Abstract: A computer-implemented method may include receiving a request to access a network. The request may be sent from a virtual machine. The method may also include proxying the request to a network-access-control module, receiving a response from the network-access-control module, and transmitting the response to the virtual machine. Proxying the request to the network-access-control module may include assigning the virtual machine a virtual identifier. Proxying the request may also include creating a temporary interface. The temporary interface may be programmed to receive the response from the network-access-control module and transmit the response to the virtual machine. Various other methods, systems, and computer-readable media are also disclosed herein.

Abstract: A computer-implemented method may provide resource-access information. The computer-implemented method may include determining a resource-access scope of a software application and determining whether a resource is within the resource-access scope. The computer-implemented method may also include retrieving resource information associated with the resource from a resource-information database and providing a notification that indicates whether the resource is within the resource-access scope. The notification may comprise the resource information. Additional computer-implemented methods and systems are also disclosed.

Abstract: A portable storage device contains a real time clock, an onboard power source and secure storage. These components enable the device to securely store data and control access thereto. A secret key can be maintained in secure storage, such that access to the device can be denied to external systems that do not have a matching key. A log detailing connections can also be maintained in secure storage, such that device activity can be accurately documented, and made available in a trusted manner to a management system. Furthermore, the onboard real time clock allows stored data to be encrypted and decrypted in conjunction with specified time periods, such that a session key is destroyed after a time out, or is not made available until a given period of time has transpired.

Abstract: A method and apparatus for dynamically generating a persona is provided. In one embodiment, the method includes receiving an identity policy, determining a required identity information data set based on the policy, requesting a site reputation, receiving the site reputation, determining a set of site reputation parameters, and generating a persona based on the required identity information data set and the site reputation parameters.

Abstract: A method, system and computer-readable medium for securing access between a mobile computing device and a network computer is described. The method comprises upon a connection by the mobile computing device to a network or a device, recording the connection in a history database and processing the history database to assign a risk level to the mobile computing device. The system comprises the mobile computing device comprising a connection history collection agent for collecting information about a computing environment and the host computer comprising wireless environment data derived from the collected information where the host computer uses the wireless environment data to grant or deny a connection to the mobile computing device.

Abstract: A computer-implemented method for managing email configuration may include receiving a first email message from a first device, identifying device-type information in the first email message, identifying a second email message addressed to the first email address, and using the device-type information to select email-configuration information for the second email. The method may further include reformatting a body of the second email based on the email-configuration information, removing an attachment to the second email in response to the email-configuration information, providing a user with the email-configuration information for the second email message, and associating the device-type information with the first email address. A computer-implemented method for including email-configuration information in an email may involve identifying a first email message from a first user, including email-configuration information in the first email message, and sending the first email message to a first recipient.

Abstract: Techniques are disclosed for implementing dynamic endpoint management. In accordance with one embodiment, whenever an endpoint joins a managed network for the first time, or rejoins that network, a local security module submits a list of applications (e.g., all or incremental) to a security server. The server validates the list and sends back a rule set (e.g., allow/block rules and/or required application security settings) for those applications. If the server has no information for a given application, it may further subscribe to content from a content provider or service. When the server is queried regarding an unknown application, the server sends a query to the service provider to obtain a trust rating for that unknown application. The trust rating can then be used to generate a rule set for the unknown application. Functionality can be shifted from server to client, and vice-versa if so desired.

Abstract: When copying a guest from a source virtual environment to a target virtual environment, policy control of the target environment is provided. A configuration specification is created based on the source virtual environment and the guest to be copied. The configuration specification contains specific policies and/or requirements of the guest. The guest and the configuration specification are copied to the target virtual environment. The target virtual environment is examined to determine whether it is compliant with the copied configuration specification. If so, the copied guest runs in the target virtual environment. If not, the target virtual environment can be modified to be in compliance with the configuration specification.

Abstract: A method and apparatus for providing information associated with service providers using a social network is described. In one embodiment, a method of providing indicia of familiarity with the service providers comprises identifying one or more relationships between one or more service providers and a user using a social network associated with the user and generating information regarding the one or more relationships, wherein the information comprises a social distance between the user and each service provider of the one or more service providers where the social distance represents an indicia of familiarity between the user and each service provider of the one or more service providers.

Abstract: Method and apparatus for host authentication in a network implementing network access control is described. In an example, a network access control (NAC) server receives network address requests from hosts on a network. If a host is compliant with an established security policy, the NAC server determines a unique indicium for the host and records the unique indicium along with a network address leased to the host by a dynamic host configuration protocol (DHCP) server. When a host requests access to a resource on the network, the host is authenticated by determining whether its asserted network address is valid. If valid, a pre-computed unique indicium for that address is obtained and compared with a unique indicium for the host. If the indicia match, the host is allowed access to the resource. Otherwise, the host is blocked from access to the resource.

Abstract: In one embodiment, a key list entry corresponding to a user's private key is securely deleted from a key list of a user device on shutdown of the user device. Subsequently, input of the user's private key will not allow decryption of an encrypted partition storing encrypted data on the user device. In another embodiment, a key list entry corresponding to a user's private key is automatically and securely re-provisioned on boot up of the user device. Subsequently, input of the user's private key will allow decryption of the encrypted partition on the user device.

Abstract: A computer-implemented method for detecting a malicious process using file-name heuristics may comprise: 1) identifying a process, 2) identifying a process name for the process, 3) identifying a list of process names for non-malicious processes, and 4) determining, by comparing the process name for the process with the list of process names for non-malicious processes, whether to allow the process to execute. A method for maintaining a database containing information about non-malicious processes is also disclosed. Corresponding systems and computer-readable media are also disclosed.

Abstract: A remote access manager protects the privacy of identified local file system content while a local computer is being accessed by a remote administrator. A local user inputs a privacy policy which identifies restricted access levels for specified files, file types and folders. During remote administration sessions, the remote access manager intercepts attempts to access the local file system, and enforces the privacy policy. Thus, the remote administrator's access to the local file system content is restricted according to the security policy.

Abstract: A method of facilitating a blind referral comprising producing a referral communication for referring a client computer from a connection with a first server to a second server, wherein the referral communication comprises first server information defining a location of the first server, generating a placeholder for the first server information in the referral communication, and replacing the first server information with the placeholder in communications with the second server during the referral communication.

Abstract: Visual images of computer components are provided to remotely guide users through the process of setting up physical connections. Component identifying information is automatically gleaned and provided from a user's computer to a remote administrator. The administrator provides visual images of the components to the user, and remotely annotates them to guide the user through the configuration process. Image annotation can include pointing to a specific section of the image (e.g., the plug into which a cable is to be inserted) and/or drawing or writing on or otherwise marking-up the image to direct the user's attention. The visual image-based guidance can be supplemented by voice communication with the user.

Abstract: Global, location-aware security information is generated, and used to provide location-aware computer security to portable computing devices. A global, location-aware security system receives local, location-aware security information from a large number of portable devices. The local information from each device comprises their locations at the times of detection of threat indicators. The global system transforms the received local information into global information, and maps detected threat indicators to specific locations. Each device monitors activity occurring thereon, detects threat indicators and current locations, and builds local information, which is periodically transmitted to the global system. When a device is activated or moved to a new location, it determines its current location, and requests global information concerning that location from the global system.

Abstract: An agent on a network is preconfigured to automatically respond to neighborhood discovery by sending an advertisement having a spoof IPv6 address. A spoof IPv6 address includes a spoof NIC value that is a value that identifies a network interface card not being used on the network. Thus, upon receipt of the advertisement by the infected host computer system, malicious code on the infected host computer system probes the spoof IPv6 address space defined by a network section value of the spoof IPv6 address, the spoof NIC value, and the range of possible values of the assigned host ID value of the spoof IPv6 address. As there are no interfaces within the spoof IPv6 address space except that associated with the agent, propagation of the malicious code is slowed or defeated and connections are directed to the agent.

Abstract: When an executable file cannot be run on a client computer until the digital signature has been verified, the streaming server performs the verification if the entire file is not present on the client. More specifically, the client detects requests to verify digital signatures on executable files before allowing them to run. The client determines whether the entire executable file is present, and whether the server is trusted to verify digital signatures. If the entire file is not present locally and the server is trusted, the request to verify the digital signature is passed to the server. The server verifies the digital signature on its complete copy of the executable file, and returns the result to the client.

Abstract: A computer-implemented method for protecting active copies of data may include detecting an attempt to access an active copy of original data, identifying an access rule associated with the original data, and determining whether to allow access to the active copy by applying the access rule to the attempt to access the active copy. The computer-implemented method may also include associating the access rule with a file-system path of the active copy. The access rule may be a file-system rule associated with a file-system path of the original data. Various other computer-implemented methods, systems, and computer-readable media for protecting active copies of data are also disclosed.

Abstract: A computer-implemented method for determining the trustworthiness of a server may comprise: 1) identifying a streaming application that originates from a server, 2) determining a trust level for the server, and then 3) determining, based on the trust level, whether to stream the streaming application from the server. The trust level for the server may be determined by comparing current streams (or portions of current streams) received from the server with prior streams to detect change, by communicating with peer computing systems or reputation services, and/or by analyzing locally stored information. Corresponding systems and computer-readable media are also disclosed.