Abstract: A system, method and computer program product are provided for on-access computer virus scanning of files in an efficient manner. If no identifier is assigned to a process for accessing files, virus detection actions are selected based at least in part on the identification of the process. Further, an identifier is assigned to the process. Thereafter, virus detection actions may be selected based at least in part on the identifier for accelerating the selection process. In operation, the selected virus detection actions are performed on the files.

Abstract: Scanning time for a computer anti-virus program is minimized by eliminating scanning of a file for viruses before closure, in response to the absence of a modification flag being raised in an associated operating system, the flag being indicative of the file having been modified between the time the file was opened to the time of a close request.

Abstract: A scalable system for notification of a change in condition of an electronic certificate is provided. The system includes a network of servers capable of providing notification of changes in conditions of electronic certificate to an unlimited number of users. The system includes a first server comprising a detection module and a notification module. The system having at least one server capable of actively monitoring and detecting changes in conditions of a certificate. Other CAP servers in the system may and/or may not actively monitor electronic certificates at the same time. That is, these CAP servers may actively monitor conditions of electronic certificates at the same time they play passive roles (e.g., not monitoring the electronic certificates for which they will be notified of changes from another CAP server).

Abstract: One embodiment of the present invention provides a system for managing security policies in a distributed computing system. Security policies include, but are not limited to, a firewall policy, a policy for file access, a policy for application access, a policy for an encryption algorithm, a policy for audit trails, and a policy for activity logging. These security policies determine access rights to a computer application. The system operates by creating multiple security policies with individual security policies specifying a differing level of security for the distributed computing system. These security policies are then distributed to each computer in the distributed computing system. Next, a specific security policy is selected for use across the distributed computing system, and each computer in the distributed computing system is directed to use the specified security policy enforcing a selected security posture.

Abstract: A system and a method for communicating coalesced rule parameters in a distributed computing environment are described. A plurality of packet validation devices are communicatively interposed between network routing points within the distributed computing environment. The packet validation devices apply parameterized rules to transiting network packet traffic. A plurality of processing tree nodes are configured into a concast tree. In a lowermost layer of the concast tree, each processing tree node collects and coalesces rule parameters from at least one packet validation device. In each successive layer of the concast tree, each processing tree node collects and coalesce the rule parameters from at least one processing tree node in a next lower layer of the concast tree. A control center assembles the coalesced rule parameters from each packet validation device in an uppermost layer of the concast tree.

Abstract: A stream 14 of external computer program calls made from an application program 2 to an operating system 4 is logged by an anti-malware layer 8. This stream 14 is examined for a primary set XYZ of external program calls known to be associated with malicious computer program activity. When such a primary set XYZ of external computer program calls is identified, the malicious activity is blocked and the logged stream 14 is examined to determine one or more secondary sets of external program calls which are now added to the set of rules 10 against which the logged stream 14 of external program calls is tested. In this way the set of rules 10 is dynamically adapted so as to more rapidly and proactively identify malicious computer program activity.

Abstract: A system and method for generating a plurality of authentication tags using a plurality of authentication mechanisms is disclosed. The plurality of authentication tags can reflect different authentication strength-performance levels. It is a feature of the present invention that a receiver is afforded increased flexibility in adaptively choosing strength-performance levels. It is a further feature of the present invention that multiple authentication tags can be used in multicast environments, where different receivers may have different processor capabilities or security policies.

Abstract: One embodiment of the present invention provides a system for emulating computer viruses and/or malicious software that operates by patching additional program instructions into an emulator in order to aid in detecting a computer virus and/or malicious software within suspect code. During operation, the system loads a first emulator extension into the emulator. This first emulator extension includes program instructions that aid in the process of emulating the suspect code in order to detect a computer virus and/or malicious software. The system also loads the suspect code into an emulator buffer. Next, the system performs an emulation using the first emulator extension and the suspect code. This emulation is performed within an insulated environment in a computer system so that the computer system is insulated from malicious actions of the suspect code. During this emulation, the system determines whether the suspect code is likely to exhibit malicious behavior.

Abstract: A technique, and system(s) implementing the technique, allow an encrypted message to be sent directly to a recipient, and when the recipient opens the message, the recipient's system sends a request to an arbiter server to retrieve decryption information to decrypt the message. When the arbiter server receives the request for the decryption information, the arbiter server generates evidence of the request and sends the decryption information to the recipient. In this way, an evidentiary trail, that cannot be repudiated, can be used to establish that the recipient received and attempted to open the message.

Abstract: A library of anti computer virus test drivers is provided with classifications for the drivers which may be used to select the applied drivers in dependence upon which anti computer virus program is using that library. The library is typically shared between a suite of anti computer virus programs. The drivers are also classified with information that allows them to be placed in a priority order for application when scanning. In this way, the drivers that protect against the most threatening viruses may be checked for first and accordingly the highest level of protection achieved if the scanning process is early terminated.

Abstract: When a computer virus outbreak is detected, a predefined sequence of steps are automatically or manually followed using rule definitions, that may include office hours, to invoke anti-virus counter-measures. The counter-measures can include reducing virus notification, increasing scanning options, blocking E-mail attachments, hiding E-mail address books and the like. The predetermined sequence of actions may be varied with the time of day and day of week.

Abstract: A licence ticket 6 obtained by a user 12, such as by purchase from a retail outlet 4, bears a licence key 12 behind a scratch off panel 10. This licence key when entered into a webpage dialog with a download server 16 is validated by that download server 16 as legitimate and used to trigger download and installation of a computer program product onto the user's computer 14.

Abstract: A system, method, and computer program product are provided for performing one or more tasks on a remotely located computer connected to a server computer via a data network. Communication is established with the remotely located computer to form a connection with the server computer. Software is then delivered to the remotely located computer across the connection. Such software is encapsulated within a markup language communication unit deliverable across the connection. Moreover, the software is adapted for performing the one or more tasks on the remotely located computer. Still yet, the software is executed via a network browser for performing the one or more tasks on the remotely located computer via the network browser.

Abstract: A system and method for dynamically marketing products and/or services to an end user of a device over a network based on a stored configuration profile of the client device are disclosed. The method generally comprises identifying at least one advertisement campaign according to a rules engine, applying the rules of the rules engine to the end user device profile, generating an advertisement campaign request containing a listing of at least one of the identified advertisement campaigns, transmitting the advertisement campaign request to an advertisement server over a network, receiving a dynamic advertisement application from the advertisement server, and executing the dynamic advertisement application for presenting the at least one advertisement campaign to the end user of the device.

Abstract: A system, method and computer program product are provided for enforcing an anti-virus policy. Initially, a status command is received at a client computer from a network device utilizing a network. In response to the status command, a status is sent to the network device utilizing the network. Such status relates to anti-virus scanning software on the client computer. Next, a response is initiated at the client computer utilizing the network based on the status.

Abstract: A system, method and computer program product are provided for analyzing a network utilizing a host controller/zone controller interface. Initially, network traffic information is collected utilizing a host controller. Then, a predetermined interval setting is tracked, and the system polls for the receipt of a demand over the network. In response to the demand or the cessation of the predetermined interval setting, the network traffic information is transmitted to a zone controller over the network.

Abstract: A computer virus outbreak is detected by comparing one or more measurement parameters determined over a measurement period against a threshold level. The measurement parameters can include a measurement of how many E-mail messages are sent having an identical file attachment, file type or simply in total. The threshold levels may be varied with the time of day and day of week as well as the tests applied.

Abstract: Aspects of the invention are found in an apparatus for monitoring data on a wireless network. The data is transmitted according to a wireless data network protocol across the network. The apparatus is contained on a portable wireless network analysis device. The portable wireless network analysis device has a wireless network interface that communicatively couples the portable wireless network analysis device to the wireless network. This allows the portable wireless network analysis device to receive data from the wireless network. The portable wireless network analysis device also has a network traffic analyzer. The network traffic analyzer is communicatively coupled to the wireless network interface. The analyzer receives and analyzes the data received from the wireless network. The portable wireless network analysis device is capable of being operated by user at one location and transported to second location.

Abstract: A method for providing advertising to a handheld computer operable to connect to a network. The handheld computer includes a screen for displaying visual content received from the network and configured for playing an audio message associated with the visual content. The method includes receiving a request for content from the handheld computer and associating an advertisement with the request for content. The requested content is sent to the handheld computer for display on the screen of the computer and the associated advertisement is sent to the computer for playing over an audio output device of the handheld computer.

Abstract: One embodiment of the present invention provides a system for managing user attributes that determines access rights in a distributed computing system. The system modifies an attribute database, wherein the attribute database includes a plurality of possible user attributes and a plurality of users. Next, for a given user the system obtains an identity certificate from a certificate authority. This identity certificate is associated with a user from the attribute database. The system also assigns an attribute to the user from the possible user attributes, whereby the user is granted access rights based on the attribute and the identity certificate. This attribute is stored in the attribute database. Finally, modifications to the attribute database are distributed to a plurality of hosts coupled together by a network.