Abstract: A service monitor and a browser monitor determine performance metrics on both a server and a client in connection with a distributed application running on a network. While applicable to other types of distributed application data, an example is described in which a Web page is requested by a user running a browser program on the client computer. In response, the server transmits the requested Web page, along with JavaScript code that defines a browser monitor, to the client. A browser monitoring function controlled by this code determines a plurality of different performance metrics related to the access of Web pages by the client. In addition, the server monitor determines performance metrics specific to its function in providing the Web page to the client. A correlated performance metric is determined by combining a server performance metric with a browser performance metric.

Abstract: Systems and methods for protecting a computer during a period of increased vulnerability. In one implementation, a method for protecting a computer is provided. The method includes monitoring a computing device having an first security state for one or more events indicating a time period of increased vulnerability. The method includes adjusting one or more security policies in response to the one or more events to generate a second security state. The method also includes identifying an end of the time of increased vulnerability, and restoring the computing to the first security state. In one implementation, the computer is an embedded device.

Abstract: Methods are provided for detecting the processing status of data blocks in systems having intermittent connections. A hash value is used at times in place of a block's data content, thereby reducing processing of the block. Hash values may be maintained locally. Blocks collected locally may be stored locally at least until a connection to a server becomes available again. Systems and configured storage media are also provided.

Abstract: Methods and systems for reducing the spread of malware in communication between an instant message (IM) client and an IM server are described. An IM filter module (IM FM) is configured to intercept a buddy list sent from an IM server to an IM client, add one or more fictitious buddies to the intercepted buddy list, and forward the buddy list with the one or more fictitious buddies to the IM client. The IM FM is further configured to identify a computer that hosts the IM client as a source of malware based on messages sent by the IM client to at least one of the fictitious buddies and to determine that the host computer of the IM client is a source of malware if a content of the messages sent to the at least one of the fictitious buddies contains malware.

Abstract: Techniques for optimizing configuration partitioning are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for configuration partitioning comprising a module for providing one or more policy managers, a module for providing one or more applications, the one or more applications assigned to one or more application groups, a module for associating related application groups with one or more blocks, and a module for assigning each of the one or more blocks to one of the one or more policy managers, wherein if one or more of the one or more blocks cannot be assigned to a policy manager, breaking the one or more blocks into the one or more application groups and assigning the one or more application groups to one of the one or more policy managers.

Abstract: In one embodiment, a virtual NUMA system may be formed from multiple computer systems coupled to a network such as InfiniBand, Ethernet, etc. Each computer includes one or more software modules which present the resources of the computers as a virtual NUMA machine. A single instance of a guest operating system executes on the virtual NUMA machine. The guest operating system is designed to execute on a NUMA system and executes without modification on the virtual machine. The memory model of the virtual NUMA machine includes a single writer, multiple reader memory model.

Abstract: Method, system, apparatus, and computer program and computer program product provide on-demand, scalable computational resources to application providers over a distributed network and system. Resources are made available based on demand for applications. Application providers are charged fees based on the amount of resources utilized to satisfy the needs of the application. In providing compute resources, method and apparatus is capable of rapidly activating a plurality of instances of the applications as demand increases and to halt instances as demand drops. Application providers are charged based on metered amount of computational resources utilized in processing their applications. Application providers access the network to distribute applications onto network to utilize distributed compute resources for processing of the applications. Application providers are further capable of monitoring, updating and replacing distributed applications.

Abstract: The present invention provides a method of securely encoding and transmitting data using a template to produce an encoded text string. The encoding of the data and the arrangements of the data elements provide a two-fold level of protection and can be decoded in a useable format with the template. Furthermore there is a third level of protection with the incorporation of a check sum in the dataset. The method allows data exchange between two computer programs because of the highly compact nature of the encoded dataset.

Abstract: Voice conversations by way of communications devices are conducted by transmitting symbols representative of a user's voice from a transmitting communications device and recreating the user's voice at a receiving communications device. The communications devices each include a processing engine responsive to a user's voice input for generating speech sample data indicative of predetermined portions of the user's voice. A storage device is coupled to the processing engine and stores the speech sample data. The processing engine also includes a communication module that generates transmission data, indicative of the user's voice spoken during a communication session as a function of the speech sample data and causes transmission of the transmission data to a remotely located recipient of the communication session.

Abstract: A malicious software detection module (MSDM) detects worms and other malicious software. The MSDM executes on a computer system connected to a network. The MSDM monitors a storage device of the computer system for the arrival of software from a suspicious portal. The MSDM designates such software as suspicious. The MSDM tracks the set of files that are associated with the suspicious software. If the files in the set individually or collectively engage in suspicious behavior, the MSDM declares the suspicious software malicious and prevents file replication and/or other malicious behavior.

Abstract: A machine system includes bubble protection for protecting the information of certain classes of files from unauthorized access by way of unauthorized classes of programs at unauthorized periods of time. The machine system additionally may have On-The-Fly (OTF) mechanisms for automatic decryption of confidential file data on a per-use basis and automatic later elimination of the decrypted data by scorching and/or re-encrypting is disclosed. The system can operate within a multi-threaded environment. The machine system additionally may have a digital signature mechanism for protecting file data from unauthorized tampering. The machine system additionally may have a volume-encryption mechanism for protecting plaintext versions of file data from exposure in events of power outages.

Abstract: Techniques are provided for preventing network discovery of a system services configuration. Preventing network discovery of a host system services configuration includes receiving a request from a remote address at a port on the host, observing a pattern associated with the request, authenticating the remote address based on the pattern associated with the request, and enabling access to the host over the port if the remote address is authenticated. Also provided are the interception of port connection requests and probes to enable connections with an authenticated remote address while preventing remote port scanning and unauthenticated access to a target host. Hiding applications and ports from remote port scanning but creating availability for remote administration is also disclosed. Finally, using connection request and probe patterns to establish a password and enable a remote address to access a port without being observed is provided.

Abstract: Systems, methods, apparatus and software can implement a flexible I/O fence mechanism framework allowing clustered computer systems to conveniently use one or more I/O fencing techniques. Various different fencing techniques can be used, and fencing mechanism can be customized.

Abstract: A method includes stalling a cache flush instruction to flush a cache; determining that the cache comprises a file that has been infected with malicious code, and terminating the cache flush instruction to prevent the cache from being flushed to disk. By preventing copying of the infected file from the cache to disk, the malicious code is prevented from being propagated to disk. Accordingly, the malicious code is detected and defeated without having the malicious code be present on disk. Thus, detection of an infected file on disk and the repair of the infected file on disk are unnecessary and obviated.

Abstract: Methods, apparati, and computer-readable media thwart a phishing attack on a recipient of an electronic message by intercepting the electronic message; extracting a sender domain name from the electronic message; identifying remote links associated with the electronic message; comparing the identified remote links against a pre-established set of acceptable domains, using the extracted sender domain name as an index; and when at least one extracted remote link is not found in the pre-established set of acceptable domains, preventing the message from being delivered to the recipient.

Abstract: Systems and method of computer security are provided. In one implementation, a method is provided. The method includes monitoring incoming kernel mode calls and identifying a kernel mode call to verify using a predetermined criterion. The method also includes validating the identified kernel mode call, and processing the kernel mode call in accordance with the results of the validation of the kernel mode call. In another implementation a kernel application programming interface validation device is provided. The kernel application programming interface validation device includes a monitoring engine for monitoring incoming kernel mode calls, an analysis engine operable to examiner kernel mode calls, a validation engine operable to determine if a kernel mode call is valid using the results of the analysis engine, and a processing engine.

Abstract: A method, apparatus, and system for accessing units of storage that depends at least in part on an address of the unit of storage and the time that data was written to the unit of storage.

Abstract: System and method for pre-provisioning data storage in a network storage environment. Embodiments may pre-provision more storage than needed and make the spare storage available to two or more hosts in the storage network. Spare storage may be pre-provisioned as part of a pool or pools, and any one of the hosts on the storage network may claim spare storage out of the pool(s) to which it has access on an as-needed basis. Embodiments remove the data center's change control process from the critical path in provisioning additional storage, and do not result in the generation of I/O errors on writes to storage if the pool of spare storage available to a host is exhausted. In one embodiment, a coordinating service on the storage network may coordinate access to the pool of spare storage by the hosts on the storage network.

Abstract: A system, method, and computer-accessible medium for modifying user memory from an arbitrary kernel state are disclosed. The kernel may generate a modification to the context of the process. Subsequently, the kernel may pass control to the process in user mode, and further, the process may pass control from the user mode to the kernel in response to the modification of the context of the process. The kernel may then modify the process memory from kernel mode.

Abstract: A method for rating reliability of storage devices is disclosed. A reliability rating for a group of storage devices is assigned to a first rating. The first rating indicates an expected reliability that is the same for each individual one of the storage devices in the group. The expected reliability provides an indication of how reliable the storage devices in the group are expected to be. Information indicating one or more operational characteristics for one or more of the storage devices in the group may be periodically received and analyzed to determine whether the reliability rating for the group of storage devices should be changed. If so then the reliability rating for the group is changed to a different rating, e.g., to indicate either a decrease or an increase in the expected reliability of the storage devices in the group.