The Download Blog

Amid promises to "reinvent the Web," the browser Opera debuted a new beta feature earlier this year called Unite that has been deemed stable enough to offer to all users. Opera's own hype aside, the Unite service provides people with the capability to serve files, host and stream music, and send messages to each other from inside the browser itself--a feature that is unique among the big five browsers. Opera 10.10 is available for Windows, Mac, and Linux.

Much like Opera's built-in e-mail client, Unite is basically a cloud-based, customizable server that includes multiple services, but its open API allows you to write and share your own services. The initial offering includes the default Unite Home, which is the Opera Unite Web page that is given to each user, a media player for creating your own publicly available music stream, the "fridge" for a Facebook-style message wall, an instant messenger with a public/private toggle, a photo sharing app, and file serving and Web hosting capabilities.

Besides including Unite, Opera 10.10 also includes an array of bug fixes, mostly aimed at smoothing out the Unite experience, tweaking mail, news, and chat features, and fixing three security problems. Two are relatively minor, one concerning an error message leak and the other a buffer overflow. The third error Opera is refusing to disclose at this time, but stated that it was discovered by the Google Security Team's Chris Evans. The full changelog for Opera 10.10 is available.

As I've tested Unite over the past few months, it's generally been a stable experience, with a few hiccups to be expected by the beta. However, it hasn't exactly set the browsing world on fire, either, and its target audience is still hard to define. Do you have an opinion on Unite? Let me know in the comments.

Retailers aren't the only ones gearing up for the holiday season. Criminals are also out in force.

To highlight the increased crime during the holidays, security company McAfee has come up with the "12 Scams of Christmas" ranging from bogus electronic greeting cards that deliver malware instead of cheer to fake charities that steal your money and your identity.

It's especially important to be extra careful this time of year, says McAfee's David Marcus. "The bad guys know people are spending more time online, they're paying more bills online so [the criminals] stand a chance of being a bit more successful this time of year.

In a podcast interview (scroll down to listen), Marcus counted down the 12 scams of Christmas starting with:

1. Charitable phishing scams: Marcus warns consumers to be wary of e-mails that appear to be from legitimate charities. Not only will they take your money and deprive charities of needed funds, but they will also steal your credit card information and identity.


2. Fake invoices from delivery services: During this period, scammers will send out fake invoices and delivery notifications appearing to come from Federal Express, UPS, the U.S. Postal Service or even the U.S. Customs Service saying that they were unable to deliver a package to your address. They ask you to confirm your address and give them credit card information to pay for delivery.


3. Social networking friend requests: Bad guys take advantage of this social time of year by sending out authentic looking friend requests via e-mail. Marcus recommends that you not click on those links but sign into Facebook and other services and look for friend requests from the site itself. Clicking on a link could install malware on your computer or trick you into revealing your password.


4. Holiday e-cards: Be careful before clicking on a holiday e-card, especially if it's from a site you haven't heard of. This is a way to deliver malware, pop-ups, and other forms of unwanted advertising. Some fake e-cards will look like they come from Hallmark or other legitimate companies, so pay close attention and make sure it's from someone you know. If you're going to send an e-card, be sure you're dealing with a reputable service lest you risk infecting yourself and your friends.


5. Fake "luxury" jewelry: If you see an offer for luxury gifts from companies like Cartier, Gucci, and Tag Heuer at a price that's too good to be true, it probably isn't true. These links could lead you to malware and take your money or merchandise that will probably never arrive (or be fake if it does). Some of these sites, according to McAfee, even display the logos of the Better Business Bureau.


6. Practice safe holiday shopping. Make sure your wireless network is secure and be sure you're shopping on sites that are secure. Though it isn't an iron clad guarantee, you should look for the lock icon in the lower right corner of your browser and make sure the Web page starts with https. The "s" stands for "secure."


7. Christmas carol lyrics can be dangerous: Bad guys know that people are searching for holiday related sites for music, holiday graphics, and other festive media. During this time, they create fraudulent holiday related sites.


8. Job search related scams: With the unemployment rate at 10.2 percent, there are plenty of job seekers looking for work. Beware of online offers for high paying jobs or at-home money making schemes. Some of these sites ask for money up front, which is a good way for criminals not only to steal your "set up fee" but misuse your credit card too. Marcus said that some "get rich quick" sites are all about money laundering, asking you to accept an inbound financial transfer and pay them.


9. Auction site fraud: McAfee has observed a rise in fake auction sites during the holidays. Make sure you're actually going to eBay or whatever site you plan to deal with.


10. Password stealing scams: Criminals use low-cost tools to uncover passwords, in some cases planting key logger software to record keystrokes. Once they get your passwords, they gain access to bank accounts and credit card accounts and send spam from your e-mail accounts.


11. E-mail banking scams: A common type of phishing scam is sending out official looking e-mails that appear to come from your bank. Don't click on any links but type in your bank's Web address manually if you need to access your account.


12. Files for ransom: Hackers use malware to gain control of your computer and lock your data files. To access your own data you have to pay them ransom.

Listen to Larry's interview with McAfee's David Marcus

Listen now: Download today's podcast

Firefox has a CPU usage issue and, consequently, can cause overheating problems in some laptops, particularly ultraportables. That's what I've found over the last couple of years.

But don't take my word for it. This is documented on a Mozilla support page entitled "Firefox consumes a lot of CPU resources." The page states: "At times, Firefox may require significant CPU [central processing unit] resources in order to download, process, and display Web content." And forum postings like this one about a Dell Netbook are not uncommon: "Mini9 would get way too hot."

The Mozilla support page goes on to say that "you can review and monitor CPU usage through specific tools" and describes ways to limit CPU usage, such as: "A Firefox add-on, called Flashblock, allows you to selectively enable and disable Flash content on Web sites."

Let me describe my experience. I find that tab for tab, Firefox uses decidedly more resources than other browsers--Safari, for example. And in the past (when I was actively using a Windows Vista-based machine) Firefox also compared unfavorably with Microsoft's Internet Explorer for CPU usage.

More specifically, here's the behavior as I see it. When I'm accessing sites with multimedia content such as the CNET front door, Firefox CPU usage will bounce around between 30 and 60 percent, and sometimes spike higher (80 percent and above), as indicated by the Mac OS 10.6.2 Activity Monitor.

On the other hand, the Safari CPU usage with the same pages open is much lower--typically between 2 percent and 10 percent.

My theory is that most users don't notice this because in mainstream laptops, this isn't an issue. But it can become an issue in ultraportables--typically under an inch thick--which are more sensitive to heat because of the design constraints. The ultrathin Apple MacBook Air, which I use as my main machine, is a good example.

The fan is usually an audible indicator of CPU usage issues. When I'm using Firefox and I have tabs open on multimedia-rich sites (which is par for the course these days), the Air's fan will almost invariably kick on and stay on until I close the tabs. As I write this, the fan has finally shut down after I closed the Firefox tabs (e.g, CNET front door). Those same tabs in Safari are still open and not causing any significant spike in CPU usage or fan activity.

When I contacted Mozilla, a technical support person guessed that Safari is possibly better at optimizing Flash-based sites compared to Firefox. And that may be true. However, I had similar issues before when I was using a Hewlett-Packard business ultraportable (also very thin like the Air) that were not necessarily tied to Flash usage. In short, Firefox was less efficient with CPU usage compared to Microsoft's IE 8. And the behavior was similar. The HP laptop would quickly heat up and the fan would kick on.

Finally, let me reemphasize that I'm guessing that most users don't notice this because heat dissipation is not a big issue for mainstream laptops that are not necessarily thermally-challenged when accessing multimedia-rich Web pages. That said, this has been a steady problem for me because I use ultraportables almost exclusively and has forced me to limit my use of Firefox.

(Credit: CNET)

With more than 100,000 apps in the iTunes App Store and huge success around the world with the iPhone, it would appear Apple has done just about everything right with the launch of its first mobile handset. But as any iPhone app developers will tell you, the app approval process is less than ideal, with some developers waiting well beyond Apple's 14-day waiting period and sometimes longer to get their apps approved. Though Apple has stated it is working on the app approval process, there has been little in the way of progress if you ask iPhone app developers.

Recently, Apple added an automated system for weeding out developers who use Apple's private APIs, a process that may be part of a larger plan to cut down on some of the wait time. Unfortunately, developers are still struggling to get their apps to the iTunes store, finding out at the end of the 14-day waiting period that it was the automated system that turned them down. Hopefully, as more time passes, Apple will be able to figure out a way to make the process more efficient while still being able to provide high-quality and secure apps for everyone. Happy iPhone app developers mean more and better apps, so it's in all of our best interests for Apple to make the process better.

This week's apps include a new (to iPhone) multiservice chat client and a stunt-racing game with beautiful 3D graphics.

Use the tabs at the top to switch conversations

(Credit: Screenshot by Jason Parker/CNET)

Trillian ($4.99) is a popular multiservice chat client on Windows machines that you can now use on your iPhone. Multiservice chat clients are ideal for those who have accounts across several services like Yahoo, Google, ICQ/AIM, and MSN, and want to use just one client to access them all. The interface is fairly intuitive, letting you add your user names and passwords for each service, and then letting you log on to all or specific services with only a few taps on your touch screen. Trillian does not support landscape mode for typing yet, but the developers say it is coming soon.

Once you're logged in, the Trillian interface looks a lot like it does in the Windows client, complete with your buddies' avatars, contact categories (friends, coworkers, etc.), and color-coded icons to indicate which service your friends are using. The way Trillian handles multiple chat sessions on the iPhone client is excellent, with a touch-scrollable tabbed interface, making it easy to switch conversations quickly. Also especially useful (and clever) is the push notification system, that sends you the first message of a chain so you know someone is trying to reach you, but doesn't send a huge list of messages when you don't want them. At this time, you can only stay logged-in (with the app suspended) for a maximum of 24 hours, but the folks at Trillian say it will be lengthened to seven days in future updates. Though the price is a little steep in my opinion, Trillian is a high-quality chat client that will appeal to those who use multiple services.

The screenshot doesn't do it justice, but this game looks and plays great

(Credit: Screenshot by Jason Parker/CNET)

Jet Car Stunts is a stunt-racing game that runs surprisingly smoothly on first gen iPhones on up to the 3GS. Beyond the beautiful graphics, the driving control system is excellent, using the accelerometer for steering and onscreen controls for gas and brakes. What makes the game unique from other racing games are the controls for your rocket boost to complete big jumps, and the braking system that works both on the ground and in the air.

You can choose from two different game types including Time Trial and Platforming. In Time Trial, you race five laps around a track with corkscrew twists, tight turns, and huge jumps, to qualify for bronze-, silver-, or gold-medal times. Platforming has no time limit, but instead records the number of tries it takes you to complete difficult tracks--and they get very difficult in both game types. Time Trial has three skill levels, with four tracks to complete in each to move on the next skill level. Platforming has five difficulty levels, with five tracks in each to pass before moving on. Overall, Jet Car Stunts is one of the more unique racing games and features excellent graphics, extremely smooth controls, and plenty of replay value, with increasingly challenging tracks. I've had the game for a week and I still can't get over both how good it looks and how smooth it plays.

What's your favorite iPhone app? Were you waiting for a big-name multiservice chat client like Trillian before spending your money? Is Jet Car Stunts hard or am I just not good enough? Let me know in the comments!

When we hear "update" and "Google Earth" in the same sentence, we're used to groundbreaking additions to Google's high-powered, interactive, and ever-expanding desktop globe. In Google Earth 5, that's meant tools to explore the oceans, sky, and Earth's ruddy neighboring planet.

But Google Earth 5.1 for Windows and Mac is a mere tremor. In fact, if you've been playing around with Google Earth 5.1 beta, only Mac users should notice a change--that the Google Earth browser plug-in comes bundled in the download.

Still, the minor update should still be noticeable for those making the switch from Google Earth 5. Google has made some changes under the hood to improve speed and performance. Using compression technology to make images load faster, and improving the other ways that the app handles graphics, Google claims that Earth now loads 25 percent faster and soars the globe in smoother motions.

In addition, both Mac and Windows versions of Google Earth 5.1 pack in the browser plug-in, so you can explore Google Earth from the browser--Firefox and Safari for Mac users; Chrome, Safari, Firefox, Internet Explorer for Windows. Before, you needed to install the plug-ins separately. The move to drop the beta from Google Earth 5.1 comes just two days after Google released Google Earth for iPhone 2.0.

Internet Explorer 8, Firefox 3, Google Chrome 4, Apple's Safari 4, and Opera 10 include features that block sites known to host malware and malicious downloads. All but Opera also let you browse without leaving any tracks. But just as important as these protections is ensuring that whichever browser you use is thoroughly patched.

Filtering out bad sites
Firefox's built-in antiphishing tool claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page. Firefox 3 uses Google's Safe Browsing service to automatically block sites that are known to host malware. The Google Code site describes how Safe Browsing works in Firefox.

To verify that attack-site blocking is enabled in Firefox, click Tools > Options > Security and make sure "Block reported attack sites" is checked.

Firefox will prevent known-bad sites from opening when "Block reported attack sites" is checked.

(Credit: Mozilla Foundation)

The same feature is built into Google's own Chrome browser. You can ensure that malware-site filtering is on in Chrome by clicking the wrench icon in the top-right corner, choosing Options, and selecting Under the Hood. "Enable phishing and malware filtering" should be checked. The Google Chrome Help site describes the feature. (Hint: This page looks very similar to the description on the Google Code site.)

Google's Chrome browser blocks known-bad sites when "Enable phishing and malware protection" is checked.

(Credit: Google)

The SmartScreen technology in version 8 of Internet Explorer blocks known-malicious downloads as well as bad URLs. Other new security features in IE 8 include automatic blocking of click-jacking and cross-site scripting attacks, automatic crash recovery, and highlighting of the actual domain name in the address bar. The Microsoft Security site describes the SmartScreen Filter and includes links to a SmartScreen FAQ and information for site managers.

Apple's Safari browser added phishing and malware blocking in version 3.2, which was released in late 2008; read about this and other security features in Safari 4 on the Apple Safari site. Likewise, Opera's Fraud Protection predates the phishing and malware filters in IE and Firefox and is enhanced in the latest version 10. But attack-site blocking is only one of Opera's many security features, which you can read about on the Opera site.

Browsing in private
To activate private browsing in Firefox 3, click Tools > Start Private Browsing, or simply press Ctrl-Shift-P. You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy and check "Automatically start Firefox in a private browsing session." The Mozilla support site provides more information about this feature. Likewise, put IE 8 in private-browsing mode by clicking Safety > InPrivate Browsing, or by pressing Ctrl-Shift-P. You can also open a new tab and click either Browse with InPrivate or Open an InPrivate Window.

IE 8 also lets you control the information about your browsing habits that's shared with Web tracking services. To activate this feature, click Tools > InPrivate Filtering Settings and choose "Let me choose which providers receive my information." This opens the InPrivate Filtering settings dialog, where you can turn filtering off, choose which services to block from tracking you, or automatically block all trackers.

Internet Explorer 8's InPrivate Filtering lets you block some or all Web tracking services.

(Credit: Microsoft)

You can open an incognito window in Google Chrome by clicking the wrench icon in the top-right corner and choosing "New incognito window," or simply press Ctrl-Shift-N. The incognito icon (a shadow figure in a fedora and glasses) appears in the top-left corner of the browser window. The Chrome support site offers a more detailed description of this feature.

Opera lacks an equivalent private-browsing capability but does offer private searching and other identity-blocking features, as described on the Opera site. To activate private browsing in Safari, simply click Safari Settings Menu > Private Browsing.

Automatic and not-so-automatic browser updates
Patching is a way of life with nearly all software, but especially with browsers and the media players associated with them: Adobe Reader, the Flash Player, Apple's QuickTime, and Sun's Java, among others. All of a browser's security features can be rendered useless by a piece of malware that takes advantage of an unpatched hole in the program.

Firefox 3 alerts users to the presence of an update and now also notifies you when your Flash Player is out-of-date. Internet Explorer 8 updates via the Windows Update/Microsoft Update services. Google Chrome made a splash by being the first browser to update itself in the background without requiring any prompting from users. Safari updates automatically via Apple's update service, which also serves up patches automatically for QuickTime, iTunes, and other Apple software. Opera also notifies you automatically when a new version is available.

But updating is too important to leave to others. Back in April, I described Secunia's Online Software Inspector and downloadable Personal Software Inspector, which identify out-of-date programs on your PC. The programs mentioned in that post have all been updated since, but Secunia's services should point you to the most recent versions.

(Note that Secunia sometimes reports a program as being out-of-date when in fact you have the latest version. On my PC, it continually reports my up-to-date Flash Player as being in need of an update, for example. But the free service Secunia provides is worth putting up with this and similar minor annoyances.)

Over the weekend, I accidentally deleted all of my MP3s. Using SHIFT+Del, I wiped them from my hard drive without stopping at Go or the Recycle Bin. After running to go get the dunce cap, my initial reaction was to pull out the iPod and copy them back over. In some ways it would be the easiest solution, but it wasn't the most elegant. Wouldn't it be easier if I could just restore all those files to their original locations?

Recuva, from the makers of CCleaner, scans your drive for files you've deleted or damaged and restores them. It's not perfect, but for a free recovery program--a category noted for its lack of freeware--Recuva is both easy to use and effective. It's pronounced "recover," according to the publisher's Web site.

How to use Recuva

As you can see in the screenshots, the interface is more or less a spreadsheet layout with buttons at the top. The real work gets done by the recovery wizard, which starts when you launch the program. You can opt out of it, and change the settings so that it doesn't launch the next time you run it, but the wizard's steps are clear and worth using to streamline data recovery. Closing the wizard will take you directly to the advanced features.

The wizard first asks you what kind of files you're looking to recover, divided into file type categories. There's Pictures, Music, Documents, Video, Emails, and Other, which is really All Types. The next step in the wizard is to identify where the files were located. You can tell it to search everywhere using the I'm Not Sure option, or limit it to any removable memory including USB keys, iPods, and memory cards, in the My Documents folder and subfolders, or in the Recycle Bin. You can also restrain Recuva to one specific folder.

Scanning is a bear of a process, and the predicted duration of the recovery scan was off by about 10 minutes during my situation. The bottom line is that if you're trying to restore a large chunk of data--say, more than 1GB--you're looking at a long coffee break.

Once it's done, Recuva will dump out a list of files and their original locations, their timestamps, and other data. Switching to Advanced mode will provide more detailed information on each file, including a preview if available. It will also show all of the file data in one field that is copyable, and the file's header data.

Recuva is effective, but not all the time.

(Credit: Screenshot by Seth Rosenblatt/CNET)

In the Options menu, you can toggle useful features such as changing the viewing mode from list to tree or thumbnails, outputting your settings to an INI file, and adjust the secure overwriting setting from the simple one pass to the Gutmann standard of 35 passes. Several of the options, such as rescuing damaged files, restoring the original folder structure, or setting the scan permanently to be a deep scan, seem as if they should be set as defaults because they're that useful to data restoration, but they're not.

Recuva lacks an output screen, which would be useful in comparing which files were successfully restored against those that weren't, but because the program is free and effective, it's a flaw that's easily overlooked.

If you have a favorite deleted data restoration program, tell me about it in the comments.

With Internet Explorer 9, Microsoft showed Wednesday it's trying to retake the browser initiative.

IE remains the Net's dominant browser. But perversely, it became something of a technology underdog after Microsoft vanquished Netscape in the browser wars of the 1990s and scaled back its browser effort.

That left an opportunity for rivals to blossom--most notably Firefox, which now is used by a quarter of Web surfers, but also Apple's Safari, which now runs on Windows as well as Mac OS X, and Google's Chrome, which aims to make the Web faster and a better foundation for applications.

Microsoft has been pouring resources back into the IE effort, though, and at its Professional Developers Conference in Los Angeles, some fruits of that labor were on display. In particular, Windows unit president Steven Sinofsky showed off IE 9's new hardware-accelerated text and graphics.

The acceleration feature takes advantage of hitherto untapped computing power in a way that's more useful than other browser-boosting technology--Google's Native Client to directly employ PC's processor and Mozilla's WebGL for accelerated 3D graphics, for example--according to Dean Hachamovitch, general manager of Internet Explorer.

"This is a direct improvement to everybody's usage of the Web on a daily basis," Hachamovitch said in an interview after Sinofsky's speech. "Web developers are doing what they did before, only now they can tap directly into a PC's graphics hardware to make their text work better and graphics work better."

The Microsoft Office 2010 beta was released Wednesday, and though there aren't many major changes from the Technical Preview from July, there are some new features and enhancements worthy of note. This post will focus on the changes to the beta, but if you want a larger overview of new features across all the applications, check out our rundown of the Microsoft Office 2010 Technical Preview.

Outlook is the cornerstone of many companies' communications and daily schedules, and as such received a lot of enhancements in Office 2010. In the beta version, Microsoft has added even more ways to connect with coworkers and contacts. The new Outlook Social Connector is an added information pane that gives you more info about everyday contacts. Once set up, you'll be able to view pictures of contacts (even in large cc lists), previous conversations, attachments shared, meetings attended, and much more. Though not complete in the beta, Microsoft says the Outlook Social Connector will soon be able to connect with social Web sites like Facebook and Twitter, so you can follow status updates and more all in one location.

The Office 2010 Technical Preview introduced the Back Stage view, an enhanced File menu (accessed from the Office Icon tab) that lets you manage your documents, set permissions, and share your projects with colleagues. In the beta version Microsoft has decided to return to calling it the File menu, but with all the functionality and flexibility of Back Stage. They also have made it possible to access all the other tabs in the Ribbon, which were previously inaccessible in the Technical Preview, so you can get to the information you want quickly without the added step of exiting Back Stage.