Abstract: Anti-virus state information for a file is stored within an associated data structure that is created and/or maintained by the file system of the computer. The data structure can be a file directory entry with the anti-virus state information being stored in unused fields of the entry. For file systems that maintain separate entities for the data and resource information of a file, the anti-virus state information can be stored in the resource entity or in a specifically created entity.

Abstract: A system and method update client computers of various end users with software updates for software products installed on the client computers, the software products manufacturered by diverse, unrelated software vendors. The system includes a service provider computer system, a number of client computers and software vendor computer systems communicating on a common network. The service provider computer system stores in an update database information about the software updates of the diverse software vendors, identifying the software products for which software updates are available, their location on the network at the various software vendor computer systems, information for identifying in the client computers the software products stored thereon, and information for determining for such products, which have software updates available. Users of the client computers connect to the service provider computer and obtain a current version of portions of the database.

Abstract: A system, method and computer program product are provided for analyzing a network. Initially, network traffic information relating to network traffic is collected. Next, the network traffic information is encrypted. In use, the network traffic information is capable of being analyzed by a network analyzer adapted for decrypting the network traffic information.

Abstract: Received e-mail messages are subject to a minimum delay period determined in dependence upon characteristics of the e-mail message received. Prior to release of the e-mail message upon expiry of the minimum delay period a check is made that the most up-to-date anti-virus and anti-spamming tests have been applied to the e-mail message. Characteristics that may be used to determine the minimum delay period applied include sender characteristics, recipient characteristics, attachment type characteristics and message content type characteristics.

Abstract: A system, method and computer program product are provided for managing the use of a plurality of security service providers during network communication. A first security service provider is utilized for affording secure communication between applications using a network. During operation, the system is monitored for events relating to the secure communication between the applications. Upon the detection of an event, a second security service provider is utilized for affording secure communication between the applications using the network.

Abstract: A system, method and computer program product are provided for filtering communications over a network. Initially, a user is allowed to select from a plurality of network communication protocol layers associated with communications over a network. This may be accomplished in any manner such as allowing the user to select from the layers themselves, various faults that are inherent to certain layers, etc. An adaptive filter is then generated which is capable of collecting communications only involving the selected network communication protocol layers based on the user selection. Such adaptive filter is then used to collect the communications involving the selected network communication protocol layers. Further, an analysis process is executed for analyzing information at the selected network communication protocol layers of the collected communications for the detection of faults therein.

Abstract: A system and associated method and computer program product are provided for analyzing a network. Included is a plurality of agents coupled to a plurality of computers interconnected via a network. Each agent is adapted to collect information relating to at least one of the computers. Further provided is a plurality of host controllers coupled to the agents for collecting the information from the agents. Still yet, a plurality of zone controllers is coupled to the host controllers for collecting the information from the host controllers.

Abstract: A system, method and computer program product are provided for ascertaining the location of an access point in a wireless network. Initially, a strength of a radio frequency signal of an access point of a wireless network is monitored at a position utilizing a wireless network analyzer. Next, the wireless network analyzer is moved about the position. The foregoing operations may be repeated to allow the location of the access point to be ascertained based on the monitored strength of the radio frequency signal.

Abstract: One embodiment of the present invention provides a system that facilitates accessing a network management protocol table. The system operates by first collecting a network management protocol tuple that includes data related to a network connection. Next, the system creates a hash index from the network management protocol tuple. This network management protocol tuple is inserted into the network management protocol table. The system then saves a pointer to the row indexed by the hash index in a hash table. The system also forms a search index using data within the network management protocol tuple that identifies the data pointed to by the hash index in the hash table. This search index is inserted into a search tree, so that the hash index provides fast insertion into the network management protocol table and the search index in the search table provides fast ordered retrieval from the network management protocol table.

Abstract: A method, system and computer program product for detecting when insufficient RAM is available in a computer system, and estimating the additional RAM needed to avoid excess paging. The invention uses memory management parameters to estimate the number of frequently-used pages stored in “virtual memory” on disk. If this estimate is nonzero for an appreciable period the amount of RAM is insufficient, and RAM equal to the estimate should be added to the system.

Abstract: A system and method for providing a multi-tiered hierarchical transient message store accessed using multiply hashed unique filenames is described. A hierarchical message store is maintained. The hierarchical message store is logically structured with a plurality of storage nodes. Each storage node is dependently linked to one of a plurality of index nodes. Each index node is dependently linked to a root node. An incoming message is intercepted at a network domain boundary and assigning a unique filename. An index hash of the unique filename, corresponding to one such index node, and a storage hash of the unique filename, corresponding to one such storage node, are generated. The message is stored in the hierarchical message store at the one such index node and the one such storage node.

Abstract: The present invention is a method of allocating clusters of a disk or other computer readable medium containing a plurality of clusters to minimize fragmentation. To accomplish this, at least one available block is identified in the computer readable medium. Each block includes one or more contiguous available clusters, where each cluster comprises one or more units of storage space. A request is received to allocate one or more clusters to a file. At least one of the available blocks is selected based on a location of the available block. At least some of the clusters are allocated, and the file is written to the allocated clusters.

Abstract: A real-time sequence-based anomaly detection system is disclosed. In a preferred embodiment, the intrusion detection system is incorporated as part of a software wrapper. Event abstraction in the software wrapper enables the intrusion detection system to apply generically across various computing platforms. Real-time anomaly detection is enabled through the definition of a distance matrix that defines allowable separation distances between pairs of system calls. The distance matrix indirectly specifies known sequences of system calls and can be used to determine whether a sequence of system calls in an event window represents an anomaly. Anomalies that are detected are further analyzed through levenshtein distance calculations that also rely on the contents of the distance matrix.

Abstract: A unique session key is created for each execution of anti-virus software and is used to create a session stamp for each file scanned during that execution. The session stamp is stored in the directory entry for the file. When a request for the file is made, the anti-virus software uses the current session key to validate the session stamp. An invalid or absent session stamp indicates that the file needs to be scanned.

Abstract: A real-time sequence-based anomaly detection system is disclosed. In a preferred embodiment, the intrusion detection system is incorporated as part of a software wrapper. Event abstraction in the software wrapper enables the intrusion detection system to apply generically across various computing platforms. Real-time anomaly detection is enabled through the definition of a distance matrix that defines allowable separation distances between pairs of system calls. The distance matrix indirectly specifies known sequences of system calls and can be used to determine whether a sequence of system calls in an event window represents an anomaly. Anomalies that are detected are further analyzed through levenshtein distance calculations that also rely on the contents of the distance matrix.

Abstract: In a probe system for monitoring and analyzing data flow and associated activities between devices connected in common to a point in a network, in the mode of operation, the probe's driver runs in a “Kernel mode” on Windows NT for analyzing in relatively low detail packets of data retrieved from the network, whereby programming is provided for operating the Kernel mode driver to monitor the rate of traffic or data packets entering an NIC card buffer, for causing the CPU to respond to an interrupt issued by the NIC everytime a data packet is received at a traffic rate below a predetermined threshold to access data packets entering the NIC card buffer, and to cause the CPU to respond to polling pulses at regular predetermined intervals to access data packets, when the traffic rate exceeds the predetermined threshold, for providing more CPU cycles to analyze the data packets.

Abstract: A system, method and computer program product are provided for filtering unwanted electronic mail messages. After receiving electronic mail messages, the electronic mail messages that are unwanted are filtered utilizing a combination of techniques including: compound filters, paragraph hashing, and Bayes rules. The electronic mail messages that are filtered as being unwanted are then categorized.

Abstract: A method, system and computer program for providing multilevel security to a computer network. The method comprises the step of receiving a first communication packet on at least one network interface port from an outside network. The method further includes the steps of filtering the first packet in one of at least two levels of security comprising a first level of security which examines the content information of the packet and a second level of security which examines the first packet excluding the content information of the packet. The system includes a first packet filter configured to filter its input packets by examining content information of its packets and a second packet filter configured to filter its input packets by examining the header information without examining the content information of its packets. The system further includes a third filter which is configured to forward a number of packets to one of the first and second filters, thereby providing security to the computer network.

Abstract: A graphical user interface is provided for displaying network analysis including a window including a plurality of gauges selected from the group consisting of a first gauge for indicating a number of packets specified by the network analysis, a second gauge for indicating a network utilization specified by the network analysis, and a third gauge for indicating a number of errors specified by the network analysis.

Abstract: A method and system for updating anti-intrusion software is provided. In a preferred embodiment, a computer program product updates anti-intrusion software on a computer network which has an anti-intrusion monitor server. The anti-intrusion monitor server recognizes attacks on the computer network in accordance with attack pattern information contained in the anti-intrusion software. The computer program product includes computer code that installs modified attack pattern information onto a central anti-intrusion server, and computer code that transfers the modified attack pattern information from the central anti-intrusion server to the anti-intrusion monitor server using push technology. The result is that newly discovered attack patterns are capable of being rapidly communicated from the central anti-intrusion server to the computer network.