Abstract: A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

Abstract: A system for smart updates includes smart update software that predicts an update window by monitoring activity at the device so that the update is performed when there is little or no activity, indicating that a user/users of the device are not relying on the device to perform work and/or there is little or no active remote access to the device. Such activity is determined by inputs from human input devices, network traffic, storage system I/O, audio inputs, camera inputs, etc.

Abstract: A system for computer security of a remote device having a processor includes a way to determine an operating mode of the remote device and a way to validate a resource (e.g., program, script, web address). When an attempt is made to access a resource, the operating mode of the remote device is determined and when the operating mode of the remote device is a corporate operating mode, then the resource is evaluated using a corporate protection file. Otherwise, when the operating mode of the remote device is determined to be a personal operating mode, then the resource is evaluated using a personal protection file. When the resource validation determines that the resource is approved, access to the resource is provided; otherwise, access to the resource is prevented.

Abstract: A system and method of synchronizing a whitelist with an installation on a protected device includes detecting an installation and determining which programs are affected by the installation by parsing an installation file. Programs that are being installed by the installation are added to the whitelist; Programs that are being deleted by the installation are removed from the whitelist; and programs that are being modified by the installation are updated in the whitelist. Therefore, after the installation is complete, the whitelist contains entries that will allow execution of programs (executables, scripts, macros, etc.) that were installed by the installation.

Abstract: A system for smart updates includes smart update software that predicts an update window by monitoring activity at the device so that the update is performed when there is little or no activity, indicating that a user/users of the device are not relying on the device to perform work and/or there is little or no active remote access to the device. Such activity is determined by inputs from human input devices, network traffic, storage system I/O, audio inputs, camera inputs, etc.

Abstract: A computer security system with enhanced blacklisting includes administrative interfaces that accept user inputs to create and modify entries in a blacklist and a whitelist that define which programs are allowed to execute on one or more target computer systems. Upon an attempt to run a program, if the program is in the blacklist and not in the white list, the program is prevented from running. If the program is prevented from running, at a later time, an administrative interface is used to either block future execution of the program or to create an entry in the whitelist that allows future execution of a class of programs or only that the program until revoked. The whitelists and blacklists are for a single target computer or many computers.

Abstract: A system and method for computer security of a protected device includes monitoring software running on a protected device that periodically scans the protected device looking for changes to startup items that are suspicious. Upon finding such items, the monitoring software removes the suspicious item and/or sends details of the item to a server. At the server, a researcher reviews the details to determine if the changes are malicious and what steps must be taken to back-out the malicious changes such as deleting malicious executables and scripts that were installed, restoring backup files, removing add-ons that were installed in browsers, etc. The researchers then create a script that will run on the affected device to implement the steps required to repair the infected device then the researcher remotely accesses the affected device, installs the script and runs the script on the protected device to remove the malicious software.

Abstract: A system for control of remote desktop connections includes security software that interfaces with the operating system of the target device and periodically monitors existing connections (e.g., remote desktop connections) to determine if the connecting device (e.g., the remote computer) is authorized to connect with the target device based upon the name of the connecting device. In some embodiments, as hackers often perform their activities when users are not generally expected to be active, the system for control of remote desktop connections provides a scheduling capability that allows connections only during certain time periods such as 9:00 AM-5:00 PM on Mondays through Fridays.

Abstract: A system for computer security includes security software running on a user device. The security software has a local data for control of the security software (e.g., whitelists, blacklists, virus detection files). A server has storage containing master data for control of the security software. Upon initialization of the security software, the security software connects to the server by way of a persistent connection. After receipt of a refresh message over the persistent connection, the security software downloads the master data and updates the local data from the master data.

Abstract: A computer security system with enhanced whitelisting includes administrative interfaces that accept user inputs to create and modify entries in a whitelist that define which programs are allowed to execute on one or more target computer systems. Upon an attempt to run a program, the entries in the whitelist are used to determine if the program is allowed to run. If an entry in the whitelist indicates that the program is allowed to run, the program is run. Otherwise, at a later time, an administrative interface is used to either block future execution of the program or to create an entry in the whitelist that allows execution of a class of programs or only that the program in the future until revoked. The whitelist is for a single target computer or many computers.

Abstract: A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

Abstract: A computer security system with enhanced whitelisting includes user interfaces that accept user inputs to create and modify a set of rules that define which programs are allowed to execute on one or more target systems. Upon an attempt to run a program, the set of rules are used to determine if the program is allowed to run. If any rule indicates that the program is allowed to run, the program is run. Otherwise, a user interface is presented to either block execution of the program or to create a new rule that would allow execution of the program this time and in the future.

Abstract: A super-shield system for protecting a computer from malicious software uses a whitelist to determine if a program is safe to run. As new malicious software is created, inadvertent attempts at execution of executables including such malicious software is prevented being that the new malicious software are not listed in the whitelist. When attempts are made to run unknown software, the executable is forwarded to a server where further analysis is performed to determine if the executable contains suspect code (e.g., malicious software).

Abstract: A method of protecting a device from unauthorized advertisements includes intercepting data from the Internet that is to be displayed by a browser and determining if the data includes an advertisement. If the data includes an advertisement, the advertisement is analyzed to determine if the advertisement is an unauthorized advertisement and if the advertisement is an unauthorized advertisement, a warning message is displayed.

Abstract: A computer security system with enhanced blacklisting includes administrative interfaces that accept user inputs to create and modify entries in a blacklist and a whitelist that define which programs are allowed to execute on one or more target computer systems. Upon an attempt to run a program, if the program is in the blacklist and not in the white list, the program is prevented from running. If the program is prevented from running, at a later time, an administrative interface is used to either block future execution of the program or to create an entry in the whitelist that allows future execution of a class of programs or only that the program until revoked. The whitelists and blacklists are for a single target computer or many computers.

Abstract: A computer security system with enhanced whitelisting includes user interfaces that accept user inputs to create and modify a set of rules that define which programs are allowed to execute on one or more target systems. Upon an attempt to run a program, the set of rules are used to determine if the program is allowed to run. If any rule indicates that the program is allowed to run, the program is run. Otherwise, a user interface is presented to either block execution of the program or to create a new rule that would allow execution of the program this time and in the future.

Abstract: A system and method of protecting a computer includes providing a whitelist of known applications and a set of rules for determining if a program is benign. Upon an attempt to initiate a program, determining if the program is in the whitelist and if the program is in the whitelist, allowing the program to run. If the program is not in the whitelist, determining if the program is benign based upon the set of rules or strategy and presenting the rule/strategy to the user. If the user accepts the rule/strategy, running the program and updating the whitelist for allowing future attempts to run the program and any other program that conforms to the one rule. If the program is not determined to be benign, the program is not allowed to execution unless a specific override is made.

Abstract: A computer security system with enhanced whitelisting includes administrative interfaces that accept user inputs to create and modify entries in a whitelist that define which programs are allowed to execute on one or more target computer systems. Upon an attempt to run a program, the entries in the whitelist are used to determine if the program is allowed to run. If an entry in the whitelist indicates that the program is allowed to run, the program is run. Otherwise, at a later time, an administrative interface is used to either block future execution of the program or to create an entry in the whitelist that allows execution of a class of programs or only that the program in the future until revoked. The whitelist is for a single target computer or many computers.

Abstract: A system and method of protecting a computer includes providing a whitelist of known applications and a set of rules for determining if a program is benign. Upon an attempt to initiate a program, determining if the program is in the whitelist and if the program is in the whitelist, allowing the program to run. If the program is not in the whitelist, determining if the program is benign based upon the set of rules or strategy and presenting the rule/strategy to the user. If the user accepts the rule/strategy, running the program and updating the whitelist for allowing future attempts to run the program and any other program that conforms to the one rule. If the program is not determined to be benign, the program is not allowed to execution unless a specific override is made.

Abstract: A system for providing a password hint authenticates a username and password against a stored username and stored password. Upon failure of the authentication, the system determines a password formation rule that was in force when the user created the stored password then compares the password to the password formation rule and if the password violated any part of the password formation rule, the system reports each part of the password that violated the any part of the password formation rule.