Considering that Microsoft feels the need to enter the antivirus market and 12 of the top 35 anti-malware makers failed Virus Bulletin's August 2009 test, one could argue that antivirus products are not where they should be. Former Symantec executive Oliver Friedrichs thinks a different approach is necessary, so he built a new cloud-based, social antivirus product called Immunet Project.

Harnessing what Immunet calls "Collective Immunity," Immunet Project claims to be able instantly fortify all of its users' computers against new virus threats. "Immunet uses a global community to collect anonymous information on applications running across the Immunet population," Friedrichs told Ars Technica. "We extract specific attributes from Windows PE files that are then coalesced in the cloud and classified as good or bad." When Immunet finds a piece of malware on a user's computer, it notifies the rest of the user network, supposedly in real time. Because of this approach, Immunet keeps most of its client infrastructure on its servers; the actual client install takes up less than 5MB of space.

Windows Live Hotmail users that have recently been using the Web service may have noticed that it's no longer possible to add photos directly into the body of a Windows Live Hotmail message as easily as before. This issue wasn't apparent immediately because images can still be uploaded; the only difference is they appear as any other file would. This seems to occur in any browser, although when we started digging deeper into the issue, we found the following statement on the Windows Live Hotmail blog, which indicates that IE is the culprit:

Microsoft Security Essentials (MSE) beta build 1.0.1500.0 has quietly appeared out of nowhere today. There's no official announcement, testers haven't received any e-mail notification, and it's unclear if this is the second public build, either a Beta Refresh or a Release Candidate, which the software giant promised to release this summer. We've asked Microsoft to let us know a bit more on the new version, as right now all that seems different is a new green/red system tray icon and significantly smaller installer sizes, and we'll update this post accordingly.

The Mac blog-o-verse has been abuzz recently with the revelation that a Spotlight search can turn up deleted e-mails on an iPhone. While described as a bug or potential security issue, the truth is less scary than that. Additionally, it seems that Apple has already added a fix to the iPhone OS 3.1 update that is currently in beta.

Cult of Mac reader Matt Janssen revealed the bug yesterday morning after he discovered that an e-mail he remembered deleting showed up in a Spotlight search. "Obviously this is could be a major security issue if you think you deleted something from your iPod but it's not really deleted," Janssen told Cult of Mac. "You can still search through messages that are deleted. And this isn't messages that are just recent. I found some messages that are over three or four months old."

A pair of reports cast a spotlight on the integrity of North America's energy infrastructure. Organizations of various sizes responded to a poll for one report, with the majority stating that they receive anywhere from 75 to 150 cyberattacks on things like businesses and traffic systems per week. More importantly, according to the report, new smart grid and smart meter technology could exacerbate the problem, and even the North American Electric Reliability Corporation (NERC) says its protocols are not yet going far enough.

NERC is a nonprofit organization that develops security standards for North American energy and utility companies. In a recent survey, NERC found that only 23 percent of its affiliates could identify Critical Cyber Assets (CCAs)—weak networked access points that could be used to maliciously manipulate energy infrastructure—under their control. In response to these findings, Michael Assante, NERC's Chief Security Officer, issued a statement (PDF) calling for organizations to take "a fresh, comprehensive look at their risk-based methodology... with a broader perspective on the potential consequences to the entire interconnected system of not only the loss of assets that they own or control, but also the potential misuse of those assets by intelligent threat actors."

Laptops are more prevalent today than they have ever been. Everywhere you look, there are notebooks of every kind—tiny netbooks, monster laptops, and everything in between. With such an explosion in notebook use, there are that many more targets for thieves looking to pawn our stuff for a quick buck, or even worse, steal our data for more nefarious uses.

In the case of one laptop user profiled by the Telegraph, a thief might even make use of your laptop's login credentials to taunt you right from your own virtual identities. UK resident Victoria Richardson's house was broken into and her laptop and iPhone stolen; the same day, her Facebook account was hijacked by the burglar, who then posted status updates to Richardson's Facebook wall mocking her about the stolen wares. This is a creepy reminder that once your laptop is stolen, in most cases, a burglar can access almost anything on it—that is, unless you take the right precautions with the extremely mobile window into your life.

During July 2009, a company called NSS Labs performed two separate browser security tests, which Amy Barzdukas, General Manager of Internet Explorer, told Ars that Microsoft had sponsored. Right off the bat, your suspicions have probably been raised, and rightly so. Internet Explorer 8 performed very well in all the tests and, while Microsoft insists that it had no impact on the results, we must still be cautious when examining the reports.

A group of security researchers has published a fascinating study that demonstrates how to hack a Sequoia AVC Advantage voting machine. We have already seen several electronic voting machines hacked by experts in controlled environments, but this study goes a step further and shows that it can be done in the wild without privileged access to source code or other specialized materials.

The study was conducted by a group of voting machine security experts led by Ed Felten, the director of Princeton's Center for Information and Technology Policy. They used a technique called return-oriented programming to circumvent the built-in security mechanisms in an AVC Advantage voting machine and cause it to divert votes from one candidate to another in a simulated election.