Abstract: The disclosure is directed to systems, apparatus, and methods for online purchasing. In one example, a system includes a web server that presents purchase options and receives user input. The system may also include an application server that attempts to authenticate users to existing accounts using an account identifier, such as a user ID or email address. If a user does not provide an identifier corresponding to an existing account, the application server may create a new account. If the user provides an identifier corresponding to an existing account, but does not provide a valid password, the application server may create a provisional account. The application server may also associate purchases with the user's account and provide access to the purchased product. Purchases associated with a provisional account may be resolved with an existing or newly-created permanent account when additional user information is received, such when the product is registered.

Abstract: A computer-implemented method for managing deduplicated data using unilateral referencing may comprise: 1) identifying each file in the deduplicated data system, 2) identifying each data segment in the deduplicated data system that is referenced by at least one file in the deduplicated data system, and then 3) creating an active-data-segments set that identifies or references each data segment that is referenced by at least one file in the system. Data segments in the system that are not identified or referenced in the active-data-segments set may be removed. Corresponding systems and methods are also disclosed.

Abstract: A computer-implemented method for protecting active copies of data may include detecting an attempt to access an active copy of original data, identifying an access rule associated with the original data, and determining whether to allow access to the active copy by applying the access rule to the attempt to access the active copy. The computer-implemented method may also include associating the access rule with a file-system path of the active copy. The access rule may be a file-system rule associated with a file-system path of the original data. Various other computer-implemented methods, systems, and computer-readable media for protecting active copies of data are also disclosed.

Abstract: A computer-implemented method for monitoring physical paths within a computer network may include: 1) identifying a first logical path within a computer network, 2) identifying a physical path that corresponds to the first logical path, 3) probing the physical path to determine whether the first logical path is active, 4) identifying a second logical path within the computer network, 5) determining that the physical path also corresponds to the second logical path, and then 6) using the results of the probe of the physical path to determine whether the second logical path is active without probing the physical path a second time. Additional computer-implemented methods for monitoring physical paths within multi-host computer networks are also disclosed.

Abstract: Various embodiments of a method and an apparatus for identifying invariants to detect software tampering is disclosed. In one embodiment, a method of identifying invariants associated with a software package comprises applying a machine learning technique to a plurality of images associated with a software package to identify a memory location within the plurality of images to be a candidate invariant, wherein the plurality of images comprises images of memory used during execution of the software package and determining an invariant based on the candidate invariant.

Abstract: A computer-implemented method comprising identifying a tag, receiving a setting, and associating the setting with the tag. The tag may be associated with an object. The computer-implemented method may also comprise performing an action based on the setting, and the action may be performed with respect to the object. A computer-implemented method may comprise receiving a tag from a user interface, identifying a module, and associating the tag with a module. Corresponding systems and computer-readable media are also disclosed.

Abstract: Controlling access to a protected network is disclosed. In some embodiments, one or more events that occur will a host is disconnected from the protected network are logged. The log is provided to one or more devices associated with the protected network when the host requests access to the protected network after a period in which it was not connected. In some embodiments, a network access control or other device or process uses the log to determine whether and/or an extent to which the host should be permitted to connect to the network.

Abstract: A method and system for describing, extracting and migrating application information from a first personal computer to one or more other computers is described. This method and system provides a means for selecting and translating the information useful in transferring application programs, settings and files while maintaining the preferred preferences and directories of the users. Using a standard INI file format, this method makes use of Application Information Files (AIFs) that contain a collection of tags. The tags provide identification of multiple versions of the application and conversion information for settings, registry information and files. This invention provides the method of creating self-extracting auto-migrate packages, which permit user customization of the set of files and settings to be migrated and which provides the intelligence needed to write files to the appropriate destination locations and to make the appropriate registry changes.

Abstract: A registry access manager (101) regulates access to executable class registry entities (103). A registry access manager (101) intercepts system calls (107) that access a registry (113). The registry access manager (101) detects attempts by processes (115) to access executable path entities (103) in the registry (113). The registry access manager (101) determines whether a robust, multifaceted security policy permits the attempted access, and blocks or permits the access accordingly.

Abstract: A method and apparatus for providing accurate detection of confidential information is described. In one embodiment, the method includes searching a text document for multiple classified data patterns associated with confidential information that is represented as personal identifiers. The method further includes finding, in the text document, one or more personal identifier candidates matching any of the classified data patterns, and validating each of the personal identifier candidates using one or more personal identifier validators to provide accurate detection of the confidential information in the text document.

Abstract: A computer-implemented method for determining the trustworthiness of a server may comprise: 1) identifying a streaming application that originates from a server, 2) determining a trust level for the server, and then 3) determining, based on the trust level, whether to stream the streaming application from the server. The trust level for the server may be determined by comparing current streams (or portions of current streams) received from the server with prior streams to detect change, by communicating with peer computing systems or reputation services, and/or by analyzing locally stored information. Corresponding systems and computer-readable media are also disclosed.

Abstract: Methods, systems, and products for detecting phishing attempts through fingerprinting are provided. In an embodiment, there is a computer program product that comprises a computer-readable medium and computer program instructions encoded on the medium for deterring fraud perpetrated through an incoming electronic message containing an address for responding to the incoming electronic message. The instructions are for extracting the address from the incoming electronic message and generating a fingerprint based on the extracted address. It is then determined whether the generated fingerprint matches a plurality of stored legitimate fingerprints. When there is a lack of a match, an action is taken to prevent use of the address.

Abstract: To detect possible malicious code that is unpacked at runtime before it is executed, antivirus software requires that any dynamically created code be scanned before it can be executed by a host computer system. This requirement may be enforced by requiring memory pages to be either executable or writable, but not both. Before changing from writable but not executable to executable but not writable, the page is scanned for malicious code. To prevent packers from evading this scanning, a countermeasure tracks the memory mapping in the host system to enforce consistency in the protection settings for all memory spaces that are mapped to the same physical memory page.

Abstract: Various embodiments of a system and method for restoring a backup image to a target computer system such that a network device of the target computer system is automatically configured with network settings specified in the backup image are disclosed. A backup image created from a first computer system may be restored to a second computer system, where the backup image includes first network settings for a first network device of the first computer system. The method may comprise configuring an operating system setup program to automatically apply the first network settings to a second network device of the second computer system, and invoking execution of the operating system setup program.

Abstract: A rollback manager creates a restore point on a computer. The rollback manager stores a reboot indicator in non-revertible storage. The rollback manager monitors the reboot indicator to detect an unexpected reboot during deployment of a modification. The rollback manager configures the computer responsive to the reboot indicator. The rollback manager can roll back the system state, responsive to detecting a failed modification deployment. The rollback manager can deem the computer to be stable, responsive to detecting a successful modification deployment.

Abstract: A method includes creating a first virtual machine comprising a remote file system. The method further includes causing all input/output from a second virtual machine to be redirected to the remote file system, the first virtual machine and the second virtual machine being on a single physical computer. The file system is securely protected from any malicious code executing on the second virtual machine by the hardware enforced partitioning between the first virtual machine and the second virtual machine.

Abstract: Systems, apparatus, and methods are disclosed for collecting and combining consumer satisfaction ratings for online purchases. Users may be prompted for purchase satisfaction after an expected delivery date. Information from one or more user responses may then be compiled and used to rate online vendors.

Abstract: Computer-implemented methods, apparatus, and computer-readable media for recognizing legitimate websites. An embodiment of the inventive method comprises the steps of storing (200) a plurality of network addresses, associating (210) a unique cue with each of the plurality of network addresses, determining (220) whether a user launches a URL, and when it is determined that the user launches the URL, determining (230) whether the URL matches one of the plurality of network addresses, and when it is determined that the URL matches one of the plurality of network addresses, retrieving (240) the cue associated with the one of the plurality of network addresses and deploying (250) the associated cue.

Abstract: A security gateway is provided to facilitate end-point compliance of connected clients to insure appropriate security levels are maintained. The gateway operates as a policy enforcement point, and, when necessary, is used to apply and/or provide the required level of compliance for a connection on behalf of a requesting client. In one aspect, a specified level of compliance for a given security feature is facilitated, even if the requesting client is not able to meet that level of compliance at the time of the request. An adaptive end-point compliance model measures the requesting client's current level of compliance for one or more software programs on the client and may either require remediation, for example, when knowing that the remediation server is available and responding, or may provide, via a surrogate connection, the necessary level of compliance when remediation is not possible.

Abstract: A system and method for providing access to replicated data is disclosed. Embodiments of the present invention utilize a remote access file system to provide access to replicated data concurrently with replication. According to one embodiment including unidirectional replication, access to a replicated target volume is provided using a remote access file system to perform reads locally or “directly” and to perform writes indirectly to a replication source volume which are subsequently replicated to the replication target volume. According to another embodiment, bi-directional replication is provided and access to both replication source and replication target volumes are provided locally and subsequently replicated as necessary.