The Download Blog

Sometimes it's the little things that count.

The most prominent feature of Firefox 3.6 is Personas, which let you reskin the browser with thousands of different looks. But my single favorite change is a subtler change to the open-source browser's user interface.

Specifically, when you open a link in a new tab, it appears immediately to the right of the active tab. Before, the new tabs would appear to the far right of the strip of tabs.

Yup, that's it. For those of us who spend hours a day in a browser, though, the new tab behavior helps group related tasks together. I constantly shuffle among dozens of tabs, and the new approach automatically brings some organization to my cluttered life.

However, I know it's not everybody's favorite browser behavior. So along with explaining why I like it, I'll also take some potshots and share instructions on how to get the old way back.

Why it's better
The more things I do with a browser--and the number has increased steadily for years now--the more important it becomes to be able to find different tasks amid the chaos. Microsoft and Apple understand this, as evidenced by the new taskbar features in Windows 7 and dock expose in Mac OS X 10.6, aka Snow Leopard. Those features make it easier to pluck out the one window you need from among the many you may have open.

There's a pattern to how I spawn the dozens of tabs I use as a day progresses. On a variety of pages--Gmail, Google Reader, Yahoo Finance, somebody's blog post--I'll encounter a host of links to other pages. I'll middle-click my mouse button to open interesting pages as background tabs, then use Ctrl-Tab to switch to the new pages when I'm ready. I repeat this pattern many times a day.

With the old behavior, each tab appeared to the far right of the tab strip. That's fine when getting started, but when I've moved halfway across the list and want to open another batch, I want the new ones--call them children--to open next to their parent tab. When I go away and come back, or when I lose place juggling tasks, it's easier to find my bearings again.

It's like being in a library. When you're in the European history section, you don't want to find books on rewiring your house and on vegetarian cooking.

As a longtime Firefox user, I didn't realize tab positioning could be better. When I started using Google's Chrome, which introduced the new tab behavior to me, the scales were lifted from my eyes. I immediately could get to the next tab with a quick press of Ctrl-Tab on the keyboard rather than have to use the mouse to click over to the far end of the list. I use both browsers daily, but until the Firefox 3.6 beta arrived, the new-tab position had become a sore point for me when in Firefox.

The change is actually a big deal in a couple ways. First, even seemingly minor changes in software can be disruptive. Old habits die hard, and computer users wrestling with constant change can get angry when more is foisted upon them.

Second, though, browsers are assuming an ever greater role in what people do in their personal and professional lives, and keeping one's bearings is commensurately important. That's especially true for those people for whom a gaggle of browser tabs represents a collection of chores going on in parallel.

Internet Explorer 8 categorizes related tabs by color.

(Credit: Screenshot by Stephen Shankland/CNET)

How the competition handles it
Tabs are now universal among browsers, but new-tab behavior isn't. Firefox and Chrome handle it the way I like best, but how do others tackle the issue?

First, let's look at Internet Explorer 8. Microsoft showed it understands some of the challenges of tab management in its latest version of its browser by coloring child tabs the same hue as their parents, but I have a gripe with how it works. Specifically, although child tabs get the same color as their parents for easy grouping and arrive to the right, grandchild tabs are the same color as child tabs. Similarly, grandchild tabs appear to the far right of the whole group of child tabs.

In my mind, I consider grandchild tabs a separate group from the child tabs. But with IE, grandchildren get the same color and position treatment as children. The only way to get a new color is to start a fresh empty tab There's no easy way to give grandchildren a new color without causing some confusion, though--should the child be the same color as the original parent or change color to be grouped with the grandchildren?

Next is Opera, which gives users a choice. By default, it opens new tabs to the far right, which I don't like, but in the Advanced|Tabs section of the preferences dialog box, you can check "Open new tab next to active." Huzzah!

There's a subtle change here I don't care for, though. Tabs always appear immediately to the right of the active tab. I'd rather have all one tab's children appear in sequence to the right. For example, if a parent tab is in position 1, then the first child would be in position 2, the second in position 3, and the third in position 4. Opening three child tabs in Opera leaves the parent in position 1, the third child in position 2, the second child in position 3, and the first child in position 4.

Last, there's Safari. It does it the old way I loathe with no option to change. Too bad.

Firefox can show thumbnail previews of new tabs, but I find them hard to recognize in front of busy Web pages.

(Credit: Screenshot by Stephen Shankland/CNET)

Why it's not enough
Most browser makers are excited about the fact that their software is subsuming more and more computing tasks that previously ran on computer operating systems. But as browsers inherit this central importance, they also inherit some of the hassles.

The new tab positioning behavior in Firefox is a step in the right direction, but there's more that needs to be done. Moving from one tab to a related adjacent one, whether through a keyboard command or mouse clicking, is a minor change. But things get harder when you need to switch from one group of tabs to the next.

There's work under way here. Opera is perhaps the leader with the ability to show thumbnails as you use Ctrl-Tab to cycle your list of open tabs.

Firefox has been noodling with the approach too. It tried then dropped tab thumbnail previews earlier, but the technology is still present. Using the about:config system for tweaking the browser (more on this later), you can change the "browser.ctrlTab.previews" setting to "true."

But for reasons that aren't clear to me, I don't find this effective either in Firefox or Opera. Perhaps I haven't used it enough, or the thumbnails are too small to be immediately recognizable, or they're just hard to see against the noisy background. There's a good reason that Apple dims the background most of the way to black when using Expose.

Aero Peek in Windows 7 lets the task bar show a glimpse of Firefox and IE tabs.

(Credit: Screenshot by Seth Rosenblatt/CNET)

Windows itself is helping, too. The new taskbar in Windows 7 can show individual tabs, once browsers support the feature. It's in Internet Explorer 8, and it's in the new Firefox 3.6 beta.

Add-ons such as Firefox Showcase can further tweak Firefox. (Indeed, for a wealth of options, check Mashable's handy Firefox tab management guide.)

More interesting to me, though, is work under way to expand Firefox's "awesome bar" abilities. Today, typing in it opens Web pages and retrieves ones you've already visited or bookmarked. In the future, it could be able to move you to another open tab, too. I'm a keyboard guy, so particularly appreciate this idea.

You can get a taste of the idea now. If you've enabled the "browser.ctrlTab.previews" option, hitting Ctrl-Shift-Tab will not only show you thumbnail previews, but will put a cursor in a search box.

Typing the letters of the Web page name will winnow down the thumbnails. For example, typing "netap" will cull my open tabs so only Net Applications and NetApp show. If you have a bunch of similar tabs all open, this might not help much, of course.

However, the feature only works with the tabs of one browser window, so if you can't use it to search among other browser instances.

How to get the old way back
Perhaps I've convinced you that the new approach is better. But perhaps not--in which case I encourage you to share your thoughts in the comments so people will hear more than my opinion.

For those who don't like the new tab positions, you can revert to the old method.

To get the old style back for new tab position, use Firefox's about:config system.

(Credit: Screenshot by Stephen Shankland/CNET)

First type "about:config" in the Firefox address bar. You'll get a warning that you're tinkering with Firefox's innards and you should be careful, but this isn't brain surgery, so don't be frightened. Click the "I'll be careful, I promise" button, and you'll see a big list of all the browser settings that can be tweaked.

Next, in the text box labeled "Filter:", type "tabs.insertRelatedAfterCurrent"; you should see just one entry below. In the column marked "Value," double-click on the word "true" to change it to "false." You're done.

But I'd encourage you to at least give the new way a try. If you don't like it, you can always change back.

(Credit: CNET)

With more than 100,000 apps in the iTunes App Store and huge success around the world with the iPhone, it would appear Apple has done just about everything right with the launch of its first mobile handset. But as any iPhone app developers will tell you, the app approval process is less than ideal, with some developers waiting well beyond Apple's 14-day waiting period and sometimes longer to get their apps approved. Though Apple has stated it is working on the app approval process, there has been little in the way of progress if you ask iPhone app developers.

Recently, Apple added an automated system for weeding out developers who use Apple's private APIs, a process that may be part of a larger plan to cut down on some of the wait time. Unfortunately, developers are still struggling to get their apps to the iTunes store, finding out at the end of the 14-day waiting period that it was the automated system that turned them down. Hopefully, as more time passes, Apple will be able to figure out a way to make the process more efficient while still being able to provide high-quality and secure apps for everyone. Happy iPhone app developers mean more and better apps, so it's in all of our best interests for Apple to make the process better.

This week's apps include a new (to iPhone) multiservice chat client and a stunt-racing game with beautiful 3D graphics.

Use the tabs at the top to switch conversations

(Credit: Screenshot by Jason Parker/CNET)

Trillian ($4.99) is a popular multiservice chat client on Windows machines that you can now use on your iPhone. Multiservice chat clients are ideal for those who have accounts across several services like Yahoo, Google, ICQ/AIM, and MSN, and want to use just one client to access them all. The interface is fairly intuitive, letting you add your user names and passwords for each service, and then letting you log on to all or specific services with only a few taps on your touch screen. Trillian does not support landscape mode for typing yet, but the developers say it is coming soon.

Once you're logged in, the Trillian interface looks a lot like it does in the Windows client, complete with your buddies' avatars, contact categories (friends, coworkers, etc.), and color-coded icons to indicate which service your friends are using. The way Trillian handles multiple chat sessions on the iPhone client is excellent, with a touch-scrollable tabbed interface, making it easy to switch conversations quickly. Also especially useful (and clever) is the push notification system, that sends you the first message of a chain so you know someone is trying to reach you, but doesn't send a huge list of messages when you don't want them. At this time, you can only stay logged-in (with the app suspended) for a maximum of 24 hours, but the folks at Trillian say it will be lengthened to seven days in future updates. Though the price is a little steep in my opinion, Trillian is a high-quality chat client that will appeal to those who use multiple services.

The screenshot doesn't do it justice, but this game looks and plays great

(Credit: Screenshot by Jason Parker/CNET)

Jet Car Stunts is a stunt-racing game that runs surprisingly smoothly on first gen iPhones on up to the 3GS. Beyond the beautiful graphics, the driving control system is excellent, using the accelerometer for steering and onscreen controls for gas and brakes. What makes the game unique from other racing games are the controls for your rocket boost to complete big jumps, and the braking system that works both on the ground and in the air.

You can choose from two different game types including Time Trial and Platforming. In Time Trial, you race five laps around a track with corkscrew twists, tight turns, and huge jumps, to qualify for bronze-, silver-, or gold-medal times. Platforming has no time limit, but instead records the number of tries it takes you to complete difficult tracks--and they get very difficult in both game types. Time Trial has three skill levels, with four tracks to complete in each to move on the next skill level. Platforming has five difficulty levels, with five tracks in each to pass before moving on. Overall, Jet Car Stunts is one of the more unique racing games and features excellent graphics, extremely smooth controls, and plenty of replay value, with increasingly challenging tracks. I've had the game for a week and I still can't get over both how good it looks and how smooth it plays.

What's your favorite iPhone app? Were you waiting for a big-name multiservice chat client like Trillian before spending your money? Is Jet Car Stunts hard or am I just not good enough? Let me know in the comments!

Internet Explorer 8, Firefox 3, Google Chrome 4, Apple's Safari 4, and Opera 10 include features that block sites known to host malware and malicious downloads. All but Opera also let you browse without leaving any tracks. But just as important as these protections is ensuring that whichever browser you use is thoroughly patched.

Filtering out bad sites
Firefox's built-in antiphishing tool claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page. Firefox 3 uses Google's Safe Browsing service to automatically block sites that are known to host malware. The Google Code site describes how Safe Browsing works in Firefox.

To verify that attack-site blocking is enabled in Firefox, click Tools > Options > Security and make sure "Block reported attack sites" is checked.

Firefox will prevent known-bad sites from opening when "Block reported attack sites" is checked.

(Credit: Mozilla Foundation)

The same feature is built into Google's own Chrome browser. You can ensure that malware-site filtering is on in Chrome by clicking the wrench icon in the top-right corner, choosing Options, and selecting Under the Hood. "Enable phishing and malware filtering" should be checked. The Google Chrome Help site describes the feature. (Hint: This page looks very similar to the description on the Google Code site.)

Google's Chrome browser blocks known-bad sites when "Enable phishing and malware protection" is checked.

(Credit: Google)

The SmartScreen technology in version 8 of Internet Explorer blocks known-malicious downloads as well as bad URLs. Other new security features in IE 8 include automatic blocking of click-jacking and cross-site scripting attacks, automatic crash recovery, and highlighting of the actual domain name in the address bar. The Microsoft Security site describes the SmartScreen Filter and includes links to a SmartScreen FAQ and information for site managers.

Apple's Safari browser added phishing and malware blocking in version 3.2, which was released in late 2008; read about this and other security features in Safari 4 on the Apple Safari site. Likewise, Opera's Fraud Protection predates the phishing and malware filters in IE and Firefox and is enhanced in the latest version 10. But attack-site blocking is only one of Opera's many security features, which you can read about on the Opera site.

Browsing in private
To activate private browsing in Firefox 3, click Tools > Start Private Browsing, or simply press Ctrl-Shift-P. You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy and check "Automatically start Firefox in a private browsing session." The Mozilla support site provides more information about this feature. Likewise, put IE 8 in private-browsing mode by clicking Safety > InPrivate Browsing, or by pressing Ctrl-Shift-P. You can also open a new tab and click either Browse with InPrivate or Open an InPrivate Window.

IE 8 also lets you control the information about your browsing habits that's shared with Web tracking services. To activate this feature, click Tools > InPrivate Filtering Settings and choose "Let me choose which providers receive my information." This opens the InPrivate Filtering settings dialog, where you can turn filtering off, choose which services to block from tracking you, or automatically block all trackers.

Internet Explorer 8's InPrivate Filtering lets you block some or all Web tracking services.

(Credit: Microsoft)

You can open an incognito window in Google Chrome by clicking the wrench icon in the top-right corner and choosing "New incognito window," or simply press Ctrl-Shift-N. The incognito icon (a shadow figure in a fedora and glasses) appears in the top-left corner of the browser window. The Chrome support site offers a more detailed description of this feature.

Opera lacks an equivalent private-browsing capability but does offer private searching and other identity-blocking features, as described on the Opera site. To activate private browsing in Safari, simply click Safari Settings Menu > Private Browsing.

Automatic and not-so-automatic browser updates
Patching is a way of life with nearly all software, but especially with browsers and the media players associated with them: Adobe Reader, the Flash Player, Apple's QuickTime, and Sun's Java, among others. All of a browser's security features can be rendered useless by a piece of malware that takes advantage of an unpatched hole in the program.

Firefox 3 alerts users to the presence of an update and now also notifies you when your Flash Player is out-of-date. Internet Explorer 8 updates via the Windows Update/Microsoft Update services. Google Chrome made a splash by being the first browser to update itself in the background without requiring any prompting from users. Safari updates automatically via Apple's update service, which also serves up patches automatically for QuickTime, iTunes, and other Apple software. Opera also notifies you automatically when a new version is available.

But updating is too important to leave to others. Back in April, I described Secunia's Online Software Inspector and downloadable Personal Software Inspector, which identify out-of-date programs on your PC. The programs mentioned in that post have all been updated since, but Secunia's services should point you to the most recent versions.

(Note that Secunia sometimes reports a program as being out-of-date when in fact you have the latest version. On my PC, it continually reports my up-to-date Flash Player as being in need of an update, for example. But the free service Secunia provides is worth putting up with this and similar minor annoyances.)

Over the weekend, I accidentally deleted all of my MP3s. Using SHIFT+Del, I wiped them from my hard drive without stopping at Go or the Recycle Bin. After running to go get the dunce cap, my initial reaction was to pull out the iPod and copy them back over. In some ways it would be the easiest solution, but it wasn't the most elegant. Wouldn't it be easier if I could just restore all those files to their original locations?

Recuva, from the makers of CCleaner, scans your drive for files you've deleted or damaged and restores them. It's not perfect, but for a free recovery program--a category noted for its lack of freeware--Recuva is both easy to use and effective. It's pronounced "recover," according to the publisher's Web site.

How to use Recuva

As you can see in the screenshots, the interface is more or less a spreadsheet layout with buttons at the top. The real work gets done by the recovery wizard, which starts when you launch the program. You can opt out of it, and change the settings so that it doesn't launch the next time you run it, but the wizard's steps are clear and worth using to streamline data recovery. Closing the wizard will take you directly to the advanced features.

The wizard first asks you what kind of files you're looking to recover, divided into file type categories. There's Pictures, Music, Documents, Video, Emails, and Other, which is really All Types. The next step in the wizard is to identify where the files were located. You can tell it to search everywhere using the I'm Not Sure option, or limit it to any removable memory including USB keys, iPods, and memory cards, in the My Documents folder and subfolders, or in the Recycle Bin. You can also restrain Recuva to one specific folder.

Scanning is a bear of a process, and the predicted duration of the recovery scan was off by about 10 minutes during my situation. The bottom line is that if you're trying to restore a large chunk of data--say, more than 1GB--you're looking at a long coffee break.

Once it's done, Recuva will dump out a list of files and their original locations, their timestamps, and other data. Switching to Advanced mode will provide more detailed information on each file, including a preview if available. It will also show all of the file data in one field that is copyable, and the file's header data.

Recuva is effective, but not all the time.

(Credit: Screenshot by Seth Rosenblatt/CNET)

In the Options menu, you can toggle useful features such as changing the viewing mode from list to tree or thumbnails, outputting your settings to an INI file, and adjust the secure overwriting setting from the simple one pass to the Gutmann standard of 35 passes. Several of the options, such as rescuing damaged files, restoring the original folder structure, or setting the scan permanently to be a deep scan, seem as if they should be set as defaults because they're that useful to data restoration, but they're not.

Recuva lacks an output screen, which would be useful in comparing which files were successfully restored against those that weren't, but because the program is free and effective, it's a flaw that's easily overlooked.

If you have a favorite deleted data restoration program, tell me about it in the comments.

Visual thumbnails for tabs are all new in Opera Mobie 10 beta.

(Credit: Opera Software)

Opera impressed us a few months ago with its beta release of a restyled Mini browser for Java phones. Early in November, they did it again with a standalone mobile browser for Symbian Series 60 handsets that adheres to Opera Mini 5 beta's glossy master design. And on Wednesday, Opera repeats what it hopes to be mobile magic with Opera Mobile 10 beta for Windows phones.

The free Opera Mobile 10 beta starts off with a customizable Speed Dial screen, composed of nine preview thumbnails that whisk you off to a favorite site. Browser tabs receive a new treatment that echoes those thumbnail previews, and other features like the Password Manager get a few behind-the-scenes adjustments.

As with the recent betas for Java and Symbian phones, Opera Mobile 10 beta lacks some features for Windows phones that Opera expects to restore by the time it approves the app for general consumption. Opera Link, its bookmark- and favorite-syncing service, is among the laggers.

Our First Look video of Opera Mobile 10 beta (below) sees the browser tested on a Symbian phone, but it will look and work almost identically on Windows phones. Press "play" to get a good idea of what's in store, including those known bugs.

Note: Since our video, Opera has released an update for Symbian phones that can now handle font for several Asian languages.

Windows Mobile owners can download the mobile browser beta free by navigating to m.opera.com/mobile/ from the phone or www.opera.com/mobile from the desktop. Opera Mobile 10 beta will replace the Opera Mobile 9.7 beta that has previously been available for Windows Mobile phones.

Windows users: how do you like Opera's reworking of the browser? Let us know in the comments.

If you have received an e-mail from the Internal Revenue Service or the Federal Deposit Insurance Corporation, chances are it was a phishing attempt. If you received e-mail from your bank, PayPal, or Facebook urging you to immediately verify information or risk having your account suspended, it was undoubtedly phishing.

Phishing attacks have spiked this year, according to recent reports. The Anti-Phishing Working Group reports that there were more than 55,600 phishing attacks in the first half of 2009 alone. Phishing is particularly dangerous because once criminals get a victim's password for one Web site they can often use it to get into other accounts where people have re-used the password.

And anyone can be at risk. The wife of FBI Director Robert Mueller banned him from doing online banking after he came close to falling for a phishing attempt.

Here is some basic information that can help people avoid being tricked by phishing attacks.

What is phishing?
Phishing is an attempt, usually via e-mail, to trick people into revealing sensitive information like usernames, passwords, and credit card data by pretending to be a bank or some other legitimate entity. The e-mails typically include a link to a Web site that appears to be legitimate and which prompts users to provide information. Sometimes, the phishing e-mail will include a form in an attachment to fill out. One common tactic phishers use is to pretend to be from the fraud department of a financial institution or online retailer like PayPal and ask for information to be provided to prevent identity fraud. In one case, a phishing e-mail purporting to be from a state lottery commission asked recipients for their banking information so their "winnings" could be deposited into their accounts.

Phishers also are increasingly exploiting interest in news and other popular topics to trick people into clicking on links. One e-mail purportedly about swine flu asked people to provide their name, address, phone number, and other information as part of a survey on the illness. And users of social networks are becoming popular targets. Twitter users have been directed to fake log-in pages.

Attackers are also turning to instant messaging to lure people into their traps. In one recent scam a live chat window was launched via the browser. The scammer communicated to victims via the chat window, pretending to be from a bank and asking for additional information.

This phishing e-mail looks legitimate and even offers to provide tips on how to avoid fraud and spoof e-mails.

(Credit: Screenshot by Elinor Mills/CNETNews.)

What are other recent examples of phishing attacks?

• A recent e-mail scam asks PayPal customers to provide additional information or risk getting their account deleted because of changes in the service agreement. Recipients are urged to click on a hyperlink that says "Get Verified!"

• E-mails that look like they come from the FDIC include a subject line that says "check your Bank Deposit Insurance Coverage" or "FDIC has officially named your bank a failed bank." The e-mails include a link to a fake FDIC site where visitors are prompted to open forms to fill out. Clicking on the form links downloads the Zeus virus, which is designed to steal bank passwords and other information.

• E-mails that look like they come from the IRS tell recipients that they are eligible to receive a tax refund and that the money could be claimed by clicking on a link in the e-mail. The link directs visitors to a fake IRS site that prompts for personal and financial information.

• A legitimate-looking Facebook e-mail asks people to provide information to help the social network update its log-in system. Clicking the "update" button in the e-mail takes users to a fake Facebook log-in screen where the user name is filled in and visitors are prompted to provide their password. When the password is typed in, people end up on a page that offers an "Update Tool," but which is actually the Zeus bank Trojan.

What are some tell-tale signs of a phishing attempt?
Many phishing attempts originate from outside the U.S. so they often have misspellings and grammatical errors. Some have an urgent tone and they seek sensitive information that legitimate companies don't typically ask for via e-mail.

What should I look for in an e-mail?
Check the sender information to see if it looks legitimate. Criminals will choose addresses that are similar to the one they are faking. For instance, phishers have used "Alerts@Paypal.co.uk." However, legitimate PayPal messages in the U.S. come from Service@paypal.com" and include a key icon. Most phishing e-mails come from outside the U.S. so an address ending in ".uk" or something other than ".com" could indicate it's a phishing attempt.

The e-mail address may also be obscured. Hitting "reply all" may reveal the true e-mail address. You can also set your e-mail preferences to show "full header" to see the full e-mail address and other information. If you are at all unsure whether the e-mail is legitimate, go to the company's Web site to see the address listed.

Legitimate companies tend to use customer names or user names in the e-mail, and banks often will include part of an account number. Phishing emails typically offer generic greetings, like "Dear PayPal customer."

Inspect the hyperlinks inside the body of the e-mail. Phishers typically will use subdomains or letters or numbers before the company name, and sometimes the words in the links are misspelled. For example, www.BankA.security.com would link to the 'BankA' section of the 'security' Web site. Often, it's difficult to tell if the link is legitimate just by looking at it. By mousing over the link you can see the real address on the bottom of most Web browsers.

In addition, PayPal, Amazon, banks, and many other businesses use the SSL (Secure Sockets Layer) protocol which is designed to ensure that customers are visiting the real site. That means https:// will be seen in the URL address bar instead of just http:// and usually there will be some other change in the address bar. For instance, PayPal displays a "P" and its name is highlighted in green at the front of the URL. The major browsers have antiphishing measures designed to detect malicious sites. Some phishers also try to hide the real Web address they are sending victims to by using URL shortening services.

If the e-mail has an attachment, be wary of .exe files. Scammers like to hide viruses and other malware there so it executes when opened.

Do not be fooled by the look of the Web site you may be directed to. The Web site may look just like a real bank or PayPal page, including the use of the real logos and branding. It could be a good fake page or it could be a legitimate page with a phishing pop-up window on top.

How can phishing attacks be avoided?

• Try to stay off spam lists. Don't post your e-mail address on public sites. Create an e-mail address that is less likely to get included in spam lists. For instance, instead of bobsmith@xyz.com, use bob.smith.az@xyz.com.

• If an e-mail looks reasonable contact the company directly if you receive an e-mail asking you to verify information. Type the address of the company into the address bar directly rather than click on a link. Or call them, but don't use any phone number provided in the e-mail.

• Don't give out personal information requested via e-mail. Legitimate companies and agencies will use regular mail for important communications and never ask customers to confirm log-in or passwords by clicking on links in e-mail.

• Look carefully at the Web address a link directs to and type in addresses in the browser for businesses if you are uncertain.

• Don't open e-mail attachments that you did not expect to receive. Don't open download links in IM. And don't enter personal information in a pop-up window or e-mail.

• Make sure you are using a secure Web site when submitting financial and sensitive information.

• Change passwords frequently. Don't use the same password on multiple sites.

• Regularly log into online accounts to monitor the activity and check statements.

• Use antivirus, antispam, and firewall software and keep your operating system and applications up-to-date.

What can I do if I think I've been victimized by phishing?
The Anti-Phishing Working Group has a comprehensive site explaining exactly what steps people should take based on what type of information they have given out.

Where can I report phishing attempts?
You can forward suspected phishing e-mails to reportphishing@antiphishing.org and spam@uce.gov. Companies typically have an address to forward phishing examples to, such as "spoof@company.com." Always include the entire phishing e-mail. Complaints can be lodged with the Internet Crime Complaint Center at the FBI.

Here are additional resources.

http://apwg.org/consumer_recs.html

http://www.irs.gov/newsroom/article/0,,id=154848,00.html

http://www.microsoft.com/mscorp/safety/technologies/antiphishing/guidance.mspx

This phishing e-mail includes a sender e-mail address and link that are obviously not associated with Facebook.

(Credit: Screenshot by Elinor Mills/CNETNews.)

Mozilla's homegrown tool for synchronizing Firefox across computers and devices graduates to beta and introduces incremental syncing and a more streamlined, less obtrusive experience. Mozilla Weave 1.0 beta 1 looks and feels far more polished than its predecessors.

Weave integrates smoothly into the Firefox options pane.

(Credit: Screenshot by Seth Rosenblatt/CNET)

It does away with the "about:weave" access to the add-on's configuration pane, better handles Firefox preference integration when syncing for the first time, adds an automatic on-demand sync for when changes are detected and should more comprehensively sync history. This first beta also fixes a problem that the previous Weave v0.8 had when connecting via Fennec 1.0 beta 5.

However, Weave still has numerous problems. It conflicts with many add-ons, including AdBlock Plus, one of Firefox's most popular. The new incremental sync transfers data in chunks, so you can still use the browser, but it also prioritizes the first sync based on "interestingness." This amounts to syncing the data that you use most first, but it means that an initial sync could take hours depending on how much data you have. Weave is available for Windows, Mac, and Linux users.

(Credit: CNET)

Like I've mentioned here several times before, I'm one of the people who is still using the iPhone 3G. Like many, I'm waiting for my two-year contract to be up so I can get whatever the next-gen iPhone is. It doesn't bother me too much (aside from a few app features that require 3GS), but I do long for the faster processing power and extra features found in the latest iPhone. Especially when it comes to (surprise!) games.

To give you an idea of the difference between the two iPhone processors and how they effect game performance, fellow CNET editor, Josh Lowensohn, put the two iPhone models to the test. In Josh's article, he offers up several side-by-side comparisons of many of the top iPhone games with analysis. If you're an iPhone-gaming fan or just want to see how the processing power matches up between the two models, check out his article.

This week's apps are both games, with the first complete basketball game for the iPhone and a fun sequel to one of the more unique games in the iTunes App Store.

I hope Ellis doesn't pass it to the guy with the green square around him

(Credit: Screenshot by Jason Parker/CNET)

NBA Live ($9.99) is the first fully licensed and complete basketball game for the iPhone and iPod Touch. You can play as any of the 30 NBA teams featuring the actual players and stats. You can play a quick exhibition game, play through an entire season, or just play through the playoffs up to the NBA Championship. The control system includes an onscreen joystick for movement and two buttons that take care of most basketball action (shooting, passing, etc.), but with a clever system for pulling off more advanced moves. The graphics are not on par with what you'll find in the current basketball games on consoles, but for an iPhone game, it looks fairly good and plays well enough to satisfy basketball game fans.

NBA Live packs a lot of features into the game using only a couple of buttons. Advanced moves like cross-over dribbles and hardcore dunks require you touch a button then flick in a direction. Holding down on the pass button brings up icons you can touch to pass to specific players. If you want to go deeper than just running and gunning, you can touch the clipboard icon to call a play and set up an open man for an easy shot. While I'm happy with NBA Live as an iPhone basketball game, I may be spoiled by the smooth experience on console versions. The graphics are pretty good, but not great and the movement can be a bit jerky. Overall, I think it's a pretty good basketball game, but it might be worth waiting a little while to see if it goes on sale. Hardcore fans should get this game.

The simple, hand-drawn graphics are part of what makes this game charming.

(Credit: Screenshot by Jason Parker/CNET)

JellyCar 2 is the sequel to the unique squishy driving-puzzle game, JellyCar. JellyCar 2 expands on the hand-drawn, cartoon puzzle game with several more levels, new game types, and the capability to customize your car and create your own levels. The controls involve touching the screen on either side to go forward and backward and you can tilt your iPhone to right your car when it flips over. Play the game in the Classic Mode to navigate your car through a level to the goal in the least amount of time. You have three skill levels in classic mode with a number of tracks for each level. Long Jump mode lets you drive down a long ramp and use obstacles in the level to project your car the longest distance. The third mode adds a new game entirely, requiring you to direct Tetris-like puzzle pieces to their associated bins--strange sounding, but it's pretty fun with the JellyCar physics in play. Adding to your options for solving puzzles, you can touch the car to "go big" like the original JellyCar. You also get two extra skills you can grab while driving: a balloon that lets you take to the air and one that makes your wheels sticky--each of which you will use at different times to pass levels.

JellyCar 2 also adds a few other features to play with and will amount to a lot of replay value. You can customize your vehicle and wheels with different colors, but you can also choose different vehicles, each with their own physical properties to change how you attack various levels. A new editing mode even lets you create and save your own levels from the ground up. Overall, I think JellyCar 2 is in a class by itself, with a fun, stylistic feel to the game and plenty of challenging levels that are very enjoyable to play.

What's your favorite iPhone app? Do you think NBA Live is worth the price to play? Is JellyCar 2 a worthy sequel to JellyCar? Let me know in the comments!

Mozilla, racing to release Firefox 3.6 before the end of the year, has released a second beta of the open-source browser for Windows, Mac, and Linux.

Firefox 3.6 beta 1 introduced most of the new features, most visibly the ability to customize Firefox's look through Personas, less than two weeks ago. But among the 190 patches in the new beta is what Mike Beltzner, Mozilla's director of Firefox, described in a blog post as "a mechanism to prevent incompatible software from crashing Firefox."

There also are a number of deeper changes in Firefox 3.6 that Web developers likely will be more interested in. Note that one of them, the ability to use color gradients with formatting technology called Cascading Style Sheets (CSS), has changed syntax in between Firefox 3.6 beta 1 and beta 2.

Mozilla is trying to accelerate the pace of Firefox releases; Firefox 3.7 is set for release in the first half of 2010 and 4.0 some time later that year. The project faces new competition from Google's Chrome browser.