Abstract: A system for scanning computer files for unwanted properties, such as containing computer viruses or being spam e-mail, allocates a priority to pending scan requests based upon the identity of a computer user associated with the scan request. In the case of a normal file access request, the computer user associated with the scan request may be the file access request or in the case of an on-demand scan, then the computer user associated with a particular scan request for a computer file may be the owner or creator of that computer file. In the case of scan requests associated with e-mails, the sender or recipient computer user may be used in the allocation of a priority level for the scan request.

Abstract: A system, method, and computer program product are provided for expert application performance analysis. An application is monitored. Performance data is gathered during the monitoring. A set of metrics is generated based on the performance data. A performance of the application is measured from at least one of a client perspective, a server perspective, and a network perspective using the metrics.

Abstract: Aspects of the invention are found in an apparatus for monitoring data on a wireless network. The data is transmitted according to a wireless data network protocol across the network. The apparatus is contained on a portable wireless network analysis device. The portable wireless network analysis device has a wireless network interface that communicatively couples the portable wireless network analysis device to the wireless network. This allows the portable wireless network analysis device to receive data from the wireless network. The portable wireless network analysis device also has a network traffic analyzer. The network traffic analyzer is communicatively coupled to the wireless network interface. The analyzer receives and analyzes the data received from the wireless network. The portable wireless network analysis device is capable of being operated by user at one location and transported to second location.

Abstract: A secure method and system for administering to software on a plurality of client computers is disclosed. One or more pre-set policies for one or more client computers may be stored on and transmitted in a secure manner from a central server that is under the control of a system administrator to the client computers over a public network or e-mail systems. The central server is preferably an HTTP server containing software for creating packages of information and for protecting the integrity of the packages during transmission over a virtual secured pipe. The packages may contain policy for the various clients that are to be maintained. The policy may comprise software configurations for software that resides on the clients, software to be installed on one or more clients, or any other information and data that is needed to maintain and manage the clients.

Abstract: A system, method and article of manufacture are provided for programmable scanning for malicious content on a wireless client device. Initially, an anti-virus program having an instruction set is assembled in a programmable computing language. The anti-virus program is implemented in a wireless client device. A scan for malicious code is performed on the wireless client device utilizing the anti-virus program. A method for programmable scanning for malicious content on a thin client device is also provided. An anti-virus engine is assembled in a programmable computing language. The anti-virus engine is installed on a thin client device. A signature file is also assembled in a programmable computing language, the signature file containing an identifier uniquely identifying a computer virus and a virus detection section comprising object code providing operations to detect the identified computer virus on the thin client device. The signature file is also installed on the thin client device.

Abstract: A system, method, and computer program product are provided for analyzing a network utilizing an agent/host controller interface. Initially, an agent is sent an interval setting from a host controller. Such agent is adapted to transmit network traffic information based on the interval setting. Such network traffic information is then received from the agent in accordance with the interval setting.

Abstract: One embodiment of the present invention provides a providing policy-driven intrusion detection system for a networked computer system. This system operates by receiving a global policy for intrusion detection for the networked computer system. This global policy specifies rules in the form of a global security condition for the networked computer system and a global response to be performed in response to the global security condition. The system compiles the global policy into local policies for local regions of the networked computer system. Each local policy specifies at least one rule in the form of a local security condition for an associated local region of the networked computer system and a local response to be performed in response to the local security condition. The system communicates the local policies to local analyzers that control security for the local regions. A local analyzer compiles a local policy into specifiers for local sensors in a local region associated with the local analyzer.

Abstract: A system, method and computer program product are provided for affording virus-related services utilizing a network browser toolbar. Initially, a request for virus-related services is received over a network from a network browser associated with a computer. In response thereto, virus-related information is transmitted to the computer for being used in conjunction with the network browser to provide virus-related services. In use, the virus-related services are administered utilizing the virus-related information and a toolbar associated with the network browser.

Abstract: One embodiment of the present invention provides a system that facilitates fast network management protocol replies in large tables. The system operates by first receiving a request for a next row from a network management protocol table. The system then compares the object identifier in the request with a pre-calculated object identifier. If the object identifier matches the pre-calculated object identifier, the system responds to the request with a pre-calculated response. If the object identifier does not match the pre-calculated object identifier, the system searches a management information base for the next row in the network management protocol table. Next, the system calculates a response, which includes data from requested columns of the next row. The system then responds to the request.

Abstract: A system, method and computer program product are provided for updating security software on a client. Initially, a parameter indicating a difference between a security update file and a previous security update file is identified. Next, a security program is conditionally updated with the security update file based on the parameter.

Abstract: A method and system for passive quality of service monitoring of a network are described. In one embodiment, a number of signatures are extracted from a number of network packets at a number of monitoring points. In addition, at least one quality of service parameter is generated based upon the signatures.

Abstract: A system and method for transacting a validated application session in a networked computing environment is described. A hierarchical protocol stack having a plurality of interfaced protocol layers is defined. A connection-based session protocol layer is included. A session is opened with a requesting client responsive to a request packet containing a source address of uncertain trustworthiness. A client connection with the requesting client is negotiated. A stateless validation of the source address contained in the request packet is performed using encoded information obtained from the request packet headers. A server connection is negotiated with a responding server upon successful validation of the requesting client. The session is facilitated by translating packets independently exchanged over the client connection and the server connection. The session is closed through a controlled termination of each of the client connection and the server connection.

Abstract: One embodiment of the present invention provides a system for determining whether software is likely to exhibit malicious behavior by analyzing patterns of system calls made during emulation of the software. The system operates by emulating the software within an insulated environment in a computer system so that the computer system is insulated from malicious actions of the software. During the emulation process, the system records a pattern of system calls directed to an operating system of the computer system. The system compares the pattern of system calls against a database containing suspect patterns of system calls. Based upon this comparison, the system determines whether the software is likely to exhibit malicious behavior. In one embodiment of the present invention, if the software is determined to be likely to exhibit malicious behavior, the system reports this fact to a user of the computer system.

Abstract: A system and method for preventing a spoofed remote procedure call denial of service attack in a networked computing environment is described. A hierarchical protocol stack defines a plurality of communicatively interfaced protocol layers. At least one protocol layer provides a client service via a remote procedure call interface. A request packet sent from a requesting client is intercepted. The request packet contains a service request being sent to a remote server via a remote procedure call. A token uniquely identifying the request packet is generated using data contained therein. The token is included with the request packet. The request packet and the included token is forwarded to the remote server indicated in the remote procedure call. A response packet containing a response sent from a remote server via the remote procedure call interface for the provided client service is received.

Abstract: A method, system, and computer program product for malware scanning of data that is being transferred or downloaded to a computer system that is performed at the protocol level, and is capable of blocking the spread of malwares that may not be blocked by operating system level scanning. A method of detecting a malware comprises the steps of: a) receiving a data stream, b) scanning the data stream at a protocol level to detect a malware, c) removing the detected malware from the data stream, and d) transmitting the data stream without the malware.

Abstract: A system, method and computer program product are provided for detecting an unwanted message. First, an electronic mail message is received. Text in the electronic mail message is decomposed. Statistics associated with the text are gathered using a statistical analyzer. A neural network engine coupled to the statistical analyzer is taught to recognize unwanted messages based on statistical indicators. The statistical indicators are analyzed utilizing the neural network engine for determining whether the electronic mail message is an unwanted message.

Abstract: A modified Boyer-Moore searching algorithm used within an E-mail filtering system for detecting the presence of a plurality of target band strings during a single traversal of the character data to be searched. A single jump table for the combined set of strings for which a search is being made is used. A hierarchical match table starting with the possible terminating letters of strings for which a search is being made is traversed to identify any strings as they are encountered.

Abstract: An analyzer for a wireless network is configured for surfing a plurality of channels, each for an individually selectable period of time, for monitoring each channel to obtain packet information for analysis, to detect any defects in communication over each respective channel.

Abstract: A computer program for checking user configurable security settings operates as either an on-demand application or a memory resident application. The security checking program may enforce the recommended settings or may generate a report to the user as to where the recommended settings are not in place.

Abstract: A system and method update client computers of various end users with software updates for software products installed on the client computers, the software products manufacturered by diverse, unrelated software vendors. The system includes a service provider computer system, a number of client computers and software vendor computer systems communicating on a common network. The service provider computer system stores in an update database information about the software updates of the diverse software vendors, identifying the software products for which software updates are available, their location on the network at the various software vendor computer systems, information for identifying in the client computers the software products stored thereon, and information for determining for such products, which have software updates available. Users of the client computers connect to the service provider computer and obtain a current version of portions of the database.