Abstract: A method of preventing execution of malicious scripts includes intercepting a script that originates from an application program running on a computer before directing the script to a script engine and determining the origin of the script (e.g. the script is from a web site, from a temporary file, from a registry key, or from an environment variable). Next, it is determined whether the script is malicious by analyzing the origin of the script and if the script originated from a web site of a foreign country, an environmental variable, a registry key, or a temporary folder, the script is determined to be malicious. If the script is malicious, execution of the script is suppressed or if the script is not malicious, the script is forwarded to the script engine and executed by the script engine.

Abstract: A system for protecting a computer from malicious software uses a whitelist to determine is a program is safe to run. As new malicious software is created, attempts at execution of executables including such malicious software are prevented being that the new malicious software is not listed in the whitelist. When such attempts are made, the executable is forwarded to a server where further analysis is performed to determine if the executable contains suspect code (e.g., malicious software) including running the executable in a sandbox to analyze how the executable behaves and running industry virus scanners against the executable to see if those scanners can find a virus. If such research finds that the executable is well-behaved, the executable is added to the whitelist and future execution is allowed.

Abstract: A super-shield system for protecting a computer from malicious software uses a whitelist to determine is a program is safe to run. As new malicious software are created, inadvertent attempts at execution of executables including such malicious software is prevented being that the new malicious software are not listed in the whitelist. When attempts are made to run unknown software, the executable is forwarded to a server where further analysis is performed to determine if the executable contains suspect code (e.g., malicious software).