Abstract: One embodiment of the present invention provides a system that detects a macro virus in a computer system by statically analyzing macro operations within a document. The system operates by receiving the document containing the macro operations. The system locates the macro operations within the document, and performs a flow analysis on the macro operations within the document to determine associated values for variables within the macro operations. Next, the system compares the macro operations including the associated values for variables against a profile containing information about suspect macro operations and associated values for variables to determine whether the document contains suspect macro operations. If so, the system informs a user that the document contains suspect macro operations. In one embodiment of the present invention, after informing the user, the system receives instructions from the user specifying an action to take with regards to the document.

Abstract: In a probe system for monitoring and analyzing data flow and associated activities between devices connected in common to a point in a network, the probe's driver runs in a “Kernel mode” on Windows NT for analyzing packets of data retrieved from the network, whereby programming is provided for operating the Kernel mode driver to monitor the rate of traffic or data packets entering an NIC card buffer, for causing the CPU to respond to an interrupt issued by the NIC everytime a data packet is received at a traffic rate below a predetermined threshold to access data packets entering the NIC card buffer, and to cause the CPU to respond to polling pulses at regular predetermined intervals to access data packets, when the traffic rate exceeds the predetermined threshold, for providing more CPU cycles to analyze the data packets.

Abstract: A wireless analyzer device for an IEEE 802.11 Wireless LAN is programmed to perform both a per packet processing routine to obtain packet statistics, and a one second timer routine, followed by arranging the packet statistics in a logical manner for display on a computer monitor.

Abstract: A method and apparatus provides for wirelessly monitoring data packets or frames transmitted in a wireless LAN, that permits a user to selectively filter out unwanted ones of the data packets or frames with respect to the source and destination hardware addresses, and to the frame type and subtypes.

Abstract: A system and method for providing a network host decoy on a virtual host using a pseudo implementation of a network protocol stack are described. A hierarchical network protocol stack is functionally defined and includes a plurality of communicatively interfaced protocol layers. A request frame originating from a remote host is received. The request frame includes a plurality of recursively encapsulated data segments which each correspond to a successive protocol layer in the network protocol stack. At each protocol layer, processing a header associated with the encapsulated data segment demultiplexs each encapsulated data segment in the request frame. Any requested network service is performed and any recursively encapsulated portion is forwarded to the next successive protocol layer. A plurality of pseudo data segments corresponding to each of the protocol layers in the network protocol stack is formed. Each pseudo data segment includes a header and data portion.

Abstract: A system and method for minimizing the likelihood of flaws in a firewall proxy is disclosed. Software wrappers are used to introduce fine-grained controls on the operation of existing proxy applications. These fine-grained controls create an extra measure of assurance that bugs (or malicious software) will not subvert the intent of the firewall. To provide even further assurance, the firewall system can be totally wrapped. A totally wrapped system includes a wrapper for the proxies plus a separate wrapper for everything else on the firewall system that can potentially interfere with the wrappers and the proxies. The software wrappers can also be integrated with an intrusion detection system. The fine-grained controls of the software wrapper enables it to be uniquely positioned to generate alerts based on an indication that a flaw exists in the proxy and that the proxy is misbehaving.

Abstract: A system that facilitates customizing a software package by modifying an implementation of a target method defined within an application programming interface (API) for the software package is presented. The system operates by receiving additional code for integration into a target method defined within the API and a command to integrate this code, wherein the API defines a plurality of methods that operate on objects. This command is received through a pre-defined method within the API. In response, the system links the additional code into the target method so that the additional code is executed upon invocation of the target method. In one embodiment the API defines: a method that creates an object; a method that deletes the object; a method that fetches the object; and a method that updates the object. In one embodiment the additional code causes the target method to operate on data from an alternative source.

Abstract: A method and apparatus for detecting and diagnosing wireless network failures, provides for capturing, analyzing, and displaying detailed information relative to data packets and/or frames transmitted across a wireless network including an IEEE 802.11 LAN.

Abstract: A system, method, and computer program product are provided for cleaning a computer. Initially, a cleaning program is downloaded to a computer. Next, a search for undesired data and software is performed on the computer utilizing the cleaning program. Such undesired data and software is then deleted from the computer utilizing the cleaning program.

Abstract: A system, method and computer program product are provided for retrieving records in, for example, a computer telephony integration (CTI) architecture. Initially, a telephone call is received from a user. During the telephone call, an identifier associated with the user is ascertained. Information associated with the user is then retrieved utilizing the identifier. The retrieval of information is based on criterion that is customizable.

Abstract: A system, method and computer program product are provided for allowing a user to remotely interface a computer telephony integration (CTI) architecture. A telephone call is initially received from a caller. Such telephone call is subsequently routed to a remote user. Before or during the telephone call, an identifier associated with the caller is ascertained. Information associated with the caller is then retrieved utilizing the identifier. Further, the information is sent to the remote user utilizing a network such as the Internet. The information is then capable of being viewed using a Hypertext Transfer Protocol (HTTP) application.

Abstract: A system and method update client computers of various end users with software updates for software products installed on the client computers, the software products manufacturered by diverse, unrelated software vendors. The system includes a service provider computer system, a number of client computers and software vendor computer systems communicating on a common network. The service provider computer system stores in an update database information about the software updates of the diverse software vendors, identifying the software products for which software updates are available, their location on the network at the various software vendor computer systems, information for identifying in the client computers the software products stored thereon, and information for determining for such products, which have software updates available. Users of the client computers connect to the service provider computer and obtain a current version of portions of the database.

Abstract: In a malware scanner containing an updating program 20, a malware scanner engine 22 and malware definition data 24, the malware scanner engine 22 and the malware definition data 24 cross-check each other for validity. More particularly, each includes its own signature 26, 30 as well as public key information 28, 32 for checking the other. There is no dependence upon the updating software 20 for information required in the validating of the malware scanner engine 22 or malware definition data 24. The malware definition data 24 can include program code operable to utilize the validating data 32 embedded within the malware definition data 24 for checking the signature 26 of the malware scanner engine 22.

Abstract: Data frames or packets transmitted between stations on a selected channel from amongst a plurality of channels in a wireless communication network are captured, along with data frames or packets transmitted on other of the plurality of channels that appear on the selected channel due to crosstalk caused by channel overlap, are filtered to separate the data frames or packets originated on the selected channel from these due to crosstalk, for presentation to a user in respective individual traces or screen displays.

Abstract: A virus information patrol (VIP) data collector is provided to monitor virus information repositories and to collect selected virus descriptor data into a VIP database in accordance with a VIP configuration data. The VIP configuration data may include various VIP criteria to determine which virus information repositories to patrol and which virus descriptor data to collect. The VIP configuration data may further include a VIP indicator of whether to include or exclude a particular repository or virus descriptor data that satisfies the various VIP criteria. The VIP configuration data may further include a VIP category that describes the type of virus descriptor data that satisfies the various VIP criteria.

Abstract: A system and method for building an executable script for performing a network security audit is described. A source program expressed in a network packet simulation language is stored. The same program includes a plurality of statements encoding logic to simulate an exchange of network protocol compliant-packets. Each statement is scanned into a sequence of individual tokens. Each token is parsed into grammatical phrases comprising at least one of an expression and a control construct. Each expression evaluates a data value. Each control construct defines a process flow. The grammatical phrases are compiled into program instructions to execute the logic on a target machine.

Abstract: A system, method and computer program product are provided for adaptive priority data filtering. Data is collected from a network segment and classified into multiple flows. The flows are prioritized into high and low priority flows. High priority flows are stored in a high priority queue prior to processing, while low priority flows are stored in a low priority queue prior to processing. An amount of data in the high priority flows is monitored. Buffers from the low priority queue are reallocated to the high priority queue if the amount of data in the high priority flows surpasses a predetermined threshold.

Abstract: A system and method for efficiently managing computer virus definitions using a structured virus database are described. One or more virus definition records are stored in a structured virus database. Each virus definition record includes an identifier uniquely identifying a computer virus, at least one virus name associated with the computer virus, a virus definition sentence including object code providing operations to detect the identified computer virus within a computer system, and a virus removal sentence including object code providing operations to clean the identified computer virus from the computer system. The virus definition records in the structured virus database are accessed indexed by the identifier and the at least one virus name for each virus definition record. The object code of the virus definition sentence and the virus removal sentence for each accessed virus definition record is interpreted.

Abstract: An Internet computer system with methods for dynamic filtering of hypertext tags and content is described. The system includes one or more Web clients, each operating a Web browser (e.g., Netscape Navigator or Microsoft Internet Explorer) with an Internet connection to one or more Web servers. Each client includes, interposed between its browser and communication layer, a Filter module of the present invention which traps and processes all communications between the browser and the communication layer. The Filter module, which implements client-side methodology at each individual Web client for dynamic filtering of hypertext tags and content, includes an output stream, a processing loop, a Filter method, and an input stream. During system operation, the Web browser generates multiple requests for retrieving content. More particularly, particular content is retrieved by a fetch or GET command (e.g., using HTTP protocol) transmitted to a target server from the client-side communication layer (e.g.

Abstract: A method and system for on-access virus scanning within an enterprise or in a workgroup, where all users are authenticated against a trusted certificate authority. The first time an item, such as an executable file or document, is accessed, it is scanned for viruses, worms, trojan horses, or other malicious code, and, after the item is determined to be free from threats or is corrected, a certificate noting this information is generated. At the same time a Globally Unique Identifier (“GUID”) is generated and appended to the item. The certificate contains various information, including the identity of the scanner that performed the virus check, as well as a means for determining if the original item has been altered since it was scanned, and is stored in a certificate database. The GUID is used as a pointer for locating the certificate. A subsequent user who accesses the item will detect the GUID and can use the GUID to locate the certificate for the item.