Abstract: A system and methodology for providing community-based security policies is described. In one embodiment in a system comprising a plurality of devices connected to a network, a security module is provided for establishing security settings for regulating network access at these devices. Information is collected from at least some the devices about the security settings established on such devices and consensus security settings are generated based upon the collected information. In response to a request for network access at a particular device, determining whether or not to permit network access is based, at least in part, upon the consensus security settings.

Abstract: System and methodology protecting against key logger software (spyware) is described. In one embodiment, for example, a method is described for protecting a computer system from security breaches that include unauthorized logging of user input, the method comprises steps of: specifying a particular application to be protected from unauthorized logging of user input; identifying additional system processes that may serve as a source of unauthorized logging of user input; injecting into the particular application and each identified system process an engine capable of detecting and blocking attempts at unauthorized logging of user input; and upon detection of an attempt at unauthorized logging of user input, blocking the attempt so that user input for the particular application remains protected from unauthorized logging.

Abstract: A system providing methodologies for automatically detecting when a computing device is plugged into a new network is described. The system includes methods for detecting a connection to a new network by receiving notice of, and evaluating, changes to an existing network configuration. The system profiles and generates an identity for the new network. This includes collecting information about the network to uniquely identify it and generating a unique identifier for the network. Once a network has been profiled, a user may decide whether or not to include it as part of a trusted zone. Alternatively, this decision may be guided by policy established by a system administrator or user. The system automatically reconfigures a firewall to include or exclude the network from the trusted zone based upon this decision. The profile of each network is stored so that the next time the device is connected to the same network it remembers the network and applies the same security settings previously adopted.

Abstract: System and methodology providing a secure workspace environment is described. In one embodiment, for example, in a computer system, a method is described for creating a secured workspace within an existing operating system for allowing users to run applications in a secured manner, the method comprises steps of: creating a policy for configuring the secured workspace, the policy specifying how information created during operation of the applications may be accessed; hooking particular functions of the operating system in order to obtain control over the information created during operation of the applications; during operation of the applications, encrypting the information to prevent unauthorized access; in response to a request for access to the information, determining whether the request complies with the policy; and if the request complies with the policy, satisfying the request by providing access to a decrypted copy of the information.

Abstract: A security system with methodology for computing a machine independent unique identifier for an executable file across different machines is described. In response to a request to uniquely identify an executable file that has been installed on a given machine, portions of the executable file modified as a result of installation of the executable file on the given machine are identified. A machine independent unique identifier is determined by performing a calculation on the executable file. The calculation is performed by excluding at least the identified portions of the executable file modified as a result of installation of the executable file on the given machine.

Abstract: A security system providing methodology for cooperative enforcement of security policies during SSL sessions is described. In one embodiment, for example, a method is described for controlling SSL (Secure Sockets Layer) communication, the method comprises steps of: defining rules indicating conditions under which a machine is permitted to participate in an SSL session; trapping an attempt by a particular application running on the machine to participate in an SSL session, by intercepting the particular application's attempt to provide authentication; determining whether the machine complies with the rules; allowing the attempt to succeed when the machine complies with the rules; and otherwise blocking the attempt when the machine does not comply with the rules.

Abstract: System and methodology for intrusion detection and prevention is described. In one embodiment, for example, a method is described for detecting and preventing network intrusion, the method comprises steps of: defining intrusion descriptions specifying exploits that may be attempted by malicious network traffic, the intrusion descriptions indicating specific applications that may be targeted by individual exploits; for a particular application participating in network communication, deriving a subset of the intrusion descriptions specifically applicable to that particular application; using the subset of the intrusion descriptions specifically applicable to that application, monitoring network traffic destined for the particular application for detecting an attempted network intrusion; and if a network intrusion is detected, blocking network traffic destined for the particular application determined to comprise an exploit.

Abstract: A system and methodology for protecting new computers by applying a preconfigured security update policy is described. In one embodiment, for example, a method is described for controlling connections to a computer upon its initial deployment, the method comprises steps of: upon initial deployment of the computer, applying a preconfigured security policy that establishes a restricted zone of preapproved hosts that the computer may connect to upon its initial deployment; receiving a request for a connection from the computer to a particular host; based on the preconfigured security policy, determining whether the particular host is within the restricted zone of preapproved hosts; and blocking the connection if the particular host is not within the restricted zone of preapproved hosts.

Abstract: A security system with methodology providing verified secured individual end points is described.

Abstract: A system providing methodology for securing interfaces of executable files is described. In one embodiment, for example, a method is described for securing a program comprised of a plurality of interoperable components, the method comprises steps of: extracting information about a function of a first component of the program that is callable by at least one other component of the program; securing the extracted information; in response to an attempt by a second component of the program to invoke the function of the first component, validating authenticity of the second component; and if the second component is validated, providing access to the function of the first component using the secured extracted information.

Abstract: A system providing methods for anti-virus cooperative enforcement is described. In response to a request from a device for access to protected resources, such as a network or protected data, a determination is made as to whether an anti-virus policy applies to the request for access made by the device. If an anti-virus policy is applicable, information pertaining to virus protection available on the device is collected. The virus protection information that is collected is evaluated to determine whether the device is in compliance with the anti-virus policy. If the device is determined to be in compliance with the anti-virus policy, the device is allowed to access the protected resources.

Abstract: A system providing methods for indirect access control is described. When an attempt to access a network by a first application is detected, a determination is made as to whether at least one other application is attempting indirect network access through the first application. If at least one other application is determined to be attempting indirect network access, each such other application is evaluated to determine if it is approved for network access. If each such other application is approved for network access, access to the network is permitted. Otherwise, access to the network is denied.