Twin obstacles of technical problems and privacy issues are holding back the overarching system created to protect the federal government's computers from cyberspies, according to The Wall Street Journal.
"The latest complete version of the system, known as Einstein, won't be fully installed for 18 months, according to current and former officials, seven years after it was first rolled out," the newspaper reports. "This system doesn't protect networks from attack. It only raises the alarm after one has happened."
The privacy concerns stem from the National Security Agency's acknowledgment of its warrantless wiretapping of phone calls and e-mail that started after the terrorist attacks of September 11, 2001. AT&T is supposed to test new Einstein technology, but the Journal reported that the company sought Justice Department's approval first. The Obama administration has OK'd the testing, an official told the newspaper.
According to the Journal, these are the three phases of the Einstein program:
• Einstein 1: Monitors Internet traffic flowing in and out of federal civilian networks. Detects abnormalities that might be cyberattacks. Is unable to block attacks.• Einstein 2: In addition to looking for abnormalities, detects viruses and other indicators of attacks based on signatures of known incidents, and alerts analysts immediately. Also can't block attacks.
• Einstein 3: Under development. Based on technology developed for a National Security Agency program called Tutelage, it detects and deflects security breaches. Its filtering technology can read the content of e-mail and other communications.
The Department of Homeland Security began work on the project in 2003, adapting it from a Pentagon program that watched military networks, former national security officials told the Journal.
A Homeland Security representative told the Journal the phases are "incremental improvements" that also safeguard privacy and civil liberties. "We don't want to let the perfect be the enemy of the good," the representative told the newspaper.
Homeland Security is the only department using Einstein 2 at this point, the newspaper said, but it is expected to cover most of the government in another 18 months.
Zulfikar Ramzan, tecnical director and architect at Symantec
(Credit: Symantec)As technical director and architect at Symantec, Zulfikar Ramzan spends his time trying to outsmart the virus writers responsible for the onslaught of malware that infects millions of computers on a daily basis.
Ramzan, 33, talked with CNET News this week about how his early hobbies of chess and computer programming led to his cryptography studies and a job at Symantec, where he puts theory into practice.
Q: When did you get interested in computers?
Ramzan: I think I was probably around 8 years old or so and my birthday was coming up and I saved a bit of allowance money, and my parents helped supplement it, and we went out and bought a Commodore VIC-20. It was $100 for the keyboard and you hook it up to the back of your television. Games were pretty expensive back then, and being 8 years old and somewhat naive, I said "I'll just write my own games." I was forced to open up the manual and figure out how it worked. At that point, I was writing simple programs in basic and gaining a good sense of the fundamental operations of a computer. Nowadays it's so much harder to gain that low-level of computer experience because there is just so much complexity in a typical processor these days. In those days, it was easy for someone to tinker with what was going on at the lowest levels of a computer.
When did you get interested in security in particular?
Ramzan: When I was very young I had a book of puzzles. These were very simple ciphers; it was meant as a game book as part of Scholastic book club. That's when my interest in security was formed. That's the first moment I started thinking about security issues. Later on, in high school, we had machines donated to us that were Internet-enabled. This was at a time when the whole notion of having an Internet connection was not very popular, especially in high school. The system was being administered by one of the teachers who didn't know much about comp security so the system was basically wide open. It was possible for anybody who paid a bit of attention to find their way around the system and understand all its nuances. That was my first exposure with doing things that were related to security. I was fascinated by the whole aspect of understanding what it was, what it took to protect the system, finding ways to circumvent that protection and what you could do if you were able to do so.
Did you ever dabble in gray hat hacking?
Ramzan: I don't think I ever really got to the point where I had crossed the line and was in a place I shouldn't be because these computer systems didn't hold any classified information. They were just meant for educational purposes. It was more interesting to see what we could do with them, in terms of could I read a certain file or create an e-mail account for someone. It was in a more playful fashion than what you think of today as gray hat hacking.
Tell me about your work with cryptography?
Ramzan: It kind of started with that book of puzzles when I was young, but that obviously was amateurish cryptography. Later on I was an undergraduate at Cornell and had a chance to work with a professor who mentored a research project... We started working in areas related to machine learning. Imagine you have a black box of some sort and you see what goes in and what goes out. You try to figure out how that black box works. It's really the fundamental problem of how a computer can learn. To me that was a fascinating problem in and of itself, but in many ways, it was a precursor to traditional cryptography where you are trying to design these black boxes where no one can figure out how they work. For me, that was an opportunity to not only to study something formally in a computer science setting, but it really helped build a foundation for studying cryptography later on. When I went to graduate school at MIT I joined the cryptography information security group where we conducted cutting edge research in the area of cryptography.
How did you end up at Symantec?
Ramzan: I got into cryptography because I thought it was a field where there was a deep theoretical and mathematical component and at the same time it was largely something that could be applied and was being used to protect real transactions and real people. So that kind of confluence of theory and practice together was very exciting to me. It was an opportunity to both think deeply about a problem and actually see the results benefit people. After graduating form MIT, I spent a while working at a couple of start-ups and then I spent a few years at a research lab where I was doing fundamental research in the area of cryptography. I was writing research papers and was going to conferences and writing patents on the work I was doing. It was a very much hands-free environment and I was able to pursue whatever academic interests I wanted to pursue. But what I found throughout that was even though I was working really hard and thinking deeply about these problems, at the end of it I was only producing a research paper, which maybe some people would read. But I wasn't doing anything deeper or more practical than that. Around that time, I got a call from somebody who was recruiting to fill a position at Symantec.
What are you working on now at Symantec?
Ramzan: I'm working on probably the most exciting project I've had a chance to work on at Symantec yet, and that's the area of reputation-based security. This is going to be coming out in the next Norton line of products at the end of the summer. Within Symantec we have a program called Norton Community Watch, where customers submit data back to us about security events and related things happening on their systems at any given moment in time. On the back end we're doing large-scale data mining and correlation in order to produce more rich contextual information that allows us to classify new programs as good or bad. When you look at traditional anti-malware software, it basically tries to determine what the intent of a particular file is on one machine at one moment in time. That's a very much a myopic view of the world. In contrast, reputation-based security is really about looking across your entire spectrum of machines to make a much more informed decision about what the one file is doing. So we might know that file is doing X on this machine, but if we know what it's patterns look like across our user base, we can determine whether the file is good or bad with much higher accuracy.
What are the main challenges with blocking viruses and spam?
Ramzan: One of biggest challenges overall is that these things are rapidly evolving. We're seeing variations upon variation of various types of malware and viruses. The traditional approach of trying to use a signature-based detection to detect that this part file is good or bad is going to be limited. Signatures were very good 10 years ago when there were a small number of samples out there that were on a large number of machines. Nowadays, when you have essentially micro-distribution of a large number of threats, where maybe there are millions and millions of threats out there and each is on only a few machines, having a signature to try to protect against those threats doesn't work as well. That's because you're only protecting a few users at once with a given signature. It doesn't scale nicely. With reputation-based protection, we look at not only what the software is doing, but we might know that this application is only on five machines in the world. That's something we can monitor very easily. Whereas before the attacker would try to be the needle in a haystack and hide...we now have a very powerful magnet so we can find those needles effortlessly.
So is signature-based antivirus protection dead?
Ramzan: No, not at all. I think that signatures are very useful, but in a certain context. There are still threats out there that do get to a large number of machines. For example, we've seen the Conficker, or Downadup worm come out recently. That's a classic example of a threat that makes sense to protect with signatures. Signatures are simple, they're easy to compute, they've been around for a long time. They have their uses, but they only protect you against one spectrum or one part of the spectrum of possible threats out there.
Is that where the industry as a whole is headed?
Ramzan: In general, a lot of the major vendors in the antivirus industry have been investing in heuristic-based and behavioral technologies where the idea is that rather than relying on a specific pattern to be present, they're trying to determine the overall intent of that file, what it's doing on a machine. I think that's one aspect of what you have to do. At Symantec, we're using reputation (technology) to basically complement those technologies because reputation (technology) can tell us not just about what's happening on the one machine, but how that fares across a number of machines.
For example, suppose we have an application and it seems to be doing something strange, like it's sending out messages from your machine. Traditional antivirus software might say this seems suspicious so let's kill this program. But suppose we ask the reputation back end "what do you know about this file?" and it says we first saw the file three months ago and we know it's on a million different machines. We may not know what it is, but if we know that we've seen it for three months, it's on a million different machines and it's not a signature for something that is known to be bad, it's almost definitely going to be a good file. So what the behavioral engine can now do is say it's got to be a good file and allow it to run. Maybe it turns out it was an instant messaging application. The idea here is basically to provide additional accuracy that allows the behavioral and heuristic technologies to do their stuff without worrying about accidentally triggering on good applications.
So it could be used to eliminate false positives?
Ramzan: Absolutely. That's going to be one application of it. It also allows behavioral and heuristic technology to become more aggressive because they have a safety net built in. And we are able within the reputation technology to infer based on how an application came into our system how it exists across our user base. We can infer with very high (degree of) accuracy whether it's good or bad without knowing much more about it.
You've got an interesting name. Where are you from?
Ramzan: I was born in Africa, in Dar Es Salaam, Tanzania. I came to the United States when I was 2 years old. More or less I grew up in New York. At some point I did have a New York accent but I lost that. My parents were born in Tanzania but our ancestry is Indian.
How many languages do you speak?
Ramzan: I can speak an Indian dialect called Kutchi fluently. It has some Swahili words mixed in. That's what I learned growing up. My mom was born in Zaire, which was a former French colony, so I learned some French through her...I studied Russian in college.
Why did you take Russian?
Ramzan: When I was in junior high I got interested in playing chess. I started taking it seriously, competing and so on. Around that time, in the late '80s early '90s, the fall of Soviet Union was happening and there were a lot of Russian immigrants, including some well-known chess players. I made friends with these guys. I got interested in learning Russian to better communicate with these new friends and also to help further my own playing of chess, to read magazines and books on chess. I was interested in bettering my game in some way.
Seems like there are correlations between chess, computer science and security.
Ramzan: Sure. They're all very analytic fields. They involve some level of deep problem solving. The one thing that's unique, if you look at computer science research, cryptography research or even playing chess, which has an artistic component that doesn't get talked about much...A lot of times coming up with solutions to various types in all these domains requires a kind of "aha" moment, or requires thinking out of the box in a way that might be initially very unconventional, but after a while you build up a certain level of intuition about what's going on. So in many ways I think that's why I was captured into all these areas. They all had this fundamental relationship with being analytical but also invoking a certain creative spirit.
Apple expects to have a fix later this month for a vulnerability in the iPhone that could allow an attacker to gain control of the device remotely via SMS, a security researcher said on Thursday.
An attacker could exploit a weakness in the way iPhones handle SMS (short message service) messages to do things like use GPS to track the phone's location, turn on the microphone for eavesdropping, or take control of the device and add it to a botnet, Charlie Miller, co-author of The Mac Hacker's Handbook and principal security analyst at Independent Security Evaluators, said in a presentation at the SyScan conference in Singapore. The presentation was covered by IDG News Service.
Miller said that under an agreement with Apple, he was barred from providing too much detail on the vulnerability. He plans to give a more detailed presentation on the hole at the Black Hat conference in Las Vegas at the end of the month.
Despite the SMS hole, which "could be a critical vulnerability," the iPhone is more secure than OS X on computers, Miller said. That is because the iPhone doesn't support Adobe Flash and Java, only runs software digitally signed by Apple, includes hardware protection for data stored in memory, and runs applications in a sandbox, he said.
Apple representatives did not immediately respond to an e-mail request for comment.
The Waledac worm is gearing up for a spam campaign related to the July 4 holiday, a security researcher warned on Thursday.
Researchers analyzing the code of the worm, which has been deploying updates to previously compromised PCs, have discovered that at least 18 domain names have been registered related to fireworks and Independence Day that will be used to trick people into visiting a malicious Web site, said Pierre-Marc Bureau, a senior researcher at antivirus vendor ESET.
Starting any time now and lasting through the weekend, the spam e-mails will arrive in in-boxes with a message urging the recipient to watch a July 4 video. The e-mails are expected to include a link to a site with an executable that, instead of playing a video when double-clicked, will download malware that turns the visiting PC into another bot on the botnet, Bureau said.
The operators of Waledac are using holidays and other current events to lure new victims in order expand their botnet, and it's likely they are leasing out the botnet services to others, he said. Earlier this year, Waledac exploited Valentine's Day, spamming people with fake romantic greetings.
It is estimated that there are tens of thousands of computers infected with Waledac and that more than 20,000 will be used in the July 4 spam campaign, according to Bureau.
More information is on the ESET blog.
(Credit: Black Hat)Last year it was smartcards and this year it's ATMs.
It's almost security conference season in Las Vegas and with one month to go, a presentation has been pulled from Black Hat and Defcon.
Juniper Networks says it pulled a talk about a flaw in ATM software that one of its researchers was scheduled to give at the security conferences, after the ATM vendor complained.
In his presentation entitled "Jackpotting Automated Teller Machines," Barnaby Jack was planning to discuss local and remote attack vectors on ATMs and provide a live demonstration of an attack on an unmodified ATM.
The description of the talk, which was posted on the Defcon Web site but appears to have been removed, said: "The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. This presentation will retrace the steps I took to interface with, analyze, and find a vulnerability in a line of popular new model ATMs."
In a statement, Juniper Networks said the company "believes that Jack's research is important to be presented in a public forum in order to advance the state of security. However, the affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected. Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack's presentation until all affected vendors have sufficiently addressed the issues found his research."
Juniper Networks is reaching out to other ATM vendors to help them address any security risks uncovered in Jack's research, the statement said.
The company did not disclose which manufacturer makes the ATMs that were to be referenced in the talk. Jack could not be reached for comment.
Security issues related to ATMs are a hot topic. Last month, a computer forensics expert revealed that he had discovered malware on ATMs that allowed criminals to steal account data and PINs. Three people were arrested last year after allegedly breaking into Citibank's ATM network inside 7-Eleven stores and stealing PIN codes.
This is the second year in a row that a scheduled presentation at one of the two security conferences was pulled. Last year, a talk on hacking smartcards used in the Boston subway system was blocked after a federal judge granted the Massachusetts transit authority's request for an injunction. The lawsuit was later dismissed and the three MIT students who were muzzled eventually ended up agreeing to help the transit system improve its fare collection system.
And other researchers have encountered problems after giving their talks. In 2005, a security researcher was able to give his presentation at Defcon on how attackers could take over Cisco routers, but hours later Cisco Systems filed a lawsuit against him. The suit was ultimately settled.
Things were more dramatic in 2001, when the FBI took Russian crypto expert Dmitry Sklyarov into custody at his Las Vegas hotel the day after he gave his Defcon talk about insecurities in e-book security software.
(The ATM talk cancellation was first reported by Risky.Biz.)
MOUNTAIN VIEW, Calif.--The computer security industry historically borrows military defense concepts to combat digital threats, literally creating war rooms where experts follow attacks in progress on huge screens with phones ringing off the hook.
Not so at Google's Postini e-mail security service provider unit. Instead, computerized systems monitor 3 billion messages per day that flow in and out of customer systems and pass through Postini's thousands of machines in data centers around the U.S. and in Europe before hitting the Internet. The Postini system is highly automated, distributed, and scalable, characteristic of all of Google's operations.
Google's Gmail antispam efforts are separate from those of Postini, which Google acquired two years ago, although it follows similar computerized operations and the teams have started to integrate the processes.
Postini founder Scott Petry points out the economic benefits to using Postini.
(Credit: Elinor Mills/CNET News)Postini represents Google's commercial push into e-mail security, offering a subscription-based service to more than 50,000 customer companies and organizations and more than 15 million business users. In addition to protecting e-mail from spam and viruses, Postini offers compliance and archiving services.
Sentinels and canaries
About 35 members of the Postini Site Reliability Engineering team have access on their machines to a dashboard that shows the number of transactions per second the Postini service is handling, as well as the message per minute rate and graphs of the error percentage rate obtained from a test system known internally as "Sentinel," according to Craig Croteau, who leads the group.
The Sentinel system has devices located on dedicated pipes into the Internet with daemon software, automated programs that run in the background that routinely send out test messages to gauge the performance of the flow through the Postini infrastructure. If there is a problem with a round-trip test message, indicating possible congestion, it will show up on the dashboard.
Craig Croteau helps keep Google's Postini e-mail security service relies on automated systems to keep the network running smoothly.
(Credit: Jay Nancarrow/Google)"It's a canary in the system," a tiny data stream that serves as an early warning system so potential issues can be stopped before they become major problems, Croteau said.
The Sentinal system posts the information to a database that feeds into the dashboard; one of several different data collection engines that are superimposed on the dashboard. Traffic monitors generate message rate graphs while the system extrapolates rates from live log scraping. Telemetry, remote measurement and reporting, is served up in multiple views.
Postini uses multiple fail-over sites, and if a potential problem is detected, the customer message flow is moved to a backup system. Unlike typical cloud hosting providers, Postini's subscription service does not store the customer's data on its servers but provides the protection services as the data passes through the Postini gateway.
In traditional network operation centers someone sitting in front of a screen notices a rise in error rates or some other problem, then conducts triage and follows a set work-flow procedure for dealing with events, according to Croteau.
"There's a built-in lag," he said. "It can take minutes, 15 minutes, to do something," especially if the worker is out of the office on a pager.
"If you want high, high up-time, you need to take action immediately in the face of a service degradation," Croteau said. "Our team looks at the dashboard, but our key is we let computers take action" without needing a human to have to make a decision first.
Asked about the potential for the computerized system to assume too much control, Croteau said: "I don't think it's HAL-like, actually. Humans are responsible for application debug and event analysis."
In addition to the automation, engineers have playbooks, or rules guidelines, to follow if something goes wrong. The playbooks explain how to attack a problem and what to do in case of specific types of events.
Asked what might prompt his alarm to go off in the middle of the night, Croteau said that might happen as a result of a regional network outage or if an anomalous event stresses the system, such as a poor interaction with messaging payload and scanning binaries. "For us, the most challenging item would be something involving a legitimate payload," he said.
"Antispam is not about identifying spam; it's about identifying good mail," said Croteau.
Zero-hour protection
To identify and block spam and viruses, the automated Postini system looks for key words or phrases that indicate it's an ad or something dangerous, as well as looks at the structure of the e-mail message and the headers, said Kevin Lund, a software engineer who developed a lot of the code the Postini system runs.
The system scores each message on numerous combinations of criteria, assigning a weight to each and then comparing the score to those in a database of several hundred thousand message types that have been flagged as good or bad from Postini honey pots and customer spam reports. The system identifies and blocks more than 99 percent of the spam campaigns, according to Lund.
Tony Wingo and Kevin Lund, software engineers who work on Google's Postini e-mail security team
(Credit: Elinor Mills/CNET News)"We're rolling out little corks to plug the dikes," as part of a quick filtration process, then adding the data to the database for re-calibration, Lund said.
To block fresh spam attacks not covered by existing heuristic technologies and viruses not covered by existing signature databases Postini relies on proprietary Zero-Hour technology to identify new outbreaks that show up in the traffic patterns and quarantine them for later rescanning.
Customers can also create and build out their own white lists of message senders they trust and blacklist others they don't trust. It takes an average of 150 milliseconds for a message to be scanned by the antivirus engines that Postini licenses from McAfee and Authentium.
I asked Lund whether the problem of spam has been solved to satisfaction.
"If you can't bear to get a spam a day, then it's still a problem. It depends on your tolerance level," he said. "It's still a resource drain. You have to pay someone to get your e-mail workable. It takes money and resources to keep spam at bay."
Personally, I get maybe one spam message in my personal Gmail account every two weeks or so, which is tolerable, but I end up removing dozens of spam messages each day from my Outlook inbox at work, which is not tolerable.
"We take (spam) seriously, but we're not on some crusade," Lund said.
Lund, the technologist, would appear to be more laid back about the anti-spam mission than Scott Petry, who founded Postini in 1999 and now leads the group as a product management director at Google. During an interview, Petry animatedly drew a diagram on a whiteboard to illustrate how spam directly impacts a company's bottom line.
Basically, good protection can't mask the fact that spam volumes are rising as spammers continue to take advantage of economies of scale and are able to send exponentially more spam to more targets at virtually no additional cost.
Spam was a mere annoyance in e-mail's early years in the early 1990s. The tipping point for the industry hit in 2002 when spam reached 40 percent to 50 percent of all messages. Estimates now put it as high as 90 percent of all e-mail, with virus-related messages ranging from 15 percent to 50 percent of the total, according to Postini.
To keep up with the rising spam tide, companies are forced to buy more hardware to handle the increased storage and bandwidth consumption. As spam volumes rise and fall, companies can find themselves lacking capacity or with an excess, a waste of money and resources that could be directed elsewhere. Then there's the loss of productivity from end users wasting precious time having to clean junk out of their in boxes; not a negligible factor based on my own Outlook experiences.
Spam volumes were at a peak in November before the McColo ISP was shut down, prompting an estimated 70 percent drop in spam volumes practically overnight. Within about four months, the spam spigot was flowing as heavy as before as spammers found new hosters for their operations.
With Postini's subscription model ($12 or $25 per user per year depending on the type of service), companies don't have to plan ahead and wrestle with spam volatility; they let Google do it for them just like people pay a fee for Internet access or cable service.
Folded into Google, Postini is attracting bigger customers in more areas of the world, and in particular, is looking to leverage Google's sales channel and infrastructure to expand in Asia Pacific and Latin America, Petry said.
Q2 spam rises
The latest report from Postini on spam trends shows that despite law enforcement efforts to shut down spammers--like Sigourney Weaver blasting away the tenacious alien parasite in "Alien"--they just keep coming back.
In June, the FTC shut down an ISP called Pricewert, or 3FN, for hosting spam and botnets. Volumes dropped 30 percent immediately, but have since climbed back up 14 percent, according to Postini's second-quarter spam trends report due out on Wednesday.
Overall, the second-quarter spam levels are 53 percent higher than in the first quarter and six percent higher than the same quarter a year ago.
This graph show the rise in spam volumes over the past four years. Note relatively fast rise in the months following the November drop precipitated by the shutdown of the McColo ISP.
(Credit: Google)Postini found that one attack alone, on June 18, unleashed 50 percent of a typical day's spam volume in just two hours. The attack featured an e-mail that looked like a legitimate newsletter from CNN but which had malicious links and images in it, said Amanda Kleha, a product marketing manager at Google. Postini's filters detected more than 11,000 variants of that spam during the attack, which enabled spoofing of the "from" field so that distribution lists were hit especially hard.
Spammers seem to be resurrecting old techniques, according to Postini's report. For instance, there was a rise during the quarter in image spam, basically advertisements with an image that can include malicious links and which are large in size. Postini also detected a resurgence in payload viruses, or e-mails with attachments containing viruses. Volumes of those types of messages rose to their highest level in nearly two years as spammers continued efforts to grow their botnets.
Meanwhile, spammers are still trying to exploit the public's interest in current events, such as using spam with subject lines and content related to the death of Michael Jackson.
Last year, Postini detected a huge bump in the amount of spam, possibly reflecting successful efforts to create armies of spam-sending compromised PCs that form botnets, Kleha speculated.
Google's global reach and its reliance on metrics and automation help provide its Postini unit with firepower and counter-attack capabilities to limit the number of spam-related casualties.
"At Google we can take advantage of the network effects with the traffic and interaction in the system," Lund said. "We can spot broader patterns" and use machine learning.
Spam made up 90.4 percent of all e-mail traffic in June, with botnets accounting for the vast majority of those unsolicited messages, according to a new report from Symantec's MessageLabs.
Spam sent out from botnets, or networks of zombie PCs, made up 83.2 percent of unsolicited e-mail messages this month, MessageLabs said Tuesday in a statement. In May, 57.6 percent of spam was sent from known botnets, with Donbot responsible for 18.2 percent of these messages.
According to the messaging security company, the biggest botnet currently is Cutwail, which has doubled in size and output per bot since March. At its peak, Cutwail had an army of 1.5 million to 2 million active bots, but the shutdown of Californian ISP Pricewert earlier this month led to several hours of downtime for the botnet.
Cutwail, however, bounced back within hours, noted MessageLabs. It currently has an output of around one-third of its original capacity. Other major botnets include Rustock, Grum, Donbot, Bagle, Xarvester, Mega-D, Gheg, Asprox, and Darkmailer.
Also in June, there were an average of 1,919 new Web sites per day harboring malware and other potentially unwanted programs including spyware and adware. This represented an increase of 67 percent over May.
Over half, or 58.8 percent, of all Web-based malware that MessageLabs intercepted during the month was new, a month-on-month increase of 24.6 percent.
Data from MessageLabs also shows that more hyperlinks in instant messaging conversations are stepping stones to "instant malware."
In June, 1 in 78 hyperlinks found in instant messages linked to Web sites hosting malicious content, compared with 1 in 200 at the end of 2008. The hidden malware typically tries to perform a drive-by attack on a vulnerable Web browser or browser plug-in, said the company.
One in 80 IM users, predicted MessageLabs, may receive a malicious instant message each month.
Vivian Yeo of ZDNet Asia reported from Singapore.
Richard Stallman, speaking at MIT in 2006.
(Credit: CNET)GNU project founder Richard Stallman has called on developers to pull back from Mono, arguing that increasing use of the open-source toolset could prompt legal action by Microsoft.
Mono is a .Net-compatible set of tools designed to allow applications based on Microsoft's C# programming language to run on platforms including Linux, BSD, Unix, Mac OS X, and Solaris. A number of popular open-source applications, such as the note application Tomboy and the photo manager F-Spot, depend on Mono to run. As a result, Linux distributions such as Debian have said they are considering including Mono in the operating system's default install.
But this is a "risky direction," Stallman wrote in an article published by the Free Software Foundation on Friday.
"It is dangerous to depend on C#, so we need to discourage its use," he wrote. "The danger is that Microsoft is probably planning to force all free C# implementations underground someday using software patents. This is a serious danger, and only fools would ignore it until the day it actually happens. We need to take precautions now to protect ourselves from this future danger."
Stallman said writing and using applications that depend on C# is "a gratuitous risk," and called on developers to write alternative applications that do not depend on C#.
"We should systematically arrange to depend on the free C# implementations as little as possible," he wrote.
Microsoft did not respond to a request for comment on Monday.
Stallman's article is part of an ongoing controversy around Mono, an open-source project sponsored by Novell. Some, such as Stallman, have argued that Mono presents a legal risk for the open source community, while others have downplayed this risk.
Mono project founder Miguel de Icaza said in a 2006 blog post that developers intended to continue following policies designed to minimize the risk of any legal threat from Microsoft.
For example, the Mono project includes a Microsoft compatibility stack that implements proprietary Microsoft technologies such as ADO.NET, ASP.NET and Windows.Forms, but this code is kept separate from the main Mono stack, de Icaza said.
"We will... continue to keep the Microsoft and Mono stacks separated, as there is no need to add dependencies between them," de Icaza wrote.
Stallman said that his Friday article was inspired by the possibility that the popular Debian Linux distribution might include Mono by default. Debian developers have said in recent weeks that the distribution may include Mono by default simply because it is necessary for certain high-quality applications, such as Tomboy and F-Spot.
"As long as Tomboy and F-Spot are best-of-breed, they should be included--and with that, whichever libraries they happen to use," wrote Debian developer Jo Shields in a blog post earlier this month. "Mono is not a threat."
Correction, July 1, 5:04 a.m. PDT: This story has been edited to clarify Miguel de Icaza's position on Mono and the risk of patent infringement.
Matthew Broersma of ZDNet UK reported from London.
China has indefinitely delayed enforcement of a requirement that PC makers preinstall Green Dam-Youth Escort software that experts believe would have screened not just Internet pornography but also some online political content.
Green Dam allows users to specify categories of sites to block.
(Credit: University of Michigan)The reprieve, announced by China's Ministry of Industry and Information Technology, according to reports in The New York Times and the Associated Press, came just one day before the preinstallation rule was to go into effect.
But thus far the reprieve appears temporary: the ministry said the delay will give computer makers more time to comply with the rule, and the government also will continue to equip school and cybercafe computers with the software, according to the New York Times report.
Experts have warned that the Green Dam software poses security risks, and last week, the U.S. Trade Representative protested that Green Dam violates World Trade Organization rules
PC makers had been cagey about their plans to comply with the rule to install the software. Technical and other objections must be weighed against business concerns, and China is a large and growing market. Companies that deal directly with Internet content have been in the hot seat for years, and Google has had to wrestle with new Chinese censorship requirements this month.
The Pirate Bay, a file-sharing site entangled in a court case over pirated music, will be bought by a Swedish software company.
Global Gaming Factory X (GGF) announced the deal Tuesday. The company, which provides digital distribution tools for Internet cafes, will buy The Pirate Bay for cash and shares amounting to $7.76 million. The acquisition is expected to be completed in August.
The Pirate Bay, a BitTorrent tracking site, is involved in a legal battle with major copyright holders, including Warner Brothers, MGM, and Columbia Pictures. In April, the Web site's founders were convicted by a Swedish court of copyright infringement, ordered to pay nearly $4 million, and sentenced to a year in jail. The defendants appealed the decision and were denied a retrial last week.
Hans Pandeya, chief executive of GGF, said in a statement that his company is looking for a business model that will pay copyright holders for content downloaded from The Pirate Bay.
"The Pirate Bay is a site that is among the top 100 most visited Internet sites in the world," said Pandeya. "However, in order to live on, The Pirate Bay requires a new business model, which satisfies the requirements and needs of all parties, content providers, broadband operators, end users, and the judiciary. Content creators and providers need to control their content and get paid for it. File sharers need faster downloads and better quality."
Also, GGF said Monday that it will acquire Peerialism, a peer-to-peer distribution and storage software company, for cash and shares equivalent to $12.9 million. Peerialism's technology will be incorporated into Pirate Bay's site.
"Peerialism has developed a new data-distribution technology which now can be introduced on the best known file-sharing site, The Pirate Bay," Peerialism Chief Executive Johan Ljungberg said in a statement. "Since the technology is compatible with the existing (technology), it will quickly allow for new values to be created for all key stakeholders and facilitate new business opportunities."
A blog post on the Pirate Bay site said that the organization was being sold for a "great bit underneath its value" to ensure it went to "the right people with the right attitude." The four Pirate Bay founders will be kept on as staff in different capacities. They said that they will still have some input into running the site and that users should not expect radical changes.
"If the new owners will screw around with the site, nobody will keep using it," the founders said the blog post. "That's the biggest insurance one can have that the site will be run in the way that we all want to."
Despite the apparent influx of cash, Pirate Bay co-founder and spokesman Peter Sunde told Swedish Radio, SR, that it won't be used to pay their fine.
"We are not getting the money, so we cannot pay any fine," he said.
Tom Espiner of ZDNet UK reported from London. CNET News intern Erik Palm contributed to this report.
Correction at 8:45 a.m. PDT: The purchase price for Peerialism has been fixed.
