Abstract: Characteristics of a call module originating a critical operating system function call are analyzed for indications of suspicious content and a virus threshold counter is incremented appropriately. For example, the memory image to the file image of the call module are compared for indications of suspicious content. If a determination is made that the virus threshold counter exceeds a virus threshold, there is a significant probability that malicious code is executing on the host computer system. Thus, the user of the host computer system and/or an administrator are notified that malicious code is possibly executing on the host computer system.

Abstract: Disclosed is a wafer level chip scale package and a method for manufacturing the same. The wafer level chip scale package includes a semiconductor die having a first coating layer formed thereon; a redistribution layer formed on the first coating layer and connected to the bond pad; an electronic device placed on the first coating layer; a connection member for electrically connecting the electronic device and the redistribution layer; a conductive post formed on the redistribution layer with a predetermined thickness; a second coating layer for enclosing the first coating layer, the redistribution layer, the electronic device, the connection member, and the conductive post; and a solder ball thermally bonded to the conductive post while protruding to the exterior of the second coating layer. This construction makes it easy to manufacture stacked packages and chip scale packages in a wafer level.

Abstract: A method for making an integrated circuit substrate having embedded passive components provides a reduced cost and compact package for a die and one or more passive components. An insulating layer of the substrate is embossed or laser-ablated to generate apertures for insertion of a paste forming the body of the passive component. A resistive paste is used to form resistors and a dielectric paste is used for forming capacitors. A capacitor plate may be deposited at a bottom of the aperture by using a doped substrate material and activating only the bottom wall of the aperture, enabling plating of the bottom wall without depositing conductive material on the side walls of the aperture. Vias may be formed to the bottom plate by using a disjoint structure and conductive paste technology. Connection to the passive components may be made by conductive paste-filled channels forming conductive patterns on the substrate.

Abstract: A method includes establishing a SMTP proxy, defining an application that forms a connection with the SMTP proxy as a SMTP client application, emulating the SMTP client application including generating at least one SMTP client application dirty page, intercepting an executable application sent from the SMTP client application with the SMTP proxy, emulating the executable application including generating at least one executable application dirty page. If a determination is made that the at least one SMTP client application dirty page is a match of the at least one executable application dirty page, a determination is made that the SMTP client application is polymorphic malicious code that is attempting to send itself and protective action is taken.

Abstract: An image sensor package includes an image sensor, a window, and a molding, where the molding includes a lens holder extension portion extending upwards from the window. The lens holder extension portion includes a female threaded aperture extending from the window such that the window is exposed through the aperture. A lens is supported in a threaded lens support. The threaded lens support is threaded into the aperture of the lens holder extension portion. The lens is readily adjusted relative to the image sensor by rotating the lens support.

Abstract: A system for executing a software application comprising a plurality of hardware independent bytecodes is provided comprising a computing system that generates bytecodes, a virtual machine, remote to the computing system, that receives a plurality of bytecodes from said computing system, and executes said plurality of bytecodes, a system for testing said bytecodes against a set of predetermined criteria in which the testing is securely distributed between said virtual machine and said computing system so that the bytecode verification completed by the computing system is authenticated by the virtual machine prior to the execution of the bytecodes by said virtual machine. A method for distributed bytecode verification is also provided.

Abstract: In accordance with the invention, a data storage system for storing and retrieving fixed data content includes: a storage system network; one or more peer node computer systems interconnected by the storage system network; and at least one disklet stored on at least one of the one or more peer node computer systems, the disklet for execution on the data storage system using data that are stored on, being written to, or being read from the data storage system. In one embodiment, a disklet includes executable program code and a disklet interface that permits the program code of the disklet to be loaded on to the data storage system and executed on the data storage system by a user.

Abstract: A file system event including a file name having at least a last file name extension is intercepted and stalled. The file name is parsed to obtain at least the last file name extension and a next to last file name extension, when present. A determination is made whether the last file name extension is the only file name extension of the file name. Upon a determination that the last file name extension is not the only file name extension of the file name, e.g., there are multiple file name extensions, a determination is made whether the last file name extension is a dangerous file name extension based upon the next to last file name extension. Upon a determination that the last file name extension is a dangerous file name extension, a notification is generated. Optionally, protective actions are implemented, such as terminating the file system event.

Abstract: A method includes stalling a call to a heap allocation function originating from a request by an application for a block of heap buffer, predicting a block of the heap buffer to fulfill the request, and determining if a forward link (F-link) and a backward link (B-link) of the predicted block are addresses within a heap segment associated with the predicted block. If a determination is made that the F-link or the B-link point outside the associated heap segment, e.g., have been overwritten by a heap buffer overflow attack, corrective action is taken to correct the stray F-link or B-link. After the corrective action is taken, the heap allocation function call is released and the block of heap buffer is allocated. In this manner, a heap buffer overflow attack is defeated.

Abstract: A call to a file system function is intercepted in the context of a caller, and stalled. A determination is made whether malicious code, such as a peer-to peer (P2P) computer worm, is detected based upon the call. Upon a determination that malicious code is detected, protective action is taken, such as terminating the call to the file system function, and, optionally, a notification generated. Alternatively, upon a determination that malicious code is not detected, the call to the file system function is released.

Abstract: Requests issuing on a host computer are intercepted and stalled prior to sending to target computer systems. The requests are analyzed to determine whether they are suspicious. Requests determined to be suspicious are added as request entries to a request database. Each time a request entry is added to the request database, a determination is made whether malicious code activity is detected on the host computer system. Upon a determination that malicious code activity is detected, a notification of the malicious code detection is generated and protective actions are implemented, such as terminating the request. Requests not determined to be suspicious or to indicate malicious code activity are released for sending to the target computer systems.

Abstract: A method for arithmetic expression optimization includes receiving a first instruction defined for a first processor having a first base, the first instruction including an operator and at least one operand, converting the first instruction to a second instruction optimized for a second processor having a second base when all operands do not carry potential overflow or when the operator is insensitive to overflow, the second base being smaller than the first base, and converting to a wider base a third instruction that is the source of the overflow when the at least one operand the potential for overflow and when the operator is sensitive to overflow.

Abstract: A method for making an integrated circuit substrate having laser-embedded conductive patterns provides a high-density mounting and interconnect structure for integrated circuits. A dielectric material is injection-molded or laminated over a metal layer that is punched or etched. The metal layer can provide one or more power planes within the substrate. A laser is used to ablate channels on the surfaces of the outer dielectric layer for the conductive patterns. The conductive patterns are electroplated or paste screen-printed and an etchant-resistive material is applied. Finally, a plating material can be added to exposed surfaces of the conductive patterns. An integrated circuit die and external terminals can then be attached to the substrate, providing an integrated circuit having a high-density interconnect.

Abstract: A method includes determining a garbage collection list for a data storage structure of a node in a data storage system, the garbage collection list including one or more layout map identifiers (IDs) for garbage collection. A data fragment stored on the data storage structure is located at a first location and a layout map ID associated with the data fragment is determined. A determination is made whether the layout map ID associated with the data fragment matches a layout map ID for garbage collection in the garbage collection list. If the layout map ID associated with the data fragment matches a layout map ID for garbage collection in the garbage collection list, a determination is made whether the data fragment is present at a second location on the data storage system. If the data fragment is present at a second location on the data storage system, the data fragment at the first location is determined to be a garbage fragment and deleted from the data storage system.

Abstract: A circuit-on-foil process for manufacturing a laminated semiconductor package substrate having embedded conductive patterns provides a high-density mounting and interconnect structure for semiconductor packages that is manufacturable in volume. A dielectric film is laminated on one or both sides with a foil layer with a circuit pattern disposed on a surface of the foil. The circuit-on-foil layer can be made by laser-ablating a plating resist material and then plating metal atop a foil, or by laser-exposing a photo-sensitive plating resist material and then plating the circuit pattern atop the foil. After lamination, the metal foil is removed by etching or machining to leave only the dielectric and embedded conductors. Vias can be formed between layers of embedded conductors by laser-drilling holes either though the entire substrate or from one side through to at least the bottom of one of the embedded circuit layers, and then filling the hole with metal.

Abstract: A process page table entry (PTE) associated with a process is located, and a determination is made whether the process PTE is prototype PTE. If the process PTE is a prototype PTE, the location of the actual PTE is determined. A copy-on-write functionality associated with the PTE is disabled and the location of shared page of memory associated with the PTE determined. The shared page is modified, for example with hooking code, and the copy-on-write functionality is re-enabled.

Abstract: A method for recovery of data objects on a data storage system includes determining a list of layout map IDs that place data objects on a node of a data storage system. For each layout map ID, a list of object IDs associated with each of the data objects assigned the layout map ID is determined. For each object ID, a list of data object fragments associated with the object ID is determined. A determination is made whether each of the data object fragments is present on the node. If a data object fragment is not present on the node, the data object fragment is reconstructed on the data storage system. The method can be automatically implemented by each of one or more operational nodes of a distributed data storage system at configured time intervals, and/or upon the operational loss of a data storage structure of a node, or a node.

Abstract: A method includes hooking a send operating system function, originating a call to the send operating system function with a call module to send the content of a send buffer, stalling the call, and determining whether the call module or a copy of the call module are in the send buffer. Upon a determination that the call module or a copy of the call module are in the send buffer, the method further includes terminating the call. By terminating the call, the call module comprising malicious code is prevented from sending itself or a copy of itself to other host computer systems thus preventing the spread of the call module.

Abstract: A method includes stalling a call to a critical operating system (OS) function, looking up a value at the previous top of stack, and determining whether the value is equivalent to an address of the critical OS function being called. If the value at the previous top of stack is equivalent to the address of the critical OS function being called, the method further includes taking protective action to protect a computer system.

Abstract: Semiconductor packages having a thin structure capable of easily discharging heat from a semiconductor chip included therein, and methods for fabricating such semiconductor packages, are disclosed.