Source: Intego

The sign-in page asks for users profile information, including the credit card information that is tied to an Apple ID account.

One of the first rules users should be aware of when checking for malware and spam in email is to hover over a suspicious URL with to see the location of the URL they are about to click. Tell tale signs of phishing, malware and malicious sites are when the URL does not appear to be headed to an official page from the company in question.

The phishers behind this attack have likely been sitting on it a while, waiting for when users received new Apple products during the holiday season. Malware makers are very sensitive when it comes to the timing of attacks. Zero day hacks are often stockpiled and unleashed when the impact will be optimal. Other malware and spam attacks are saved up for big news stories, such as what was seen during the Japan earthquake in 2011 or the death of Osama bin Laden. Spammers will then hit search engines with poisoned results and attempt to fill email inboxes with links to malicious sites. While the phishing attack aimed at Apple users was not a zero day attack, it is an example of phishers knowing when the best times are to launch an offensive.

Did you encounter an email similar to this last week? What other phishing attempts have been made against your inbox recently? Let us know in the comments.

"The days of just buying and anti-virus or a firewall program and just putting it on a PC are over," said SonicWall's VP of corporate development Ed Cohen. Enterprises and small and medium business need a more layered approach to security. Yet, the layers need to be more sophisticated. With the growing complexity of corporate networks, a new approach is needed.

SonicWall's report cites the growing problem of securing networks from social applications and mobile devices. These are new problems within the last several years that corporate networks have not yet caught up with. Cohen uses the example of Facebook, which has become a necessity for enterprises. Yet, monitoring when, where and how employees Facebook or other similar applications is necessary for enterprise security. For instance, a business's marketing department needs to use Facebook but it should not be allowed to use applications within the platform, like MafiaWars.

There is also the growing ubiquity of mobile devices and workers accessing the corporate network. That includes workers accessing work data from their smartphones or remote workers tapping in from unsecured connections.

"The more access that companies give, the more vulnerable they are," Cohen said. "Yet, at the end of the day, access and productivity often trump security."

Cohen advises that consumers, corporations and small to medium businesses become more proactive with security. That includes more monitoring of how and when users are accessing their work data, installing sophisticated anti-virus programs, next-generation firewalls and filters that look scan for spyware, spam, Web vulnerabilities etc.

"It always surprises me when a small business says that it has an anti-virus program but asks why it also needs to get a firewall," Cohen said.

Cohn has four recommendations to effectively secure a business network.

• Protect the network - That classic fortress approach where firewalls, black lists and security programs monitor the network itself.
• Protect the endpoints - This includes securing computers making remote connections to the network, from using Secure Socket Layer and Virtual Private Networks to make sure that every smartphone, tablet or computer that can access work data has an anti-virus client.
• Back up data - This is an old standby credo of the security profession (or anybody that has ever used a computer), but Cohen says individuals and companies often do not do a good job of backing up data. There are a variety of new products and services that can help companies automatically back up their data in case of crash or breach.
• Use managed service providers - This is a trend in enterprise that has grown in the last several years, especially when it comes to mobile devices. If you do not know how or cannot effectively manage your network, hire somebody else to help you do it.

SonicWall has an interesting quiz about detecting phishing attempts that it says most people fail miserably. Head on over an take the quiz and let us know how you did. It is a lot harder to detect phishing than even sophisticated users think (this reporter got six out of 10 correct and apparently that is a good score).

Here is a sample of the quiz. Is this phishing or legit?

Answer: Phishing

Google announced today that this extra net of protection will be available to the rest of the world as 2-step verification is being released in 40 languages across the globe. This has a potential to be a boon for the security industry and Google account holders across the world that are perpetually under attack from malware and phishing attacks attempting to access sensitive information.

Yet, that it just Google and its data centers. Individual users are more susceptible to phishing and malware attacks, especially as they become more targeted. That is where 2-step verification is a critical layer to protect sensitive information. Think about the attack on Booz Allen Hamilton that leaked 90,000 Department of Defense oriented emails several weeks ago by Anonymous. The hactivist group bragged that it was easy to crack Booz Allen Hamilton, apparently through one particular unprotected server. Once they were in, they could not be stopped. The server was dumped and Anonymous had all the information it needed to make Booz Allen Hamilton look extremely foolish.

Likely, this would not have happened if Booz Allen Hamilton had the type of protection that is provided by the major public cloud operators like Google or even Microsoft's Azure. Yet, the private cloud or data center that Booz Allen Hamilton used was not sufficient to keep the hackers out.

While Google's 2-step verification initiative is an interesting function in how it protects Google accounts, it should be looked towards as a guideline to be built upon, especially when adding security in the enterprise or a government agency. Making security layered and universal between the public and enterprise is the first step to eliminating the botnets that cause so much headache on the Internet. Rolling out 2-step verification to 40 languages should only be a step to making it a global standard across the globe.

In case you hadn't noticed, spam and phishing attacks through the social networks has been on the rise. Security company Symantec released a report yesterday detailing socially-engineered attacks to determine where they are coming from and what techniques malware criminals are using to lure victims into their traps.

One of the most interesting trends that Symantec has noticed is that social spam and phishing has been cyclical, moving from network to network (see above graph). For instance, attacks will focus on Facebook for a period of time before falling off, then focus on Twitter or YouTube before coming back to Facebook. In the cat-and-mouse game that is malware verse security, these trends make sense as exploits are closed on one network and found another.

The average lifespan of social spam is between 15 and 20 days, according to Symantec. Of that, Facebook sees the lion's share with 40% of all social network spam, compared with 37% for Twitter and 23% for YouTube. Yet, there are differences in how spam is relayed on Facebook than Twitter. Twitter tends to see large-scale spam attacks that are shutdown by the company relatively quickly, while Facebook sees multiple types of spam threads running through the ecosystem on a persistent basis, according to a recent conversation I had with Sophos security analyst and blogger Chester Wisniewski.

Facebook has been active in protecting its users from "clickjacking" schemes, forming partnerships with security companies like Web of Trust to help protect users. According to Symantec's trends graph, the company's efforts have been paying off. Facebook has been in a decline since late April.

One of the differences in social spam as compared to email spam is the type of message that social spam uses to lure in victims. The big topics are still prevalent - pharmaceuticals, gambling and adult/sex/dating - but spammers are using different types of link-bait on social networks. According to Symantec social spam links are often tied to "unread" messages or fake invites. For instance, a message from Twitter saying that you have three unread messages that you cannot see because your message folder is full. From personal experience, Twitter's DM folder is never "full" (this from a guy who had near 800 DMs in June and several thousand this year).

It is up to the user to protect their computer and exercise common sense with what they click on Internet. If not, your computer or your social network account may be part of the problem, not the solution.

A new report of security company Symantec says that global spam is at its lowest levels since 2008. The geographic center of spammed accounts has also shifted from Russia to Saudi Arabia. Worldwide spam is now down to one in every 1.37 emails. In the United States, spam accounts for 73.7% of all emails.

Spam levels are now the lowest they have been since McColo, a California-based ISP spam control center, was taken down in 2008. That is, in part, due to the shutdown of the spam-sending botnet Rustock in March 2011. Spam, phishing, viruses and other types of malware are all still major problems in the Internet ecosystem but it looks like progress is being made against the botnets and those that control them.

One of the most interesting trends to emerge from the June 2011 report is that pharmaceutical spam is declining yet the prefix "wiki" is increasing in spam messages. In some cases, the two have merged, such as the WikiPharmacy that spam messages are directing users to. Other major spam targets have been tax returns in India and fake aid to Japan after its catastrophic earthquake and tsunami in March. After pharmaceutical spam (which accounts for 40% of all spam messages), adult/sex/dating was the next highest category, with 19% of all messages.

The United States is also no longer a major generator of spam. Spam messages originating from the U.S. declined from 10.7% of all spam in 2010 to 2.8% in June 2011.

Spam may be at its lowest levels in three-plus years, but that does not mean it is dying out or is not a major problem. In June there were still 39.2 billion spam messages sent.

Phishing Evolves, Grows More Targeted

Email phishing is becoming more targeted. Spammers are now using tactics known as "spear phishing" and "whale phishing" designed specifically for a small set of users.

Our enterprise editor, David Strom, reports from Symantec's headquarters in Mountain View, Calif.

"The report shows that virus authors are getting better at micro-targeting: 75% of the malware has infected less than 50 or fewer individual PCs. One virus assembly kit called Harakit is distributed to an average of 1.6 users, meaning that it is used to deliver custom-built attacks that is targeted for a specific individual."

Examples such as Harakit might fit in with "whale phishing" where specific, high-ranking executives are targeted with phishing emails that have been dutifully researched by the phishers and are targeted to get into the executive's computer, which often has access to far more data than a mid-level employee.

South Africa is the most targeted location for phishing attacks with one in every 111.7 emails. The U.S. sees a phishing attempt in every 1,270 emails while Japan sees hardly any (in comparison) at all at with one in 11,179 emails.

Web-based malware is on the rise. MessageLabs identified an average of 5,415 sites each day harboring malware, adware and spyware, an increase of 70.8% from May 2011. That increases the chances of "drive-by" downloads where a user visits a site and becomes infected with malware.

DHS has teamed with security and technology experts at the SANS Institute and Mitre to create a list of the top 25 programming errors that lead to the most serious hacks, according to The New York Times. The idea is to educate companies and organizations about the channels that criminal hackers use to gain access to confidential information and servers. These are often common software errors that can lead to "zero day" exploits.

The guidance framework will include "vignettes" for various industry verticals, like banking and manufacturing, and will highlight which vulnerabilities are most frequent in the types of software is used.

Not Always A Tech Issue

While groups like Anonymous and LulzSec (which reportedly is disbanding) use sophisticated hacking methods (like SQL-injections), the greatest threat to security within the government and large corporations does not come from programming vulnerabilities.

It is their employees.

Bloomberg published an in-depth article June 27 titled "Human Errors, Idiocy Fuel Hacking." That may seem like an outrageous accusation but remember that one of the biggest security leaks in recent history - WikiLeaks - was the result of one person with physical storage (a CD) and access to confidential files. All Bradley Manning allegedly needed to do was put the disc into a computer and start downloading.

Bloomberg reports that DHS staff secretly dropped CDs and USB drives into the parking lot of government buildings to see if they were picked up and put into a computer. The ones that were picked up were plugged in 60% of the time and ones with official logos 90% of the time.

It is one thing for an average citizen to pick up a USB drive marked "DHS" and put it into a computer but another entirely for government workers supposedly trained on security risks to do so. It is reminiscent of the movie "Burn After Reading" where Brad Pitt finds a CD filled with another character's bank records and thinks it is top-secret information.

Bloomberg also notes that social engineering attacks are growing more sophisticated and are on the rise. According to security company Symantec's State of Spam and Phishing monthly report, phishing attempts rose 6.7% between June 2010 and May 2011. Phishing has become more targeted with "spear phishing" aimed at specific groups of individuals and "whale phishing" aimed at C-level executives.

"Rule No. 1 is, don't open suspicious links," Mark Rasch of Computer Sciences Corporation told Bloomberg. "Rule No. 2 is, see Rule No. 1. Rule No. 3 is, see Rules 1 and 2."

Once a phishing target clicks on a malicious link, it is likely that one of the top 25 software errors listed in the DHS guidance are being exploited. When it comes to security, the fact of the matter is that an organizations' own people are the biggest threat, not some esoteric group of hackers living in the Internet ether.

Correction: The original version of this post referred to the Wikileaks suspect as Ryan Manning. The post has been updated to reflect his actual name, Bradley Manning. 6/28/11 - 9:40 a.m. EST.

Epsilon says that only 2% of its clients were affected - only about 50. But those 50 include Citigroup, Capital One, Walgreen, Best Buy, Target, Hilton, Kroger, Tivo, Disney, The College Board, and Marriott.

More Phishing

Despite the reassurances that email addresses and names were all that were stolen, many security experts are still concerned about the implications. Even though no financial data were disclosed, just by knowing someone's email address and their spending habits - or at least the brands with which they have some sort of relationship - it may be easy to craft a targeted and sophisticated phishing attack.

If scammers know that you have a credit card with Capital One, for example, they may send emails asking you to log into a website and provide credentials that will give them access to more data, including financial information. People do fall for these targeted "spear-phishing" attacks, because they appear to come from a site they have a relationship with.

What Can You Do About It?

Phishing attacks are not uncommon, and as always, if you keep your guard up about where you click and what information you give up, you'll probaby be safe. But phishing attacks do work, even if it's just for a small percentage of recipients. And as the breach at Epsilon has exposed tens of millions of email addresses, even that small percentage could prove to be a sizable number.

When you receive an email from a company now, make sure you scrutinize it fully. Look at the email address and verify the sender. Look for typos and strange URLs. But don't click on those links. If you do get a suspicious email - particularly one with an urgent tone asking you to update your personal information - pick up the phone and call the company in question. Remember: most companies aren't going to ask for sensitive information via email.

This weakness stems from a design consideration from Apple. It only occurs on websites that identify themselves as mobile sites, as it allows Web developers to take advantage of more of the "precious screen real estate" on the iPhone's small screen, says Dhanjani. However, for phishers, this could be a new way to direct users to dangerous websites.

If you don't have an iPhone to test it, you can watch this YouTube video instead.

In the demo, mobile Safari visits a Web page that looks nearly identical to Bank of America's mobile website. The website name and lock icon even appear in green, an indication that the website is protected via SSL. However, as you can see, the graphic is not the real address bar. If you scroll up, the actual address bar appears at the top of the page.

Although the problem Dhanjani demonstrates is only observable in mobile Safari today, the researcher cautions that third-party applications that contain their own Web browser could be built to take advantage of this security weakness, too. "In the case of iOS, since most applications are full-screen, it is in the interest of the application designers to keep the users immersed within their application instead of yanking the user out into Safari to render web content," Dhanjani explained. "Given this situation, it becomes vital for iOS to provide consistency so the user can be ultimately assured what domain the web content is being rendered from."

He recommends that developers of iOS applications make sure they clearly display the domain from which they're rendering content.

Any Solutions?

Dhanjani also says he alerted Apple to the issue. "They let me know they are aware of the implications but do not know when and how they will address the issue," he says.

Meanwhile, third-party security firms are jumping on this news to promote their own "safe surfing" products - for example, Trend Micro and its Smart Surfing for iPhone app, an alternative Web browser application that always shows the system's address bar.

However, there may be a simpler solution to all of this until Apple makes any changes: just scroll up.

Dutch authorities took down several servers associated with the Bredolab botnet at the end of October (though there is some evidence that this botnet is still active). Symantec cites this, as well as the takedown of the Zeus ring and spamit.com, as the main reasons for this decline in total spam volume.

Phishing on Social Media on the Rise

While, according to Symantec, phishing scams on social media sites only comprised about 4% of all phishing attacks, the total number of phishing sites on social media increased by about 80% compared to last month. The security firm also notes that one of the most popular phishing scams in October involved emails and messages that claimed to come from a social media site's security service and asked users for their login credentials. These scams told consumers that they had to reenter their credentials (on a phishing site, of course) to ensure continued access to the service.

As Walter Harp, Microsoft's director of product management with Windows Live, told us earlier today, this redesign of Hotmail evolved as Microsoft started to think about how email has changed over the last few years. According to Harp, the last major revolution in email was the arrival of Gmail in 2004. Since then, however, the way people use email has changed. Social network updates from sites like Facebook and LinkedIn now make up somewhere between 15 to 30% of all mail in Hotmail users' inboxes. In addition, email users now send out billions of photos and documents. Microsoft alone stores over 15 billion office documents on Hotmail and its users send out close to 1.5 billion photos every month.

Bigger Attachments - Integration with Office Web Apps

Today's update tackles these changes head-on. Hotmail users will now, for example, be able to send up to 10 GB of photos and documents in a single message. Instead of sending these messages as attachments, however, Hotmail will simply route these files to the sender's Windows Live SkyDrive account (Microsoft's free online storage service), where the recipients can access them through a link. Thanks to the new Office Web Apps, recipients will also be able to see and edit Office documents right in the browser.

Less Clutter in Your Mailbox

In order to make it easier for users to wade through lots of social network status updates and unclutter their Hotmail inbox, Microsoft is introducing a new feature called "1-click filters." These filters will allow users to just see messages from services like Facebook and shipping updates from the USPS.

Other new features that will help to keep Hotmail users' inboxes organized include a new Gmail-like conversations view (which will be an opt-in feature and turned off by default), as well as the ability to quickly see all the emails from a given sender while reading an email from this sender. Hotmail users will also be able to just see all the new emails that contain photos.

Microsoft has also partnered with a number of third-party services, including Hulu, YouTube, JustinTV, the USPS, SmugMug and Flickr to provide additional functionality through a feature called "active views." This allows Microsoft to integrate some of the functionality of these sites directly into the emails.

Other new features include Exchange ActiveSync push email for Hotmail - which means that you can now push Hotmail email and data from your Windows Live Calendar directly to the iPhone, for example - as well as a unified contact list for all Windows Live services and third-party services like Facebook and MySpace.

Improved Security

On the security front, Microsoft is introducing full-session SSL encryption for all accounts and a feature that will identify and highlight trusted senders (like known banks and online stores) in order to prevent phishing scams. Microsoft has also managed to bring down the average number of spam emails in its users' inboxes to only 4% (down from 35% in 2006).

Another nifty new security feature is the introduction of a single-use code that allows users to log in from a public computer at an airport or coffee shop without having to fear that their passwords could be stolen. Users will receive these codes by SMS or through an alternate email account.

Microsoft Wants to be #1 in the U.S.

As Walter Harp pointed out when we talked to him today, Hotmail is the #1 email service in the world, but in the U.S., it is currently only the second-most used service after Yahoo Mail. With this new version of Hotmail, Microsoft hopes to be able to close this gap. Email, of course, tends to be a very sticky service and users aren't likely to abandon Yahoo for Hotmail anytime soon. Thanks to today's updates, however, chances are that many new users will choose Hotmail over Yahoo.

In terms of functionality, however, the real competition for Hotmail isn't Yahoo but Google. Google, after all, also offers integration with its online office suite and photo service. Unlike Google, however, Microsoft doesn't plan to offer a small business version of Hotmail and prefers to steer people towards Microsoft Exchange and Outlook instead. Microsoft's services - and especially the Office Web Apps - are competitive with Google's services (and, in many respects, better). Thanks to the integration with SkyDrive and Office Web Apps, Hotmail now presents a very viable alternative to Gmail and it will be interesting to see if Microsoft will be able to capitalize on this.

Suspicious Logins

If somebody tries to access your account from the other side of the world, for example, Facebook will now notify you that something is amiss with your account and add an additional layer of authorization to the log-in process. According to Facebook, these additional verification methods could include asking for a your birth date (you did enter your real birth date on Facebook, didn't you?) or asking you to identify a friend in a picture and answering a standard security questions if you previously provided one.

Registered Devices

Users will now also be able to register their computers and other devices they use to access Facebook. Whenever somebody tries to log in from a device you haven't registered yet, Facebook will prompt them to name the device and send you an email. You can also choose to get SMS alerts as well.

These updates come just a few days after Jim Breyer, one of Facebook's own board members, fell for a phishing scam on the popular social networking site. Today's updates aren't likely to prevent these phishing scams, though it's good to see that Facebook is introducing additional security features.

Given the amount of negative publicity Facebook has been getting over its privacy policies and bewildering privacy settings, it only makes sense for Facebook to garner some good press by emphasizing these new security features now. On the other hand, those users who are already nervous about Facebook's own privacy issues aren't likely to be persuaded by this.

Twitter's is a good move but a lot more is needed all over the web. If we want a transactional developer ecosystem of distributed identity and portable user data, there are both user education and technical changes that need to be made.

It's only because there is a big developer ecosystem creating interesting new services on top of our Twitter identities that any of us would ever consider logging in to Twitter while on another website. That ecosystem is great, and it's the kind of thing that an interconnected web that leverages portable user data would be filled with. But if user data is a form of currency and even people who are professional technology analysts (paid hundreds of dollars an hour for their technology advice - and many of these people are falling for Twitter phishing scams) - if even these people can't tell the difference between a good transaction and a bad one, then what does that say for the future of distributed developer ecosystems and data portability?

Apparently, though, fooling people these days into handing over their Twitter login through an unsafe transaction is like taking candy from a baby. It's really easy.

That's a failing of user education and of the design of distributed authentication transactions, isn't it? (Though it's tempting to blame the users who fall for it, it really is!)

Remember when debit and credit cards were first introduced and many people didn't trust them? Aren't you glad we figured out how to make that work? Similarly, we need a combination of user education (don't give out your credit card number to random people who call you on the phone) and practical measures - credit card transaction receipts have two copies, your copy is the one with the full number printed on it - take it with you. Little things like that and more made plastic a viable platform for commerce. Distributed online identity needs similar measures taken.

You know what also doesn't help? People who try to be helpful by urging users to not even click on phishing links. It's not like these are mysterious poisonous substances that will kill you if you touch them. Go ahead and click on them! Just don't give the resulting spoof pages your username and password. That's the problem!

It's early days in all of this and more moves like Twitter's tonight will be needed. For the good of user security but also for the good of all the innovation this web has the potential to deliver.

Really, though, people who take tech seriously don't fall for those kinds of things, right? Wrong! Below we offer the job titles of some of the most surprising people we've received phishing direct messages from over the last several months. It's a pretty surprising list.

Remember also, this could happen to any of us (apparently, perhaps) and thus the old saying "there, but for the grace of the Fail Whale, go I."

"I made $300 today with http://ifortune4u.com" - and assorted variations...

Bio: Market analyst following datacenters, energy efficiency, and blade servers.

That's complicated stuff but probably pretty mechanical. No wonder a little human-engineering was able to overcome this person's defenses.

Bio: Enterprise Comms Analyst

That's Comms as in communications?

Bio: Industry analyst: enterprise communications [Different person, same analyst firm as the above]

Oops. Why are these analysts, some of whom charge up to $1000 per hour for their work, falling for a scam that promises relatively small sums of money?

Bio: Consultant in large scale data warehousing.

Looks like just a little bit of your data just got warehoused!

Bio: Strategy planning at [Giant European Firm] Enterprise Communications

How's this for an enterprise strategy? Know a phishing scam when you see one.

Bio: Customer Interaction Analyst at [Giant Marketing Research and Analyst Firm] / Speech Reco and UI Geek / Trendspotter

Oh my...

Bio: an investor and co-founder of [common web 2.0 term].com; a founding partner and Vice-President in [big Web 1.0 company]...8 million page-views and 1 million unique visitors per month...with zero marketing budget.

Surely there were people pulling scams like this back when you were...building a website with 8m monthly pageviews...with zero marketing budget...

Want to brush up on your social networking skills, so you can stay off of lists like this? Check out Sarah Perez's post from October How to Avoid Malware on Facebook and Twitter: 8 Best Practicies.

You can find the whole ReadWriteWeb team on Twitter here. You can follow us with the knowledge that we aren't going to spam you with scammy Direct Messages - or at least if we do you can write a blog post teasing us about it.

In yesterday's attack, the list of comprised Hotmail accounts were limited to those where the usernames started with the letter "A" or "B." However, that seemed to imply that the posted portion might actually be a part of a bigger list containing even more login/password combinations. At the time, a Microsoft spokesperson said that the company determined "this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts." Instead, claimed the spokesperson, those users whose credentials were revealed were likely to be victims of an online phishing attack where a third-party website was involved.

Phishing attacks are typically carried out via email messages where the attacker tricks the recipient into revealing their username and password by pretending to be some sort of trustworthy entity such as the user's bank, IT administrator, a popular website, or an online service. In the case of the stolen Hotmail passwords, it's possible that the attacker sent emails which claimed to be from the end user's email provider. If the user then followed the link contained within the malicious email, they would have ended up not on the actual email provider's site, but on a third-party site whose sole purpose was to capture their username and password when entered.

Beyond Hotmail: More Webmail Providers Affected

According to a story in today's BBC News, the most recent list of compromised accounts, which includes login credentials for Gmail, Yahoo, AOL, Earthlink, and Comcast users, contains some accounts that appear to be old, unused, or fake. However, many others listed are, in fact, genuine.

There's no way to be sure at this point that the new list is a part of the same phishing attack as yesterday's or if it's a new and separate scam.

The website where the accounts were posted - pastebin.com - is now "down for maintenance." Visitors to the site today will receive a message that reads:

Pastebin.com is getting an unprecedented amount of traffic due to a news story in which some leaked Hotmail passwords have been pasted on this site

Pastebin.com was intended as a tool to aid software developers, not for distributing this sort of material. Filters have been put in place to prevent reoccurrence, but the current traffic level is unsustainable.

Pastebin.com is just a fun side project for me, and today it's not fun. It will remain offline all day while I make some further modifications

Paul Dixon

Regardless of whether or not you think your account was compromised, today would be a good day to change the password on whichever webmail service you currently use. Better safe than sorry!

AVG's CEO J.R. Smith told us last week the the company focused on a number of key issues in this new version: keeping pop-ups down, improving the scanning speed and keeping memory usage to a minimum so that the app would also run well on netbooks. In our own tests, AVG 9 was faster than the previous version, though we can't quite corroborate AVG's claim that the new version scans 50% faster.

Identity Theft Protection

Another interesting new service AVG launched today is its Identity Theft Recovery Unity. A free 800-number for users of the paid and free versions will provide information about identity theft and guide users through the process of restoring their credit scores if they become a victim of identity theft.

Mac Versions?

We also asked AVG if the company planned to release any products for the Mac. While the company doesn't have anything to announce right now, it was interesting to hear that AVG has been talking to Apple about phishing protection on the iPhone - a feature that would only work if Apple gave AVG access to some of the deeper layers of the iPhone OS.

Microsoft, of course, also released its own anti-virus software, Microsoft Security Essentials, a few days ago, though while it's a very capable antivirus package, Security Essentials is still a rather basic product compared to solutions from AVG, Avira, or Symantec.