Abstract: Aspects of the present disclosure are directed to controlling access to resources in a network. In an embodiment, a gateway system receives a packet requesting access to a resource in the network, and identifies access control policies to be applied in determining whether or not to permit access to said first resource. The gateway system applies a higher-layer policy and then a lower-layer policy on the packet to determine whether or not to forward the packet to the network and forwards the packet to the network only if it is determined to forward the packet. The higher-layer policy and lower-layer policies are according to respective layers of a networking model.

Abstract: Detecting malwares in data streams of interest. In an embodiment, for each malware signature of interest, a malware sub-pattern that is likely to occur at low frequencies in clean data streams is identified. When scanning a data stream for malwares, each portion of the data stream is examined for match with a malware sub-pattern of a malware signature. If there is no match with any portion of the data stream, it is concluded that the data stream is free of a first malware corresponding to the malware signature. If there is a match with a first portion of the data stream, the data stream is examined around the first portion for the malware signature, wherein the data stream is concluded to contain the first malware if the data stream around the first portion is found to match the malware signature.

Abstract: According to an aspect of the present disclosure, a kernel space and a user space for execution of instructions is provided in a computer system. A process executes in the user space and multiple modules execute in the kernel space, with the modules also generating events. It is then determined whether the generated events includes a set of events matching a pre-specified pattern representing a malicious process. If such as set of events is determined to be present, the process is notified as a malicious process. The steps of determining and notifying are performed in user space.

Abstract: According to an aspect of the present disclosure, a digital processing system, in response to identifying multiple files opened with write permission by a process, creates a corresponding backup copy of each of the opened files. The system computes a frequency of opening of the files with write permission by the process, and then determines whether the computed frequency is greater than a threshold. If the frequency is determined to be greater than the threshold, the system provides control to a user to recover any of the files (opened by the process) based on the corresponding backup copy (previously created in response to opening). Thus, the execution of a ransomware in the system may be potentially detected and the associated maladies (such as unavailability of personal data, requirement to make payment for recovering the personal data, etc.) may be avoided.

Abstract: The malware protection system provides a virtual logon session which runs in the background invisible to the user. The virtual logon session is created on a computer system with the help of the operating system using a separate/partitioned kernel resources such as a desktop, that provides a limited access environment under the context of a logged-on user. The system is configured to run applications inside virtual logon sessions under the logged-on user's credentials with limited access. The system also includes an interceptor module that launches the web browser or web application inside the virtual logon session. The interceptor module intercepts every URL passing through the web browser or web application being run in the virtual logon session. The module checks if the primary web URL is infected by malware and adds the malicious URL to a malicious URL database and a non-malicious URL to a non-malicious URL database.

Abstract: An automated system and method for piracy control based on user generated updates is described. The system and method described renders human intervention for piracy control superfluous and, therefore, is cost-effective, and consumes less time. The automated system and method for piracy control based upon update requests significantly reduces the number of update requests by pirated copies of the software, reduces the burden on the update server and smoothens the overall user experience for the legitimate users of the software.

Abstract: A system for protecting devices operating on 64-bit editions of operating systems by retrieving the file path by which the process was run and not the actual file path from where the process is running and scanning this retrieved file path for viruses.

Abstract: A virus scanning system which scans a mobile device/mobile device for files containing viruses even if the files are not executable on the mobile device. Corrective actions such as removing the files can be performed once the viruses are detected. As a result, viruses which are not executable (as being designed for other mobile device types) can also be detected and removed from mobile devices. According to another aspect, a common interface is provided when a virus scanning program requests data from mobile devices, and the computer is provided with different remote application programming interfaces suited to retrieve the specified data from the corresponding mobile devices. As a result, the computer can be extended to integrate scanning of new device types easily. According to one more aspect, a scanning program retrieves only data portions required for continuing the scan operation.