Abstract: A method for fast I/O path failure detection and cluster wide failover. The method includes accessing a distributed computer system having a cluster including a plurality of nodes, and experiencing an I/O path failure for a storage device. An I/O failure message is generated in response to the I/O path failure. A cluster wide I/O failure message broadcast to the plurality of nodes that designates a faulted controller. Upon receiving I/O failure responses from the plurality nodes, an I/O queue message is broadcast to the nodes to cause the nodes to queue I/O through the faulted controller and switch to an alternate controller. Upon receiving I/O queue responses from the plurality nodes, an I/O failover commit message is broadcast to the nodes to cause the nodes to commit to a failure and un-queue their I/O.

Abstract: Information migration systems and methods are presented. In one embodiment, a cloud information migration method comprises: performing a migration interpretation process, including interpreting migration initiation information; performing a migration information retrieval process to automatically retrieve information in a first configuration from a first cloud vendor in accordance with the migration initiation information; performing a migration information configuration process, including automatically converting the retrieved information in a first configuration to information in a second configuration, wherein the second configuration is compatible with a second cloud vendor; and performing a migration information forwarding process to automatically forward the information in a second configuration to the second cloud vendor in accordance with the migration initiation information.

Abstract: Embodiments of the present invention are directed to a method and system for filesystem deduplication that uses both small fingerprint granularity and variable length sharing techniques. The method includes accessing, within an electronic system, a plurality of files in a primary storage filesystem and determining a plurality of fingerprints for the plurality of files. Each respective fingerprint may correspond to a respective portion of a respective file of the plurality of files. The method further includes determining a plurality of portions of the plurality of files where each of the plurality of portions has the same corresponding fingerprint and accessing a list comprising a plurality of portions of files previously deduplicated. A portion of a file of the plurality of files not present in the list may then be deduplicated. Consecutive portions of variables lengths having the same corresponding fingerprints may also be deduplicated.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detect malware at the client. The security module computes a hygiene score based on detected malware and provides it to the reputation server. The security module monitors client encounters with entities such as files, programs, and websites. When a client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The security module evaluates the reputation score and optionally cancels an activity involving the entity. The reputation server computes reputation scores for the entities based on the clients' hygiene scores and operations performed in response to the evaluations. The reputation server prioritizes malware submissions from the client security modules based on the reputation scores.

Abstract: A computer-implemented method for dynamically managing the migration of a single instance of data between storage devices is described. A request to access a single instance of data stored in a storage device is received. A copy of the single instance of data is retrieved from the storage device. A determination is made as to whether a frequency of requests to access the single instance of data satisfies a threshold. The single instance of data is duplicated if the frequency of requests satisfies the threshold. The duplicated single instance of data is stored.

Abstract: A computer-implemented method for focusing product testing based on areas of change within the product is described. A link between resource files of a product and test cases associated with the product is created. The resource files of a first build of the product are compared with the resource files of a second build of the product. A report that comprises which resource files changed between the first build of the product and the second build of the product is generated. The resource files that have changed and the test cases linked to the changed resource files are displayed. The test cases linked to the changed resource files are executed.

Abstract: A computer-implemented method for authenticating requests from a client running trialware through a proof of work protocol is described. A request received from a client running trialware is analyzed. A cryptographic puzzle is generated if an authentication token is not included with the request. The cryptographic puzzle is transmitted to the client. A solution to the cryptographic puzzle received from the client is analyzed. A response to the request is generated if the received solution to the puzzle is validated.

Abstract: Techniques for classifying unknown files taking into account temporal proximity between unknown files and files with known classifications are disclosed. In response to a classification request for a target file, client systems hosting (or hosted) instances of the target file are identified. For each system, files created around the time the target file was created on the system are identified. Within the identified files, files with known classifications are identified, and a score is determined for each such file to measure temporal proximity between the creation of the file and the creation of the target file. Local temporal proximity scores aggregate the scores for the client system. Global temporal proximity scores measures an aspect of the local temporal proximity scores for all identified client systems. The global temporal proximity scores are fed into a classifier to determine a classification, which is returned in response to the classification request.

Abstract: A reputation system generates reputation scores for websites based at least in part on analyses of disposable data misuse associated with the websites. The reputation system receives reports describing disposable data misuses detected by clients and/or other entities, such as credit card issuers. The reputation system also detects certain types of misuse itself by analyzing received disposable data involved in a misuse detection to determine the websites or other entities that misused the data. The reputation system generates misuse statistics describing the amount of data misuse performed by websites. The reputation system generates reputation scores for websites based on the disposable data misuse statistics and, optionally, other reputation information for the websites, such as malware distribution associated with the websites. The reputation system reports the reputations of the websites to the clients.

Abstract: A security module on a client monitors file creations at the client and reports heritage data describing the monitored file creations to a security server. A file categorization module at the security server receives file heritage data reports from a plurality of clients. The heritage data reports identify parent files that created executable child files at the clients. The file categorization module filters the heritage data to identify and prioritize parent files that are not categorized. The file categorization module analyzes the uncategorized files in priority order to categorize the files as “expected executable file creators” or “executable file creators of interest.” The file categorization module reports the file categorization data to the security modules of the clients. The security modules use the file categorization data to identify malware at the clients.

Abstract: A data instance to be shared by multiple virtual machines is stored at a hypervisor level. A file system driver is provided to each virtual machine. Each virtual machine mounts a file system backed by the data instance, and thus has read access to the data through its mounted file system. A virtual machine is suspended. A copy of the data instance is saved as part of the stored image of the suspended virtual machine. The suspended virtual machine is subsequently restored from the stored image, and the copy of the data instance is present in the restored virtual machine. The copy of the data instance is detected at a hypervisor level, and the restored virtual machine is provided with read access to the data instance through its mounted filed system.

Abstract: A method and apparatus for synchronously changing authentication credentials of a plurality of domains comprising detecting an authentication credential change event for a particular domain, where the authentication credential is being changed from a first credential to a second credential, determining whether the particular domain is within a domain group, and, if the particular domain is within the domain group, changing the authentication credential of at least one other domain in the domain group from the first credential to the second credential.

Abstract: Various systems and methods can provide application-aware high availability of virtual machines. For example, one method involves receiving information indicating a state of an application executing in a virtual machine. The information is received by a computing device implementing a virtual machine monitoring agent that is monitoring the virtual machine. In response to receiving the information, the method determines whether the virtual machine should be restarted, based at least in part on the state of the application executing in the virtual machine. The method then generates information indicating whether the virtual machine should be restarted, in response to making the determination.

Abstract: A method for converting a physical file system to a virtual file system of a virtual machine. The method includes initiating a new incremental physical to virtual conversion process, and analyzing a history of a plurality of prior incremental conversions to determine whether there exists at least one prior incremental conversion that failed. Upon determination that a prior failed incremental conversion occurred, the method further includes determining a correct chronological order of the plurality of prior incremental conversions, and determining an original failure point and any subsequent failure points. The prior incremental conversions are re-applied from each of said original failure point and said subsequent failure points in the correct chronological order with the most recent incremental conversion re-applied last.

Abstract: A full backup of a database is created at a first point in time. To restore the database to its state at a second point in time (after the full backup was created), a set of incremental backups, including the incremental backup that corresponds to the second point in time and incremental backups created between the first and second points in time, is used in reverse chronological order. For example, blocks in the full backup can be selectively overwritten with corresponding blocks from the incremental backups in reverse chronological order.

Abstract: A method and apparatus for monitoring sensitive data on a computer network is described. In one embodiment, a method for protecting sensitive data from being leaked to a computer network comprises monitoring data related to a user that is presented on one or more web pages through a common interface, which enables a search for sensitive data on the one or more web pages of the one or more web sites and determining a disclosure of the sensitive data on a web page of one or more web pages.

Abstract: A computer-implemented method for creating incremental images of cluster volumes. The method may include 1) maintaining a parallel cluster comprising a plurality of cluster nodes connected to a cluster volume; 2) creating a first incremental image of the cluster volume by capturing changes to the cluster volume on a first mirror during a first period of time; 3) for each cluster node in the parallel cluster, blocking write completions for writes to the cluster volume; 4) while the write completions are blocked, switching to a second mirror to create a second incremental image of the cluster volume by capturing changes to the cluster volume on the second mirror during a second period of time; and 5) after switching to the second mirror, unblocking the write completions for writes to the cluster volume. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method of providing web site verification information to a user includes receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also includes accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further includes transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.

Abstract: A computer-implemented method for data-selection-specific data deduplication associated with a single-instance-storage computing subsystem may comprise: 1) detecting a request to store a data selection to the single-instance-storage computing subsystem, 2) identifying a data-selection-specific fingerprint set associated with the data selection and stored on a storage device, and 3) utilizing the data-selection-specific fingerprint set associated with the data selection for data deduplication associated with the request to store the data selection to the single-instance-storage computing subsystem. Other exemplary data deduplication methods, as well as corresponding exemplary systems and computer-readable media, are also disclosed.

Abstract: The Domain Name System (DNS) can be used to query for security information in real time. A security module on a client detects a network connection and sends a test probe as a DNS resolution request to a DNS server associated with a security server via the network connection. The test probe requests resolution of a domain name for which the DNS server is authoritative. The security module analyzes a response to the test probe to determine whether the response is valid based on testing information included in the DNS response. Responsive to whether a valid response to the test probe is received, the security module selects a network service for subsequent communications via the network connection.