Abstract: A system, method and computer program product are provided for efficiently updating a scanning subsystem of a mobile communication device. Initially received is a first portion of an update adapted for updating a scanning subsystem of a mobile communication device. Further, more portions of the update are received in addition to the receipt of the first portion of the update. The update is then installed with the scanning subsystem.

Abstract: A platform-independent system and associated method are provided for use with a mobile communication device. Included is a mobile communication device capable of communicating via a wireless network. Such mobile communication device includes an operating system installed thereon. Associated therewith is a platform-independent scanning subsystem in communication with the operating system of the mobile communication device for scanning purposes. Further provided is a platform-independent application program interface for interfacing the operating system and the scanning subsystem. The platform-independent application program interface includes an abstract library for porting the platform-independent scanning subsystem to the mobile communication device and associated operating system.

Abstract: A system, method and computer program product are provided for accessing security or content analysis functionality utilizing a mobile communication device. Included is an operating system installed on a mobile communication device capable of communicating via a wireless network. Further provided is an application program installed on the mobile communication device and executed utilizing the operating system for performing tasks. A scanning subsystem remains in communication with the application program via an application program interface. Such scanning subsystem is adapted for accessing security or content analysis functionality in conjunction with the tasks performed by the application program.

Abstract: A system for scanning computer files for unwanted properties, such as containing computer viruses or being spam e-mail, allocates a priority to pending scan requests based upon the identity of a computer user associated with the scan request. In the case of a normal file access request, the computer user associated with the scan request may be the file access request or in the case of an on-demand scan, then the computer user associated with a particular scan request for a computer file may be the owner or creator of that computer file. In the case of scan requests associated with e-mails, the sender or recipient computer user may be used in the allocation of a priority level for the scan request.

Abstract: A system, method, and computer program product are provided for expert application performance analysis. An application is monitored. Performance data is gathered during the monitoring. A set of metrics is generated based on the performance data. A performance of the application is measured from at least one of a client perspective, a server perspective, and a network perspective using the metrics.

Abstract: Aspects of the invention are found in an apparatus for monitoring data on a wireless network. The data is transmitted according to a wireless data network protocol across the network. The apparatus is contained on a portable wireless network analysis device. The portable wireless network analysis device has a wireless network interface that communicatively couples the portable wireless network analysis device to the wireless network. This allows the portable wireless network analysis device to receive data from the wireless network. The portable wireless network analysis device also has a network traffic analyzer. The network traffic analyzer is communicatively coupled to the wireless network interface. The analyzer receives and analyzes the data received from the wireless network. The portable wireless network analysis device is capable of being operated by user at one location and transported to second location.

Abstract: A secure method and system for administering to software on a plurality of client computers is disclosed. One or more pre-set policies for one or more client computers may be stored on and transmitted in a secure manner from a central server that is under the control of a system administrator to the client computers over a public network or e-mail systems. The central server is preferably an HTTP server containing software for creating packages of information and for protecting the integrity of the packages during transmission over a virtual secured pipe. The packages may contain policy for the various clients that are to be maintained. The policy may comprise software configurations for software that resides on the clients, software to be installed on one or more clients, or any other information and data that is needed to maintain and manage the clients.

Abstract: A system, method and article of manufacture are provided for programmable scanning for malicious content on a wireless client device. Initially, an anti-virus program having an instruction set is assembled in a programmable computing language. The anti-virus program is implemented in a wireless client device. A scan for malicious code is performed on the wireless client device utilizing the anti-virus program. A method for programmable scanning for malicious content on a thin client device is also provided. An anti-virus engine is assembled in a programmable computing language. The anti-virus engine is installed on a thin client device. A signature file is also assembled in a programmable computing language, the signature file containing an identifier uniquely identifying a computer virus and a virus detection section comprising object code providing operations to detect the identified computer virus on the thin client device. The signature file is also installed on the thin client device.

Abstract: A system, method and computer program product are provided for affording virus-related services utilizing a network browser toolbar. Initially, a request for virus-related services is received over a network from a network browser associated with a computer. In response thereto, virus-related information is transmitted to the computer for being used in conjunction with the network browser to provide virus-related services. In use, the virus-related services are administered utilizing the virus-related information and a toolbar associated with the network browser.

Abstract: One embodiment of the present invention provides a providing policy-driven intrusion detection system for a networked computer system. This system operates by receiving a global policy for intrusion detection for the networked computer system. This global policy specifies rules in the form of a global security condition for the networked computer system and a global response to be performed in response to the global security condition. The system compiles the global policy into local policies for local regions of the networked computer system. Each local policy specifies at least one rule in the form of a local security condition for an associated local region of the networked computer system and a local response to be performed in response to the local security condition. The system communicates the local policies to local analyzers that control security for the local regions. A local analyzer compiles a local policy into specifiers for local sensors in a local region associated with the local analyzer.

Abstract: One embodiment of the present invention provides a system that facilitates fast network management protocol replies in large tables. The system operates by first receiving a request for a next row from a network management protocol table. The system then compares the object identifier in the request with a pre-calculated object identifier. If the object identifier matches the pre-calculated object identifier, the system responds to the request with a pre-calculated response. If the object identifier does not match the pre-calculated object identifier, the system searches a management information base for the next row in the network management protocol table. Next, the system calculates a response, which includes data from requested columns of the next row. The system then responds to the request.

Abstract: A system, method, and computer program product are provided for analyzing a network utilizing an agent/host controller interface. Initially, an agent is sent an interval setting from a host controller. Such agent is adapted to transmit network traffic information based on the interval setting. Such network traffic information is then received from the agent in accordance with the interval setting.

Abstract: A method and system for passive quality of service monitoring of a network are described. In one embodiment, a number of signatures are extracted from a number of network packets at a number of monitoring points. In addition, at least one quality of service parameter is generated based upon the signatures.

Abstract: A system, method and computer program product are provided for updating security software on a client. Initially, a parameter indicating a difference between a security update file and a previous security update file is identified. Next, a security program is conditionally updated with the security update file based on the parameter.

Abstract: A method of providing a set of desired application functions to a plurality of network-coupled computing appliances. A set of code resident on a network-connected application management server is identified that when executed in a network appliance provide the desired application functions. A first application management agent in a first of the network-coupled computing appliances and a second application management agent in a second of the network-coupled computing appliances are executed. The first application management agent repetitively checks for updates of the identified code. Updates of the identified code are downloaded from the application management server into the first network-coupled computing appliance as the updates become available. Updates of the identified code are downloaded from the first network-coupled computing device into the second network-coupled computing appliance.

Abstract: A system and method for transacting a validated application session in a networked computing environment is described. A hierarchical protocol stack having a plurality of interfaced protocol layers is defined. A connection-based session protocol layer is included. A session is opened with a requesting client responsive to a request packet containing a source address of uncertain trustworthiness. A client connection with the requesting client is negotiated. A stateless validation of the source address contained in the request packet is performed using encoded information obtained from the request packet headers. A server connection is negotiated with a responding server upon successful validation of the requesting client. The session is facilitated by translating packets independently exchanged over the client connection and the server connection. The session is closed through a controlled termination of each of the client connection and the server connection.

Abstract: A system and method for preventing a spoofed remote procedure call denial of service attack in a networked computing environment is described. A hierarchical protocol stack defines a plurality of communicatively interfaced protocol layers. At least one protocol layer provides a client service via a remote procedure call interface. A request packet sent from a requesting client is intercepted. The request packet contains a service request being sent to a remote server via a remote procedure call. A token uniquely identifying the request packet is generated using data contained therein. The token is included with the request packet. The request packet and the included token is forwarded to the remote server indicated in the remote procedure call. A response packet containing a response sent from a remote server via the remote procedure call interface for the provided client service is received.

Abstract: One embodiment of the present invention provides a system for determining whether software is likely to exhibit malicious behavior by analyzing patterns of system calls made during emulation of the software. The system operates by emulating the software within an insulated environment in a computer system so that the computer system is insulated from malicious actions of the software. During the emulation process, the system records a pattern of system calls directed to an operating system of the computer system. The system compares the pattern of system calls against a database containing suspect patterns of system calls. Based upon this comparison, the system determines whether the software is likely to exhibit malicious behavior. In one embodiment of the present invention, if the software is determined to be likely to exhibit malicious behavior, the system reports this fact to a user of the computer system.

Abstract: A method, system, and computer program product for malware scanning of data that is being transferred or downloaded to a computer system that is performed at the protocol level, and is capable of blocking the spread of malwares that may not be blocked by operating system level scanning. A method of detecting a malware comprises the steps of: a) receiving a data stream, b) scanning the data stream at a protocol level to detect a malware, c) removing the detected malware from the data stream, and d) transmitting the data stream without the malware.

Abstract: A system and a method for preventing a spoofed denial of service attack in a networked computing environment is described. A hierarchical protocol stack is defined. The hierarchical protocol stack includes a plurality of communicatively interfaced protocol layers with at least one session-oriented protocol layer. A packet requesting a session with the session-oriented protocol layer is received from the networked computing environment. The request packet includes headers containing a source address of uncertain trustworthiness. The request packet is acknowledged by performing the following operations. First, a checksum is calculated from information included in the request packet headers. A request acknowledgement packet is generated. The request acknowledgement packet includes headers containing the checksum as a pseudo sequence number and the source address in the request packet headers as a destination address. Finally, the request acknowledgement packet is sent into the networked computing environment.