Abstract: An audiovisual content posting system enables a user to post audiovisual comments in response to instances of audiovisual content such as podcasts. The user identifies a specific instance of audiovisual content on which s/he wishes to comment. The audiovisual content posting system prompts the user to record an audiovisual comment, and automatically transmits the recorded audiovisual comment to a destination associated with the content that is the subject of the comment. The audiovisual content posting system can automatically maintain a database storing identifiers of multiple instances of audiovisual content as well as electronic addresses to which to transmit comments thereon. The audiovisual content posting system can then detect changes to these electronic addresses, and automatically update the database accordingly. When the audiovisual content posting system transmits a comment, it can retrieve the appropriate, current electronic address to use from the database.

Abstract: A mobile communication device has both an (expensive) long-range wireless network interface and an intermittently available less expensive network interface. Requests are received to communicate data items to and from remote computing devices. Each data item is associated with a transmission deadline and an urgency rating. A transmission schedule is created by assigning data items to specific times for transmission over the long-range wireless network interface, based on their deadlines and urgency ratings. When the lower cost network interface is not available, data items are transmitted according to the transmission schedule. When the lower cost network interface is available, data items are transmitted over the lower cost network interface, based on their positions in the transmission schedule, until it is no longer available.

Abstract: A configuration information manager monitors attempts by processes to update non-structured storage of system configuration information, such as plain text files which contain system configuration information. When such an attempt is made, the configuration information manager makes a copy of the target file, and redirects the write operation to this copy. The configuration information manager then analyzes the process that did the writing, as well as the content that was written. If the process and/or the content is deemed to be suspicious, the changes will be logged and discarded, thus protecting the system. Should the changes be deemed legitimate, then the configuration information manager folds them into the real file, typically in an annotated manner, so as enable subsequent reversion of the changes as desired.

Abstract: A malware analysis component receives information concerning malware infections on a large plurality of client computers, as detected by an anti-malware product or submitted directly by users. The malware analysis component analyzes this wide array of information, and identifies suspicious malware detection and submission activity associated with specific sources. Where identified suspicious patterns of malware detection and submission activity associated with a specific source meet a given threshold over time, the malware analysis component determines that the source is an originator of malware.

Abstract: A DNS security system collects and uses aggregated DNS information originating from a plurality of client computers to detect anomalous DNS name resolutions. A server DNS security component receives multiple transmissions of DNS information from a plurality of client computers, each transmission of DNS information concerning a specific instance of a resolution of a specific DNS name. The server component aggregates the DNS information from the multiple client computers. The server component compares DNS information received from a specific client computer concerning a specific DNS name to aggregated DNS information received from multiple client computers concerning the same DNS name to identify anomalous DNS name resolutions. Where an anomaly concerning received DNS information is identified, a warning can be transmitted to the specific client computer from which the anomalous DNS information was received.

Abstract: Websites used for phishing are detected by analyzing end user confidential data submission statistics. A central process receives data indicating confidential information submitted to websites from a plurality of user computers. The received data is aggregated and analyzed, for example through statistical profiling. Through the analysis of the aggregated data, anomalous behavior concerning submission of confidential information to websites is detected, such is an unexpected, rapid increase in the amount of confidential information submitted to a given website. Responsive to detecting the anomalous behavior, further action is taken to protect users from submitting confidential information to that website. For example, an alert can be sent, a protective measure against the site can be published, the site can be added to a blacklist or a procedure to have the site shut down can be initiated.

Abstract: An authentication token management system securely manages an authentication token. Hardware based security extensions on a client are used to dynamically instantiate two dynamic secure virtual machines, a registration initiation module (RIM) and a registration completion module (RCM). A public key and a corresponding private key are generated, and the RIM seals the private key to the RCM. A request for an authentication token is signed by the hardware based security extensions and transmitted to the server. This request comprises at least the public key. In response, an authentication token encrypted with the public key is received. The RCM unseals the private key, and uses it to decrypt the received authentication token. The RCM then seals the authentication token to at least one additional dynamic secure virtual machine, which can use it to perform additional functionalities, such as data signing, encryption, generation and/or verification.

Abstract: The prevalence rate of a file to be subject to behavior based heuristics analysis is determined, and the aggressiveness level to use in the analysis is adjusted, responsive to the prevalence rate. The aggressiveness is set to higher levels for lower prevalence files and to lower levels for higher prevalence files. Behavior based heuristics analysis is applied to the file, using the set aggressiveness level. In addition to setting the aggressiveness level, the heuristic analysis can also comprise dynamically weighing lower prevalence files as being more likely to be malicious and higher prevalence files as being less likely. Based on the applied behavior based heuristics analysis, it is determined whether or not the file comprises malware. If it is determined that the file comprises malware, appropriate steps can be taken, such as blocking, deleting, quarantining and/or disinfecting the file.

Abstract: Opportunistically locked files are accessed in real-time from a kernel mode file system filter driver without breaking opportunistic locks. A file system is monitored, and the granting of an opportunistic lock to a specific file object referring to a specific underlying file is detected. The granting of the detected opportunistic lock results in both the file object and the underlying file being opportunistically locked. A reference to the opportunistically locked file object is cached. The file system filter driver filters a request to access the opportunistically locked file via a second file object which is not opportunistically locked. The kernel mode file system filter driver uses the cached reference to access the opportunistically locked underlying file. This enables access of the opportunistically locked file from the kernel mode file system filter driver without breaking the opportunistic lock.

Abstract: A submission filtering component filters malware related content received for analysis. The submission filtering component determines an analysis priority rating for each source from which malware related content is received. An analysis priority ratings is based on various factors indicative of how likely the source is to transmit malware related content that is important to analyze. The malware filtering component transforms the received stream of malware related content into a subset to be analyzed, based on the analysis priority ratings associated with sources from which malware related content is received. A malware analysis component analyzes the subset of malware related content.

Abstract: A portable storage device contains a real time clock, an onboard power source and secure storage. These components enable the device to securely store data and control access thereto. A secret key can be maintained in secure storage, such that access to the device can be denied to external systems that do not have a matching key. A log detailing connections can also be maintained in secure storage, such that device activity can be accurately documented, and made available in a trusted manner to a management system. Furthermore, the onboard real time clock allows stored data to be encrypted and decrypted in conjunction with specified time periods, such that a session key is destroyed after a time out, or is not made available until a given period of time has transpired.

Abstract: An apparatus for conveying products from a stack to an output includes a stack area configured for receiving a stack of a plurality of products, a guiding element extending to the output, and a transport mechanism configured for acting on at least part of the products in the stack for conveying the products in the direction of the output such that edges of the products abut on the guiding element.

Abstract: File resources that are most likely to be used on a target computer are proactively cached, so that the resources are available before they are needed. This greatly reduces or eliminates associated user wait times. It is determined which file resources are most likely to be used, the cost of transmitting them to the cache, the cost of storing them in the cache and the amount of cache space available. Based on a weighted balancing analysis of factors such as these, specific file resources are proactively streamed for use on the target computer. The determination as to which resources are most likely to be used can be based on a variety of factors, such as usage patterns, schedule based information, user and group based information, target computer and network information, etc.

Abstract: A backup cache on a client is prepopulated with fingerprints corresponding to data stored on a backup server. A plurality of fingerprints of data are received from the client, each received fingerprint corresponding to data present on the client which is subject to backup to the server. For each received fingerprint, an attempt is made to locate data corresponding to the received fingerprint stored on the backup server. Responsive to locating data corresponding to a received fingerprint stored on the backup server, data stored on the backup server considered to be “in the neighborhood” of the located data is identified. Fingerprints (e.g., hashes) identifying data stored on the backup server in the neighborhood of the located data are created and transmitted to the client, for prepopulating the backup cache on the client.

Abstract: The reputations of content sources are tracked as running rates of content origination. Information concerning content origination from multiple sources is received and aggregated. The aggregated information is used to calculate running rates of content origination. An initial running rate of content origination can be calculated based on the number of detections of originations from a given source over a period of time. Running rates can be updated based on additional detections from the source since the last update. As incoming electronic content is received from specific sources, the running rates from given sources are used to determine whether to block or allow the incoming content. Reputation characterization percentages can be calculated based on the running rates, and incoming content from a specific source can be blocked if a reputation characterization percentage is above a given threshold.

Abstract: Client computers track visited websites and monitor confidential information transmitted to the visited websites. Upon subsequent identification of a website as malicious or compromised, it is determined whether the unsecure website was visited, and if so, whether any confidential information was exposed to the unsecure website. Clients compile statistical reports concerning confidential information transmitted to unsecure websites, and provide these reports to a central server. The central server uses statistical reports received from a wide distribution of clients to maintain comprehensive statistical data indicating exposure of confidential information to unsecure websites. This comprehensive statistical data can be used for purposes such as damage assessment, trend tracking and profiling of suspected malicious websites.

Abstract: A uniformity of a cluster of samples is determined, and a corresponding raw confidence value is calculated. A confidence interval weight is calculated using a confidence interval to determine reliability of the uniformity. A trace length weight is calculated, as a function of traces of the samples. An n-gram weight is calculated, as a function of numbers of n-grams generated by the samples. A compactness weight is calculated, as a function of the similarity of the samples. A cluster weight is calculated as a function of the four above-described weights. A cluster confidence measurement is calculated as a function of the cluster weight and the raw confidence value. When a new sample is assigned to the cluster, an assignment confidence measurement is calculated, as a function of the cluster's confidence measurement and the sample's trace length, n-grams and similarity.

Abstract: When copying a guest from a source virtual environment to a target virtual environment, policy control of the target environment is provided. A configuration specification is created based on the source virtual environment and the guest to be copied. The configuration specification contains specific policies and/or requirements of the guest. The guest and the configuration specification are copied to the target virtual environment. The target virtual environment is examined to determine whether it is compliant with the copied configuration specification. If so, the copied guest runs in the target virtual environment. If not, the target virtual environment can be modified to be in compliance with the configuration specification.

Abstract: The short-range wireless communication on a mobile communication device is optimized to balance between preserving battery power and processing urgent data without delay. A wireless access schedule identifying time periods during which the mobile communication device is assumed to have access to short-range wireless communication is created or provided. Data to be transmitted or received by the mobile communication device is classified as being urgent or non-urgent. When data is to be transmitted or received by the mobile communication device, the transmission or receipt of the data is managed according to 1) whether or not the data is urgent, and 2) whether the current time is within a time period during which the mobile communication device is assumed to have access to short-range wireless communication.

Abstract: A graphical checkout identifier is used to facilitate automatic checkout of a user on a webstore. A graphical identifier checkout system receives a request from a webstore for a onetime use graphical checkout identifier. In response to the received request, a onetime use graphical checkout identifier to be displayed by the webstore is generated. A request for checkout completion information by the webstore is encoded in the graphical checkout identifier, which is transmitted to the webstore for display. The onetime use graphical checkout identifier being displayed by the webstore is captured by a registered user operated computing device. In response, the requested checkout completion information is transmitted to the webstore, such that the user is automatically checked out on the webstore, without the user manually logging in to the webstore or entering the requested checkout completion information.