Abstract: Security sensor data from intrusion detection system (IDS) sensors, vulnerability assessment (VA) sensors, and/or other security sensors is used to enhance the compliancy determination in a client compliancy system. A database is used to store the security sensor data. In one particular embodiment, a list of device compliance statuses indexed by corresponding identifiers (e.g., IP/MAC addresses) combined from IDS, VA, and/or other security sensing technologies is made available as a non-compliance database for query, so that clients and other compliancy authentication elements can tell that a particular client appears to be out of compliance. A client-side self-policing compliance system is enabled, and can be used in conjunction with automated endpoint compliance policy configuration to reduce system administrator burden.

Abstract: A parental control system is used to verify the identity of parents, based on children's instant messaging aliases. A plurality of verified parental accounts is maintained, each of which includes the identity of the parents and their children, including the children's instant messaging aliases. When a first child wishes to electronically communicate with a second child, s/he makes a request which includes the second child's alias and additional information identifying the target party. Only if an account containing the alias is found and the additional information can be verified, an identity verification request is transmitted, disclosing the identity of the first child's parents, and requesting reciprocal identity verification. Only if the second child's parents disclose their identity is the instant messaging between the children permitted.

Abstract: A computer apparatus receives seed characters relating to an object and accesses rules to generate an identifier. The identifier includes a human-readable component that conveys understanding to a non-skilled user. The identifier complies with limitations dictated by the rules and is not based on random generation.

Abstract: A method and mechanism for monitoring performance in a network computing system. A user application on a source system is configured to communication with a destination system. The application is configured to load a dynamic linked library upon execution. The dynamic linked library is configured to store packet identifiers and time stamp information for communication packets received from the application prior to the packets being conveyed to the destination system. Upon receipt of an acknowledgement packet from the destination system, the library code is configured to retrieve the previously stored time stamp information, determine transit latency information corresponding to the communication packet, and log the determined transit latency information. Acknowledgement packets may further include time stamp information which may be utilized to determine additional latency information corresponding to the communication packet and/or acknowledgement packet.

Abstract: A method, apparatus, and system for accessing units of storage in at least one logical unit by processing I/O requests directed to the logical units using a LUN queue and an operation-type queue. By using the queues to process the I/O requests, the requests can be processed without address collisions.

Abstract: A computer system and method for performing restore operations. A computer system includes one or more hosts. At least one host includes a backup agent. In response to a request to restore a file to a first host, a backup component identifies copies of portions of the file stored on a second host, retrieves the copies, and restores the file on the first host from the copies. The backup component maintains a catalog of entries corresponding to copies of portions of files stored on the hosts. In response to a request to restore the file to a first host, the backup component queries the catalog to identify one or more candidate locations where copies of portions of the file have been stored. The first and second hosts may be the same. The backup component may be located on a host or on a backup server.

Abstract: A system and method for data storage in an array. A system includes a client coupled to a storage subsystem. The storage subsystem comprises data storage locations addressable as rows and columns in an array. Each column comprises a separate storage device. Each row includes redundant data. For a given row, a coordinating storage device receives data from the client, coordinates computation and storage of redundant data, and forwards data to other storage devices. In response to receiving data targeted for storage in a given storage location, a non-volatile, temporary storage device that is associated with the separate storage device that includes the given storage location buffers the received data. The coordinating storage device conveys a write completion message to the client in response to detecting that the data has been buffered in the non-volatile, temporary storage devices. At least two storage devices are coordinating storage devices in separate rows.

Abstract: Various embodiments of a computer system and methods are disclosed. In one embodiment, a computer system includes a host coupled to a backup store. The host backs up a dataset to the backup store. The dataset comprises data entities and application-specific metadata describing the data entities. The application-specific metadata enables an application to use the data entities. The host: mounts the backup store for read/write access by the application, accesses the backup store with the application, selects a data entity, and performs an operation on the data entity in the backup store using the application. The operation may comprise verifying that the data entity is valid and usable in the context of the application or creating an archival backup of the data entity on a backup medium. The backup store may be a disk-based backup store and the backup medium may be a tape-based backup medium.

Abstract: HTTP requests initiated from a web browser of a client computer system are proxied prior to release to a router, such as a home router. HTTP requests identifying a referrer URL corresponding to routable, public IP address and a target URL corresponding to a non-routable, private IP address are determined to be indicative of a drive-by pharming attack, and are blocked from sending to the router. HTTP requests not identifying a referrer URL corresponding to a routable, public IP address and a target URL corresponding to a non-routable, private IP address, the HTTP request are not determined to be indicative of a drive-by pharming attack, and are released for sending to the router. In some embodiments, an HTTP response received in response to a released HTTP request is proxied prior to release to the web browser. An HTTP response having content of type text/html or script is modified as indicated to prevent malicious activity and released to the web browser.

Abstract: Techniques for system recovery using change tracking are disclosed. In one particular exemplary embodiment, the techniques may be realized as a computer implemented method for providing system recovery using change tracking comprising receiving a request to write to electronic storage, identifying a region in the electronic storage region associated with the write request, setting a region indicator identifying the electronic storage region as dirty, and setting one or more portion indicators identifying one or more dirty portions of the electronic storage region.

Abstract: Enabling an off-host computer to migrate data of a data volume. In one embodiment, the off-host computer copies data contents of n data blocks of a first data volume to n data blocks, respectively, of a second data volume. A host computer is capable of modifying data contents of a first plurality of data blocks of the n data blocks of the first data volume after the off-host computer begins copying data contents of the n data blocks of the first data volume to the n data blocks, respectively, of the second data volume.

Abstract: A computer method for issuing an early warning includes determining, using change and test coverage and control flow and data flow analyses of a program, locations in the program at which to insert early warning (EW) code to monitor for an event. The program is instrumented with EW code which monitors for the event, by inserting EW code at the determined locations. Upon detecting the event, EW code performs an early action warning, or issues an early action. Early warnings are issued when an EW-instrumented block is reached. Issuance of an early warning action can be conditional upon execution of the program in a particular environment, such as a production environment. Issuance of an EW can also be conditional upon executing an untested block of code that was recently modified.

Abstract: Methods and systems for reducing the spread of malware in communication between an instant message (IM) client and an IM server are described. A malware trapping system (MTS) creates and registers a set of virtual IM users with an IM server. The virtual IM users include account names by which other users of the IM server can communicate with the virtual IM users. The MTS publicizes the account names of the virtual IM users, which causes sources of malware to illicitly acquire the account names of the virtual IM users. The MTS identifies any IM user sending a message to one of the virtual users as a source of malware. The MTS also identifies such a message as a malware message and collects information about the sources of malware and malware messages and stores the information in a database. An IM filter module, accessing the information stored in the database, identifies and blocks malware messages based on the information.

Abstract: A computer has protected resources presenting threat vectors that malicious software can use to attack the computer. A security module has monitoring components that monitor the protected resources to detect malicious software. The security module detects if a protected resource enters a steady security state. In response to a protected resource entering a steady state, the security module selectively disables the components that monitor the protected resource, thereby conserving the computing resources utilized by the security module and freeing the computing resources for other tasks. If the resource exits the steady security state, the security module temporarily blocks access to the resource while it enables the monitoring components for that resource.

Abstract: Methods and systems for reducing the spread of malware in communication between an instant message (IM) client and an IM server are described. An IM filter module (IM FM) is configured to examine incoming messages from an IM server to an IM client and outgoing messages from the IM client to the IM server. The IM filter module is further configured to analyze relationship among the incoming and outgoing messages and determine whether one or more messages contain malware based on the analysis of relationship among the incoming and outgoing messages.

Abstract: A distributed data object sharing system in which a plurality of data objects are replicated across computing nodes. The system may be operable to identify replica conflicts for the data objects and modify tree structures to reflect the conflicts. In one embodiment, a tree structure may represent a plurality of replica versions. Replica versions in conflict with each other may be represented as child versions at branch points in the tree.

Abstract: A system, method, and computer-accessible medium for detecting and logging in-line synchronization primitives are disclosed. One or more in-line synchronization primitives in a computer program are programmatically detected during execution of the computer program. The one or more in-line synchronization primitives are stored in a log.

Abstract: A system and method for writing and reading blocks of a data volume are disclosed. The method provides continuous data protection (CDP) for a data volume by backing up blocks of the data volume in real time to a local CDP log and transmitting the blocks over the Internet for storage in a remote CDP log on a server computer system in response to write requests that change the blocks of the data volume. In response to a read request for a particular block the method attempts to read the block from the data volume. If the block is not present in the data volume the method attempts to read the block from the local CDP log. If the block is not present in the local CDP log the method request the server computer system to read the block from the remote CDP log and return the block.

Abstract: Various embodiments of a network protocol that utilizes a congestion control algorithm that distinguishes between congestion loss and damage loss are described. In response to a packet loss on a network, a delay-based detection algorithm may be performed based on RTT (Round-Trip Time) information to determine whether the network is congested. If the delay-based detection algorithm does not determine that the network is congested then a consistency-based detection algorithm may be performed based on packet loss rate information. If either the delay-based detection algorithm or the consistency-based detection algorithm determine that the network is congested then the rate of data transmission may be reduced, e.g., by reducing a congestion window size.

Abstract: A method for encapsulation of extensibility records for backup and restore comprises determining whether a storage object to be backed up, such as a file or a directory of a primary data set, has an extensibility record associated with it. In response to determining that the storage object has an associated extensibility record, the method may include storing an encoding of at least a portion of the extensibility record, and generating a backup version of the storage object.