The Web is scarier than most people realize, according to research published recently by Google.

The search engine giant trained its Web crawling software on billions of Web addresses over the past year looking for malicious pages that tried to attack their visitors. They found more than 3 million of them, meaning that about one in 1,000 Web pages is malicious, according to Neils Provos, a senior staff software engineer with Google.

These Web-based attacks, called "drive-by downloads" by security experts, have become much more common in recent years as firewalls and better security practices by Microsoft have made it harder for worms and viruses to directly attack computers.

In the past year the Web sites of Al Gore's An Inconvenient Truth movie and the Miami Dolphins were hacked, and the MySpace profile of Alicia Keys was used to attack visitors.

Criminals are getting better at this kind of work. They have built very successful automated tools that poke and prod Web sites, looking for programming errors and then exploit these flaws to install the drive-by download software. Often this code opens an invisible iFrame page on the victim's browser that redirects it to a malicious Web server. That server then tries to install code on the victim's PC. "The bad guys are getting exceptionally good at automating those attacks," said Roger Thompson, chief research officer with security vendor Grisoft.

In response, Google has stepped up its game. One of the reasons it has been scouring the Web for malicious pages is so that it can identify drive-by-download sites and warn Google searchers before they visit them. Nowadays about 1.3 percent of all Google search queries list malicious results somewhere on the first few pages.

Some of the data surprised Provos.

"When we started going into this, I had the firm intuition that if you go to the sleazier parts of the Web, you are in more danger," he said.

It turns out the Web's nice neighborhoods aren't necessarily safer than its red-light districts.

"We looked into this and indeed we found that if you ended up going to adult-oriented pages, your risk of being exposed [to malicious software] was slightly higher," he said. But "there really wasn't a huge difference."

"Staying away from the disreputable part of the Internet really isn't good enough," he noted.

Another interesting finding: China was far and away the greatest source of malicious Web sites. According to Google's research, 67 percent of all malware distribution sites are hosted in China. The second-worst offender? The U.S., at 15 percent, followed by Russia (4 percent), Malaysia (2.2 percent), and Korea (2 percent).

It costs next to nothing to register a Web domain in China and service providers are often slow to shut down malicious pages, said Thompson. "They're the Kleenex Web sites," he said. Criminals "know they're going to be shut down, and they don't care."

Malicious site operators in China fall into two broad categories, Thompson said: Fraudsters looking to steal your banking password, and teenagers who want to steal your World of Warcraft character.

So how to stop this growing pestilence?

Google's Provos has this advice for Web surfers: Turn automatic updates on. "You should always run your software as updated as possible and install some kind of antivirus technology," he said.

But he also thinks that Webmasters will have to get smarter about building secure Web sites. "I think it will take concentrated efforts on all parts," for the problem to go away, he said.

Mary Lou Jepsen stirred up a controversy when she left the struggling One Laptop Per Child nonprofit effort in December to start her own for-profit company, Pixel Qi, with the goal to create a $75 laptop using technologies she invented at OLPC.

Jepsen's departure as CTO prompted critics to accuse her of taking advantage of OLPC's nonprofit inventions for personal gain, but supporters shot back, saying it was the right time for her to leave a listing ship. OLPC has been afflicted by production delays and rising costs over years, with the laptop's estimated price rising from $100 to $188. It is now beset by waning orders and competition from commercial vendors like Intel that threaten to sideline the nonprofit effort.

Jepsen denied the allegations, saying her departure was put in place early last year and that she continues to work with OLPC on developing technologies for future XO laptops while selling it for a profit to commercial organizations.

Technologies she invented at OLPC include the display system optimized for low-power operation, which has been implemented in the XO laptop.

Retaining the OLPC spirit, Jepsen said Pixel Qi is developing inexpensive products like a power-efficient display that can be used in developing countries. She chatted with the IDG News Service about the new company, the $75 laptop, and her days at OLPC.

IDGNS: How is Pixel Qi progressing?

Jepsen: Things are going great. Pixel Qi is now a month old. I've done a lot of startups before, but [Pixel Qi] is a very unusual startup. It's got products to ship already, so that's unusual. It's getting a lot of attention, which surprises me, but it is good that people are interested.

IDGNS: Are you working on the $75 laptop right now?

Jepsen: The $75 laptop -- maybe people are interested in it because it's a catch phrase -- but mostly it's about designing things for the billions of people who are joining the information age right now. That's what Pixel Qi strongly believes in.

Right now I'm starting this company ... to get a lot of the technologies in [OLPC's XO] laptop into other laptops and cell phones as a first priority. Then working with OLPC to focus on driving that next-generation laptop. But we just started shipping this generation [of XO laptops], we owe it to ourselves to see how the children use them ... and before we start in earnest the design and development cycle to have the feedback from children in different countries.

I'm focused on getting the screens and power management into other people's small laptops and cell phones right now. I think the [$75 laptop] will happen pretty soon, but again, I'm not really focused on the $75 laptop right now, while the innovations that I'm working on can go into that.

That mimics what we did at OLPC. We thought a lot about [designing the XO laptop] before executing on it. It's a lot easier to redesign on paper. [We are] taking this time and really talking to a lot of who's who in technology about what [the $75 laptop] should be. But it's certainly possible to go lower price -- if you look, there are $10 CPUs around.

IDGNS: There is a perception that you left OLPC to privatize the technology and make money out of it.

Jepsen: I arranged it with Nicholas [Negroponte]. My departure has been well planned and organized with OLPC. It was in place since spring of 2007, and I was committed to delivering the XO into high-volume mass production. But as somebody who ... invents, develops, and gets hardware into mass production, there wasn't much more for me to do at OLPC after ... that.

On some level, I was responsible for making a laptop ... and, I realized ... I should keep doing this. So I got access to the ... intellectual property and patents. Not because I was the inventor, and not even because the inventor has the really good chance of improving the price and performance of her invention, but because OLPC is the beneficiary as the licensee.

I'm still in spirit with OLPC, but now I'm with Pixel Qi, and I am not working on just children, but adults and trying to get the cost down. That doesn't mean just Dell on a diet if you will, but [a laptop] that people are proud to own and proud to use at low cost and designed for different environments. The mass market -- there's literally billions of people who want to join this information age, and they need products too. They need interesting products, not stripped-down stuff. The XO is probably the first in that line.

IDGNS: A $75 computer seems optimistic considering OLPC's inability to produce a $100 laptop. Can you walk us through the changes needed in component prices and system design to reach that target?

Jepsen: I don't think it's that hard, frankly. If you look at the cost of flash and DRAM, they go down 50 percent year over year. You look at screens, they go down 30 percent every year. If you look at the cost of CPUs -- well, some of them stay expensive -- there are several companies working on the $10 CPU right now.

There are pretty low-cost [parts], but using low power, guess what ... you don't use the same amount of ... processing power. Your battery is really inexpensive if you don't use a lot of power because it won't need as many cells, for example. I think it's very straightforward.

There's ways to hit ...[the $75] envelope if you look at the mechanicals and the keyboards and everything else you need on the motherboard. I think we know how to ... integrate the components and work with manufacturers and producers to get there very quickly to lowering the price and increasing the performance. But then again, you have to redefine performance for a cow herder and pick your country.

IDGNS: All of that still calls for performance. Is there going to be some kind of trade-off in capabilities relative to a mainstream notebook?

Jepsen: There's two ways to be fast, one is the standard, more blah way, where you just heap on the megahertz and megahertz and then heap on the code. Vista's footprint is 12GB as opposed to our OS at OLPC, it's 0.1GB, it's 120 times smaller. You could do big code and big iron or skinny down the code and make do with a 500 megahertz processor ... that was a state-of-the-art laptop in 2000. All of the software has gotten bloated, and do you really need a little paper clip guy or doggy telling you what to do?

The XO is ... an outdoor usable laptop. You can drop it, you can spill on it and the batteries last a long time. And it's green. Those are performance metrics that really matter. Making your batteries last a week is also a performance criteria. Intel has said for a number of years that it's not about one more megahertz anymore, it's about lowering the power consumption.

IDGNS: Are inexpensive laptops a new category? IDC says notebook computers like Eee PC -- they don't take those laptops when they measure market share or measure unit shipments. They're calling the category "notebook gadgets." How do you feel about that?

Jepsen: It's funny. I don't feel much about the word. I just talked at a gadget conference, "Greener Gadgets," but ... [Intel's] Craig Barrett, when he was trying to be derogatory toward the laptop project, called it a gadget. I think that we think of gadgets as things that don't really work for long, have a short life, and are transient, not real machines. The XO lasts two-and-a-half times longer than a standard laptop. That's not a gadget-like property of it. What is a gadget? Is it a learning machine or is your laptop a gadget or cell phone a gadget?

IDGNS: Did Intel undermine the OLPC project with their Classmate PC?

Jepsen: It's such a long story with them, especially for me because I used to work [at Intel]. It's hard for me to summarize. Certainly, there are so many individuals at that company on the technical side when we finally got working together, it was great. We were really pursuing an -- I think it's been announced -- Intel chip in the XO, that was something we were working well together on with their technical team. I think the difficulty was from the sales and marketing side as I understand it, and I really wasn't involved in that in OLPC. I would only hear from the ministers in the countries I would visit and from Nicholas and so forth. I wasn't that involved in it towards the end.

IDGNS: Is there a release date for the $75 laptop?

Jepsen: It's not that hard. It will take about two years. Realistically, it does need that time because what you have to do first is make the components and then you put them together. At OLPC, it took three years because we had to start with the disbelief, but now people believe. Now cut that down to about two years, it's about reasonable. It's 2010 we're looking at.

Amazon's data storage service was down for several hours on Friday morning, leaving businesses that rely on the service offline.

As of around 9 a.m. on the West Coast of the U.S., the issue had been resolved, according to an Amazon employee posting on a user group forum. "This morning's issue has been resolved, and the system is continuing to recover," wrote Kathrin, the Amazon employee, on the forum.

She said that the company plans to post technical information about what exactly happened, but that the priority is to make sure the system is stable.

Companies use Amazon's Simple Storage Service, known as S3, to store and quickly retrieve large amounts of data, often to run Web sites and services.

A press spokesman said that one of three geographic locations for the service was unreachable for about two hours, but that it was operating at 99 percent of normal performance before 7 a.m. on the West Coast. "We've been communicating with our customers all morning via our support forums and will be providing additional information as soon as we have it," said Drew Herdener in a statement.

Many customers appeared not to have gotten that communication. They complained on the forum about a lack of information from Amazon about the outage and when it would be fixed. One suggested that Amazon could have at least posted a message on the front page of the Web services site so that customers would be aware that the problem wasn't on their end.

Others wrote about the problems that the outage was causing their businesses. "It's becoming very embarrassing for us here," one wrote. "We desperately need an update ... it's a huge hit on our reputation."

Many of the users said that the service was down for around three hours.

Gustavo, a user in Brazil, said that his company hosts more than 30,000 images from a large television station in Brazil. "Now we are having several problems because of this S3 issue," he wrote. "My company chose to work with Amazon because of its reliability."

Late last year, Amazon introduced a new service level agreement for S3 that guaranteed 99.9 percent uptime each month. If the service slips below that level, the company promised to provide service credits to certain users.

Microsoft said on Friday that it has added Office binary formats to a list of technologies that are protected against patent-violation claims, answering criticism from some involved in the OOXML (Office Open XML) file-format standards process.

The OOXML format is being considered as an international standard by the ISO (International Organization for Standardization), but translation between the original Office binaries and OOXML is necessary for there to be seamless document exchange between older versions of Office and Office 2007. Corporate developers and makers of other office productivity products need access to the formats in order to write converters between Microsoft's format and the possible standard.

Microsoft has listed binary file format specifications for Word, Excel, and PowerPoint -- that is, .doc, .xls and .ppt -- under the OSP (Open Specification Promise). These file formats are the defaults in pre-Office 2007 versions of Office; Office 2007 was the first version to use OOXML as its default file format.

Microsoft published the OSP in September 2006 as a promise that it would not take any patent-enforcement action against people who want access to the specs for technologies it has developed. Since then, Microsoft has been periodically adding to the list of OSP-protected specs, which can be found on the company's Web site. In a press statement, Microsoft said that adding the Office binaries to the list is to "promote interoperability between the binaries and Open XML and make Office Open XML accessible to an ever-wider group of users and developers."

The move came out of discussion in the ISO around OOXML as national standards bodies requested more open access to the Office binaries, said Brian Jones, an Office program manager, in a posting on a company blog last month.

According to Jones, the specs for the binaries already had been available royalty-free via e-mail to anyone who requested them as outlined in an article in Microsoft's Knowledge Base. But since the national bodies were concerned with the steps someone had to take to get access to the binary formats, Microsoft -- working with an Ecma International technical committee, Ecma TC45 -- decided to make it easier for people to get them, he said.

Microsoft has been working to fast-track OOXML through the ISO approval process through Ecma, another international standards body, since November 2005. Ecma approved OOXML in December 2006, but approval by the ISO has been more problematic. A final vote on ISO is expected in March after an ISO ballot resolution meeting for the OOXML format, scheduled for Feb. 25-29.

To help companies build connectors between the binaries and OOXML, Microsoft on Friday also went live with an open-source project on SourceForge to create software tools, guidance and show how a document written using the binary formats can be translated to the current ISO spec for OOXML, ISO/IEC DIS 29500. The resulting translators will be available under the open-source Berkeley Software Distribution license, and members of the community are free to use the translators, submit bugs and feedback, or contribute to the project as they wish, Microsoft said.

Translators already exist between the Office binary formats and OOXML's rival file format, ODF (Open Document Format), which already is an approved ISO standard. For example, the Sun ODF Plug-in for Microsoft Office enables conversion between Microsoft Office documents to and from ODF.

Yahoo's Chairman Roy Bostock is leading a group of the company's board members in favor of accepting Microsoft's unsolicited $44.6 billion takeover bid, according to a new report.

The informal group headed by Bostock also includes other board members and billionaire investor Ron Burkle, according to the report in the New York Post, which quoted unnamed sources close to the situation. Board members Eric Hippeau, a managing partner at Softbank Capital, and Robert Kotick, CEO of Activision Publishing, are standing behind Yahoo CEO Jerry Yang, who does not want to accept Microsoft's offer.

On Monday, Yahoo's board rejected Microsoft's offer, saying it undervalued the company.

According to the Post, the discord revolves around Yang and his followers who are so opposed to selling the company to Microsoft that Bostock and his group fear they will act out of emotions rather than their fiduciary duty to Yahoo shareholders. Such an action could expose the board to lawsuits by shareholders.

Yang sent a letter to shareholders Wednesday night, saying that Microsoft's bid substantially undervalues the company and that Yahoo is positioned to take advantage of growth in the online advertising market.

Yahoo could not be reached for comment.

Computerworld is an InfoWorld affililate.