishments to date and a testament to the importance of this market. With this additional financing, we’ll continue to invest in new technology and infrastructure so that we can provide the most comprehensive smartphone protection available to millions of consumers worldwide.”

Lookout Executive Additions

Joseph Ansanelli brings his extensive knowledge of security to Lookout as Chairman of the Board. Prior to Lookout, he served as CEO and co-founder of Vontu, turning the company into the leading provider of data loss prevention solutions before being acquired by Symantec in 2007.

In addition to Ansanelli, Lookout has also added several key members to the company’s executive team including Eric Bothwell as vice president of engineering, who formerly held engineering leadership positions at Vontu and Symantec; Chris Jones as vice president of product management, formerly senior director of portfolio product management at Symantec; and Julie Herendeen as vice president of marketing, formerly vice president of network products and advertising solutions for Yahoo! Inc.

Security company McAfee Wednesday morning issued a software update intended to give the computers that it’s contracted to protect a new list of malicious files to block and delete. Somehow a file that is part of Microsoft’s (MSFT) Windows operating system made it on to the list. And when McAfee’s software deleted this file, all hell broke loose.

People all over the country reported that their computers stopped working. Among the victimized organization were a hospital in Rhode Island, police in Kentucky and the National Science Foundation, according to the AP.

Read the rest of this post on the original site