News reports this week that the U.S. Department of Justice is formally reviewing a proposed advertising deal between Google and Yahoo came as no surprise to some tech trade groups and advocacy groups based in Washington, D.C.

A Washington Post story Wednesday saying the DOJ had launched a formal investigation of the ad deal wasn't much of a shocker to Google and Yahoo, either, as the two companies had voluntarily delayed the implementation of the deal for more than three months in recognition that the DOJ would look at the antitrust implications.

A DOJ spokeswoman said Wednesday that the agency has acknowledged since mid-June that it was looking into the deal. A public confirmation that the DOJ is examining the deal amounts to a "formal investigation," she said.

Google said it is cooperating with the DOJ.

"We are continuing to have cooperative discussions with the Department of Justice about this arrangement, and voluntarily delayed implementation for three and a half months in order to give them time to understand the agreement," said Adam Kovacevich, a Google spokesman. "That process is continuing exactly as expected. We are confident that the arrangement is beneficial to competition, but we are not going to discuss the details of the process."

Google and Yahoo announced June 12 a deal to run some of Google's advertisements alongside Yahoo search results. The announcement came just hours after a proposed acquisition of Yahoo by Microsoft fell through, although Microsoft has continued to express interest in such a deal.

Google and Yahoo had run a test of the advertising program in April.

Still, with recent news of the DOJ investigation, representatives of two tech trade groups said they expected the agency would look into the deal.

"Even though serious antitrust problems are unlikely, it was appropriate for the parties to offer up a delay while regulators review the deal," said Ed Black, CEO of the Computer and Communications Industry Association, a trade group that has raised concerns about anticompetitive behavior in the tech industry. "This is a good provision to help everyone understand the facts surrounding the deal and make sure there is no harmful impact on competition or consumers."

A formal review was "inevitable," added Jonathan Zuck, president of the Association for Competitive Technology, a trade group often aligned with Google competitor Microsoft. The deal is between the number one and number two companies in the "crucial" online ad market, Zuck added.

"It's a very complex deal in a very complex market," Zuck said. "The deal raises a lot of questions that the DOJ must answer before letting it go."

Google has worked hard to structure a deal that would meet regulatory approval, he said. "The big question is whether Google could ever do enough to satisfy competition concerns over the consolidation of number one and number two players in the market."

The Center for Digital Democracy (CDD), an advocacy group focused on consumer privacy, called on the DOJ to reject the Google-Yahoo deal.

"Google has reached way beyond the proverbial tipping point when it comes to its dominance of the interactive ad business," said Jeffrey Chester, the group's executive director. "Yahoo's agreement to the deal is a desperate move acknowledging they can no longer compete with Google. The DOJ -- even a Bush Administration business-friendly one -- shouldn't permit Google to operate a key part of Yahoo's business."

Earlier this month, CDD asked the U.S. Federal Trade Commission to investigate how the deal could affect consumer privacy. "Privacy is at risk, as Google gains access to even more consumer data," Chester said.

A Trojan horse program that has been around for about six years is now being used to steal system-administrator passwords, including those at banking and brokerage houses, according to security researchers. And it could be that six years from now we'll still be talking about Microsoft's aim to buy Yahoo's search business, which could involve obtaining the entire company and breaking it apart. Meanwhile, early adopters will undoubtedly be out in force on July 11 to be among the first to buy the new iPhone 3G.

1. Report says Microsoft readying new try for Yahoo: Bill Gates said on his way out of his full-time gig at Microsoft that he thought a deal for his company to buy Yahoo was unlikely, but a couple of days later the Wall Street Journal reported that Microsoft is looking for partners -- Time Warner and News Corp. were named -- to help it obtain Yahoo's search business. So, to quote baseball legend Yogi Berra, "It ain't over 'til it's over." And this one clearly ain't over yet.

2. Trojan lurks, waiting to steal admin passwords: The Coreflood Trojan horse program lurks until a system administrator logs on to an infected computer and then steals the password, using a Microsoft administration tool to spread malware on the network. The malware is being used to swipe banking- and brokerage-account usernames and passwords. So far, criminals have infected hundreds of thousands of computers with Coreflood, including more than 14,000 in one global hotel chain.

3. iPhone 3G set for 8 a.m. debut on July 11 and AT&T dishes on iPhone rate plans: AT&T announced prices for iPhone 3G service, which are, of course, more costly than plans for earlier iPhones. The carrier also announced that the new iPhones will be on sale at 8 in the morning, local time, on July 11. That's earlier than Apple retail stores open, though someone who answered the phone at the flagship San Francisco Apple Store wouldn't say if the opening will be moved up two hours and suggested that a reporter ring back later. (There has to be some element of the launch that maintains an air of secrecy, eh?)

4. Microsoft eases hardware terms for XP on low-cost PCs: Although June 30 marked the end of Microsoft offering most licenses for its Windows XP operating system, the company is still pushing the OS for use in low-cost PCs and it has eased hardware restrictions. Low-cost PCs with touchscreens, larger screen sizes and bigger hard drives now are eligible to use XP.

5. Oracle reveals BEA roadmap: Since Oracle closed its $8.5 billion merger with BEA, questions have abounded as to how the two companies' technologies will mesh -- or if they will even mesh at all. This week, Oracle finally laid out its plans of what to do with BEA's technology, saying it plans to make BEA's application server Oracle's strategic Java container and pledging continued support for BEA customers.

6. Long-awaited JBoss AS 5.0 moves closer to release date: The release candidate of the long-awaited JBoss Application Server 5.0 will be out soon, according a blog posting from the chief technology officer of Red Hat's JBoss division. Product development started three years ago and stretched out as the company decided to make more changes to the next version.

7. DOJ continues probe of Yahoo-Google partnership: The U.S. Department of Justice continues to investigate the proposed advertising partnership between Yahoo and Google, a DOJ spokeswoman said this week. The Washington Post reported Wednesday that the DOJ had just initiated a formal antitrust investigation around the proposed deal, but the spokeswoman said that the probe under way was begun June 16. Regulatory scrutiny was widely expected.

8. Adobe, Google, Yahoo enabling Flash searches: Yahoo and Google are working with Adobe to facilitate Flash pages being returned as search results. The move could mean that millions of rich Internet applications that had previously been all but invisible to search engines will now become serachable.

9. Mozilla's Firefox 3 sets geeky world record: The 8,002,530 downloads of Firefox 3 in the first 24 hours after the browser's release made it into the Guinness Book of World Records for the most downloads in that time period. Mozilla set out to achieve the first-ever such record. "Our community members came together and not only spread the word, but also took the initiative to help mobilize millions of people to demonstrate their belief that Firefox gives people the best possible online experience," said Mozilla Vice President of Marketing Paul Kim. Or maybe they just wanted to be part of setting the record ...

10. Gartner: Seven cloud-computing security risks: Cloud-computing customers need to ask hard questions about security and should think about getting a third-party security assessment before choosing a vendor, analyst firm Gartner recommends. A Gartner report, "Assessing the Security Risks of Cloud Computing," lays out the areas of security concern.

Microsoft will release four security patches for its Windows, Exchange, and SQL products next Tuesday, all rated "important."

The Exchange and SQL flaws are "Elevation of Privilege" bugs, meaning that an attacker could theoretically exploit them to get administrative access to a PC. One of the Windows flaws is labeled a "spoofing" bug, meaning that it could help hackers trick the user into doing things like visiting malicious Web sites.

The fourth update fixes a Windows flaw that could allow an attacker to run unauthorized code on a victim's PC, Microsoft said. Normally, this type of flaw is rated "critical" by Microsoft, but in this case the bug was probably given a less-severe rating because it doesn't work without the user first taking some extra actions or adding special software or drivers, said Eric Schultze, chief technology officer at Shavlik Technologies.

This remote code execution flaw affects Windows Vista and Windows Server 2008.

The SQL vulnerability affects Microsoft's SQL Server software and the internal SQL software that ships with some versions of Windows. It does not affect Vista or XP users, but it does exist on the Windows 2000, Windows Server 2003 and Windows Server 2008 products.

Microsoft published a note on the upcoming security patches on its Web site on Thursday. Unless it is forced to rush out an emergency fix, the company releases its security patches on the second Tuesday of each month.

Microsoft also said Thursday that it is planning to upgrade the Windows Update software it uses to deliver bug-fixes to PC desktops.

The upgrade will speed up the software download process, said Windows Update Product Manager Michelle Haven in a blog posting. "We’ve invested heavily in reducing the amount of time it takes the Windows Update agent to scan to see if new updates are available," he wrote. "In this case, we’ve seen some instances of the scan times on some machines decreasing almost 20 percent."

Microsoft plans to make further changes to the Windows Update software and back-end infrastructure over the next few months, Haven said.

A federal judge has agreed to put off a trial involving Visto's patent-infringement claims against Research in Motion, but limited RIM's ability to cause further delays.

The trial over mobile e-mail provider Visto's lawsuit against RIM had been set to begin next week. Visto sued RIM in 2006 in the U.S. District Court for the Eastern District of Texas, claiming its popular BlackBerry system infringed four Visto patents and asking for a shutdown of RIM's service as well as damages. But on Wednesday, Magistrate Judge Charles Everingham granted a stay of the trial, requested by RIM, because several of the patent claims involved are being re-examined by the U.S. Patent and Trademark Office.

RIM had requested the re-examinations, in which the patent office is studying the validity of certain parts of Visto's patents. But as a condition of the stay, the company can't ask for any more re-examinations, either directly or indirectly, the judge wrote. RIM also won't be allowed to challenge the validity of any of the patents during the trial by bringing up evidence that has already been considered in the re-examinations.

Earlier this week, the patent office validated 21 out of 22 claims in one of those patents, number 7,039,679, which involves technology for synchronizing e-mail between a mobile device and a LAN server.

Mobile e-mail, based on complex sets of technologies and rapidly growing in popularity, has been fertile ground for patent disputes. RIM came to the brink of a service shutdown in 2006 before settling a suit brought by NTP for $612.5 million. Visto has also aggressively defended its intellectual property, suing competitors including Good Technology, Seven, and Microsoft.

Apple's focus over the last year or so has been largely on the iPhone, leaving Mac developers who work in the enterprise market to pretty much fend for themselves. And that seems to be just fine for companies in a newly launched Mac enterprise group and even other Mac developers.

Earlier this week Atempo, Centrify, Group Logic, LANrev, and Parallels joined forces to form the Enterprise Desktop Alliance (EDA), a group of software developers dedicated to helping adopt the Mac--especially in larger companies with existing Windows-managed IT environments. Other Mac developers who cater to business customers think it's a good idea as well, and that it will help keep Apple focused on the end-user.

[ Special report: IT's guide to the Mac ] 

"I don't think Apple should be specifically target the enterprise," said Alykhan Jetha, president and CEO of Marketcircle (makers of billing and productivity management software). "It's not that I don't want those customers, because I do, but the enterprise market has fundamentally different requirements than you and I."

For example, those in the enterprise market may not be as willing to switch to a new operating system as quickly as individual consumers for fear of incompatibilities. Retraining employees on a new operating system can also be costly for large companies.

"This would slow us all down," said Jetha. "You won't see the type of innovation Apple shows from Microsoft because they have to cater to enterprise. If Apple caters to the enterprise like Microsoft, progress is going to slow."

That point is not lost on Tim Deal, senior analyst at market research form Pike & Fischer. "Apple has not tried to be everything to everyone and that has certainly been a key factor in its strong position of innovation," said Deal.

While Deal doesn't feel Apple does enough to promote its strengths in the enterprise market, he does think that Apple's focus on certain areas of the market over the years has been a winning strategy.

"Focusing on and having good reputation for those niche markets has really worked for them [Apple]," said Deal. "Those markets typically don't look anywhere else for their products."

Dennis Bilowus, president of FastTrack Scheduler-maker AEC Software, thinks that Apple should do more to promote itself in the enterprise, but recognizes that the company has been doing a much better job in the past year.

Bilowus points out that one of Apple's strongest niche markets, higher education, is also one of its biggest enterprise customers.

Of course, Apple's iPhone 3G, being released on July 11, will include many enterprise-targeted features as well. This will be another catalyst in getting Macs into the large companies as executives purchase iPhone and expect their IT departments to support them.

Overall, Mac developers seem pleased with Apple's position on the enterprise market. While a little more promotion might be nice, focusing on growing the business seems to be in everyone's best interest.

"When it comes to Apple, they have a long history of customers evangelizing for it," said Deal. "That puts the company in a unique position in the market. People will vehemently argue for the benefits of its products. That represents the unique nature of Apple."

Opera Software patched the newest version of its flagship browser for the first time Wednesday when it released Opera 9.5.1 to fix several flaws.

The update patches bugs in the Windows, Mac OS X, and Linux editions, said Opera in notes posted to its Web site.

Among the vulnerabilities addressed in 9.5.1 was one credited to noted researcher Billy Rios that affected only the Windows version of the Norwegian-made browser. "Fixed an issue that could be used to execute arbitrary code, as reported by Billy Rios," said Opera in the 9.5.1 change log "Details will be disclosed at a later date."

Danish vulnerability tracker Secunia rated the unspecified bug as "highly critical," its second-highest threat ranking.

Other flaws fixed by 9.5.1 included an information disclosure bug that could reveal data stored in memory and another involving digital certificates that were being summarily rejected.

Also included in the update were multiple changes to the user interface, a patch that boosted the browser's stability when accessing Yahoo Mail and a fix for problems related to search engines when upgrading from older Opera editions.

Opera only recently released version 9.5 , a major update to the free browser that emphasized security enhancements and bookmark synchronization, among other improvements.

Yesterday's patch update was the first since that launch.

Computerworld is an InfoWorld affiliate.

4Apple's launch of its new iPhone 3G will produce a flurry of spam and scams, a security company warned Thursday.

Users should also expect a Storm botnet campaign this weekend that touts the Fourth of July holiday in the U.S., said MX Logic in its monthly threat forecast.

The Englewood, Colo.-based security firm said "significant spam, scams and malware campaigns" touting the rollout of the iPhone 3G on July 11 would likely reach users starting next week. "Scams will be especially prevalent if supply doesn't meet demand," said the company in the July forecast it posted earlier this week to its Web site (download PDF) .

MX Logic cited a notice published by rival Websense of San Diego, Calif., last month of an iPhone 3G scam that had made the rounds among users in South America. Two weeks ago, Websense warned that users who clicked on links in e-mail touting the new Apple smart phone risked infection by malware posing as Apple marketing video.

Also on MX Logic's radar for the month is the Storm Trojan, which the company predicted would again use the Fourth of July holiday to tempt users into clicking on malicious links.

"The July 4th holiday marks the one-year anniversary of the Storm worm e-card campaign that several other Storm variants have since latched onto," said the company's forecast. "MX Logic expects to see Storm release another July 4th variant again this year."

Last year, researchers linked Storm -- a bot Trojan that collects compromised computers into large armies of PCs ready to spread spam or more malware -- to a massive surge in spam during July.

Computerworld is an InfoWorld affiliate.

Security company Secunia has found a flaw in the VLC Media Player that could allow an attacker to gain control of someone's PC.

The problem, which Secunia ranks as "highly critical," affects version 0.8.6h on Windows. Secunia said in an advisory that version 0.8.6i should be released soon.

The flaw is an integer overflow error, which can be exploited to cause a heap-based buffer overflow, a type of problem in how the program allocates memory. Secunia said it can be exploited by creating a specially-crafted ".WAV" sound file, which would the allow a hacker to run other code on the PC.

VLC Media Player is a free, open-source program released under the GNU General Public License by the VideoLAN project . The player can handle video files in MPEG-1, MPEG-2, MPEG-4, DivX, MP3, and OGG formats, among others.

The project also develops a streaming media server for several platforms. The VLC software has been download close to 90 million times, according to the project's Web site.

Secunia notified the VideoLAN project on June 30 and advised that until the update is released, users should be wary of untrusted ".WAV" files.

Google has released for free one of its internal tools used for testing the security of Web-based applications.

Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in Web applications, such as errors that could allow a cross-site scripting attack or cause caching problems.

"We decided to make this tool freely available as open source because we feel it will be a valuable contribution to the information security community, helping advance the community's understanding of security challenges associated with contemporary web technologies," wrote Google's Michal Zalewski on a company security blog.

Ratproxy -- released as version 1.51 beta -- is quick and less intrusive than other scanners in that it is passive and does not generate a high volume of attack-simulating traffic when running, Zalewski wrote. Active scanners can cause problems with application performance.

The tool sniffs content and can pick out snippets of JavaScript from style sheets. It also supports SSL (Secure Socket Layer) scanning, among other features.

Since it runs in a passive mode, Ratproxy highlights areas of concern that "are not necessarily indicative of actual security flaws. The information gathered during a testing session should be then interpreted by a security professional with a good understanding of the common problems and security models employed in web applications," Zalewski wrote.

Google has posted an overview of Ratproxy as well as a download link to the source code. Code licensed under the Apache 2.0 license may be incorporated in derivative works, including commercial ones, but the origin of the code must be acknowledged.

Weak web application security continues to embarrass companies, potentially causing the loss of customer or financial data.

A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection and 15.70 percent had other faults that could lead to data loss.

As a result, security vendors have moved to fill the need for better security tools, with large technology companies acquiring smaller, specialized companies in the field.

In June 2007, IBM bought Watchfire, a company that focused on Web application vulnerability scanning, data protection and compliance auditing. Two weeks later, Hewlett-Packard said it would buy SPI Dynamics, a rival of Watchfire whose software also looks for vulnerabilities in Web applications as well as performing compliance audits.

Nvidia has uncovered a problem with some older graphics chips that shipped in "significant quantities" of laptop PCs, the company said Wednesday.

Nvidia hasn't determined the exact cause of the problem but said it relates to a packaging material used with some of its chips, as well as the thermal design of some laptops. Modern processors generate considerable amounts of heat.

[ Keep up on the latest tech news headlines at InfoWorld News, or subscribe to the Today's Headlines newsletter. ]

To tackle the problem, the company is releasing a software driver that will cause system fans to start operating sooner and reduce the "thermal stress" on the chips. The driver has been provided to laptop makers directly, said Derek Perez, an Nvidia spokesman.

Nvidia will take a charge against second-quarter earnings of $150 million to $200 million to cover the expected cost of repairing and replacing the products, which include graphics processing units and media and communications processors. It didn't say specifically which of its products were affected.

The products have been failing in the field at "higher than normal rates," Nvidia said. In a filing with the U.S. Securities and Exchange Commission, it said it was talking to its supply chain about getting reimbursed for some of the costs.

The company also had other bad news on Wednesday. It said it was lowering its revenue forecast for the second quarter due to pricing pressure and delayed product ramps. The company now expects revenue to be between $875 million and $950 million.