Abstract: Disclosed are systems and methods for ensuring confidentiality of information of a user of a service. One example method includes receiving a request to perform an operation for a service; selecting, based on a database of trusted devices, a trusted device for authorizing the operation of the service; establishing a secure connection with the trusted device; sending to the trusted device via the secure connection a request to enter confidential information on the trusted device to authorize the operation of the service; receiving the confidential information from the trusted device; and determining whether to authorize the operation of the service based on the confidential information.

Abstract: Disclosed are system, methods, and computer program product for applying security policies based on available licenses to a plurality of devices. An example method includes determining, by a processor, one or more criteria for a device relating to a priority of the device in the network for application of the security policies; determining numeric values for each of the one of more criteria; determining a coefficient for the device based on the numeric values; determining the priority of the device based on the coefficient of the device and respective coefficients of the plurality of devices; designating a security policy for the device based on the priority of the device; determining availability of a license for a software applying the designated security policy to the device; and when the license for the software that applies the designated security policy is available, applying the designated security polity to the device.

Abstract: Disclosed are systems, methods and computer program products for copying encrypted and unencrypted files between data storage devices. In one aspect, the system detects a request to copy a file from a first data storage device to a second data storage device, determines one or more parameters of the copied file, the first data storage device and the second data storage device, selects, based on the one or more parameters, a file encryption policy for the copies file, and applies the selected encryption policy to the copied file.

Abstract: Disclose dare systems and method for determining category of trust of software applications. An example method includes monitoring a first application to detect an overlay of at least one interface element of the first application by at least one interface element of a second application; collecting information about the second application, wherein the information includes at least a danger status of the second application, wherein the danger status determines a danger caused by the second application to the first application; determining a category of trust of the second application based on an analysis of the collected information; and determining, based on the category of trust of the second application, whether to allow or prohibit overlay of the at least one interface element of the first application by the at least one interface element of the second application.

Abstract: Disclosed are systems, methods and computer program products for controlling privileges of consumers of personal data. An example method includes: formulating user requirements to personal data control quality; determining weighting factors for corresponding functions of application programming interfaces (APIs) for personal data control of a centralized personal data control system based on the formulated user requirements to personal data control quality; determining correspondence between the functions of APIs for personal data control of the centralized personal data control system and functions of APIs for personal data control of the consumer of personal data; calculating a personal data control rating of the consumer of personal data based on the determined correspondence and the determined weighting factors; and determining the privileges of the consumer of personal data based on the personal data control rating of the consumer of personal data.

Abstract: Disclosed are methods, systems and computer program products for antivirus checking of software objects in a virtual environment. An example method includes monitoring and identifying, by an antivirus agent running on a virtual machine in the virtual environment, an event occurring in the virtual machine, an object related to the event, and a type of the object; upon determining that the object needs an antivirus checking, sending, by the antivirus agent, to a control module in the virtual environment, information of the object and the event; determining, by the control module, priorities of executing one or more antivirus checking methods determined for the object; and distributing, by the control module, among one or more selected components of an antivirus system in the virtual environment, the one or more antivirus checking methods to be performed on the object based on the priorities.

Abstract: Disclosed system and methods for malware testing of software programs. An example method includes storing a plurality of malware trigger scenarios specifying different sets of malware trigger events known to trigger malicious behavior in software programs; in response to obtaining a software program, modifying a computer environment for operating the software program by creating malware trigger events associated with a selected one of the plurality of malware trigger scenarios; analyzing an execution of the software program in the modified computer environment in response to the malware trigger events; upon detecting that the software program exhibits malicious behavior, performing remedial actions on the software program; and upon detecting that the software program exhibits no malicious behavior, selecting a different malware trigger scenario from the plurality of malware trigger scenarios for malware testing of the software program.

Abstract: Disclosed are systems, methods and computer program products for selecting interprocess communication mechanism. In one aspect, the system collects information about resources used by two or more processes involved in an interprocess communication in which a first process can transfer data to a second process using one of a synchronous and asynchronous data transfer methods; analyzes the collected information to determine which data transfer method achieves at least one of minimizing time of the data transfer between processes, maximizing utilization of resources used for the data transfer, minimizing standstill time during the data transfer, minimizing effect of other processes of the operating system on the data transfer; and based on the determination, selects one of the synchronous or asynchronous method of interprocess communication to transfer the data between the first and second processes.

Abstract: Disclosed are systems, methods and computer program products for providing user access to encrypted data. In one example, a system is configured to receive a security policy for the user device, wherein the security policy includes data access conditions and data encryption conditions for one or more users of the user device; identify one or more user accounts in the OS of the user device as specified in the data access conditions; create a pre-boot authentication account (PBA) for the identified user accounts based on the data access conditions, for storing pre-boot authentication credentials for authenticating a user before booting of the OS on the user device; and encrypt at least a portion of data stored on the user device based on the data encryption conditions, wherein access to the encrypted portion of data is granted to the user upon entry of the correct pre-boot authentication credentials.