Abstract: In one embodiment, a backup/restore mechanism is contemplated which may be used to consolidate application servers from a cluster to a single node and/or to restore a clustered environment. The mechanism may automatically consolidate shared resources on a node during a restore, even if the resources were external to the nodes in the cluster (e.g. on a shared storage device). Thus, complex and error prone manual intervention may be avoided, in some embodiments. In some embodiments, the backup mechanism may include checking identifiers for each node and application server in a cluster server data base, to identify node backups as opposed to application server backups. Local node resources may be associated with the node backups, and shared resources may be associated with the application server backups.

Abstract: A portable media storage device may include layers permitting applications to be used at a connected computing device, those systems optionally including drivers for operating a public context layered computing environment or a driver installation program. Also disclosed are computer systems for using other systems for creating those portable storage devices.

Abstract: An image detection manager uses run length encoding to detect a target image in a candidate image. The image detection manager extracts run length encoding data from the candidate image. The image detection manager distinguishes between a foreground and background of the candidate image and target image, and takes into account an interval of scale factors for matching color runs in the foreground and length runs in the background. The image detection manager treats background pixels as wildcards, and utilizes fuzzy color matching in which color levels of adjacent pixels in the foreground are allowed a specified variation. Using such functionality, the image detection manager compares rows of the run length encoding data from the candidate image to rows of run length encoding data from the target image, and determines whether the target image is present in the candidate image.

Abstract: In one embodiment, a computer accessible medium comprises a plurality of instructions that may be executed during a restore operation of a database to a computer system. A first instance of the database is included in backup data being restored and a second instance of the database exists on the computer system. When executed, the instructions process one or more first keys of the second instance that identify one or more second keys of the second instance. The identified second keys are to be preserved in the database subsequent to the restore operation. If the computer system's hardware is equivalent to hardware of a source of the backup data, the instructions, when executed, process a third key that overrides a preservation of at least one of the second keys. In another embodiment, the third key takes precedence over the first keys if a conflict exists between the first keys and the third key.

Abstract: Methods, apparatuses, and computer-readable media for preventing the spread of malicious computer code. An embodiment of the inventive method comprises the steps of: identifying (110) a computer application that is data mining an e-mail address; determining (130) whether the computer application associates at least one executable application and the data mined e-mail address with an e-mail message (120); and blocking (140) the transmission of the e-mail message when the e-mail message is associated with the at least one executable application and the data mined e-mail address.

Abstract: A method, system, and computer program product for identifying and reserving suitable replacement storage devices for use when a storage device underlying a logical volume fails or when the size of the volume is to be increased. Replacement devices are reserved if they conform to the intent of a creator of the logical volume and at the time of creation or reconfiguration of the logical volume. Volume management operations like resizing the volume and evacuating data from the volume use the reserved disks that have already been allocated as suitable to preserve the intent of the creator of the logical volume. Reserving replacement disks in advance ensures that a backup disk is available and eliminates the need to perform a lengthy, time-consuming search for a suitable replacement disk that conforms to the intent of the logical volume.

Abstract: Modification of the hosts file is detected, implementation of the modified hosts file is stalled, the modification to the hosts file is analyzed to determine if the modification is malicious, and if the modification is malicious, the hosts file is restored. In this manner, malicious modification of the hosts file is detected and prevented before the malicious modification is ever implemented.

Abstract: A method includes stalling an attempt to reference an object, and determining whether an attempter that originated the attempt is authorized to access the object. A content-based access control list is used to determine if the attempter is authorized access to the object. This content-based access control list can be customized to protect against malicious code or other threats. Further, attempt information about the attempt can be recorded allowing profiles to be built of what a user or process is doing on a computer system.

Abstract: A system and method for chunk-based indexing of file system content. In one embodiment, the system may include a storage device configured to store data and a file system configured to manage access to the storage device and to store file system content including a plurality of files. The system may further include a search engine configured to construct an index of the file system content. The file system may be further configured to partition a given one of the plurality of files into a plurality of logical chunks, and constructing an index may include generating respective index information associated with each of the plurality of logical chunks.

Abstract: A call to a critical operating system function is stalled. The pregion and pregion type associated with the location of a call module originating the call is determined. In one embodiment, when the pregion type is either a stack or a heap pregion type, protective action is taken, such as terminating the call, otherwise the call is released. In another embodiment, when the pregion type is either a text or shared memory pregion type, the call is released, otherwise protective action is taken.

Abstract: A system and method for collecting information on components in an information technology (IT) system. This embodiment features discovering components in the IT system, determining at least one dependency between two or more of the discovered components, and tracking changes to the discovered components and the dependency between two or more of the discovered components. The discovery of components can be carried out using fingerprints of components, which can include key elements of the component that exist in a full model of all of the elements of the component.

Abstract: An access control system (200) enables a computer network (1) to prevent execution of computer code that may contain computer viruses. An access control console (201) generates an access control message (260) including control parameters such as a time limit (255). Said time limit (255) is disseminated to computers (2, 3) on the network (1). Said computers (2, 3) use the time limit (255) to determine the executability of computer code. Access control system (200) also enables blocking data communications with suspicious or susceptible programs in network (1) during virus outbreaks.

Abstract: Computer implemented methods, apparati, and computer-readable media for quickly and safely opening computer files over a network. In a method embodiment of the present invention, a local computer (10) initiates a test open of a file (14) associated with a remote computer (12) that is coupled to the local computer (10) over the network (15). When the test open discloses that the remote computer (12) has an acceptable malicious code scanning means (13), the local computer (10) performs an actual open of the file (14).

Abstract: A method and system for transmitting data from a computer network security device for monitoring at least one computer network node to an operations center for monitoring at least the computer network security device and to the computer network security device from the operations center in a managed computer network security system including at least the computer network security device and operations center, including establishing security information associated with the at least one computer network security device. The established security information is used to authenticate data transmissions from the computer network security device to the operations center. The established security information is used to authenticate data transmission to the computer network security device from the operations center.

Abstract: A system and method for rebooting an operating system into a recovery environment. A computing system is configured to reboot an operating system into a recovery environment which mimics the environment of an installed operating system. Subsequent to initiating the reboot, the system performs a discovery operation to identify operating systems which are installed on the system. Upon identifying a type and/or version of an operating system which is installed, processes corresponding to an identified operating system are initiated to determine configuration information of the operating system. Subsequently, the determined configuration information is used to establish an environment for the recovery environment which mimics that of the installed operating system. Discovery procedures may include discovering physical disks coupled to the system, identifying logical volumes on each of the disks, and examining each of the logical volumes for installed operating systems.

Abstract: A cloning manager preserves in-place file system objects during a clone operation. The cloning manager determines boundaries of a file system to be created by the clone operation, and identifies at least one protected area within the boundaries, reserved for the file system. The cloning manager also identifies at least one in-place file system object within or overlapping the boundaries to be preserved during the clone operation. The cloning manager ensures that each object to be preserved is not located in a protected area, shifting the objects as necessary. The cloning manager creates the file system during the clone operation only in locations that do not contain objects to be preserved.

Abstract: Restoring access to running states of multiple primary computing systems onto a single computing system. The captured running states each include, or are altered to include, at least one device driver that is configured to interface with a common virtualization component that runs on the single computing system. The common virtualization component is configured to at least indirectly interface with hardware on the single computing system. The hardware potentially operates using a different interface than the device driver is configured to interface with. The system identifies a boot order for each of the primary computing systems, and then starts the running states for each of the primary computing systems in the appropriate boot order in a manner that takes advantage of the virtual environment exposed by the single computing system.

Abstract: Packets on a computer network are low pass filtered using a low and slow network reconnaissance detector to generate a spectrum of packets that are anomalous, i.e., are not commonly occurring IP packet traffic on the computer network. The low and slow network reconnaissance detector includes a low-frequency low-amplitude attenuation function module that adjusts an interest level for a particular network event based upon a number of occurrences. The low and slow network reconnaissance detector also includes an update detector output with system compensation function module. The system compensation function is a time dependent function that adjusts the interest level from the low-frequency low-amplitude attenuation function module to compensate for bursts of activity separated by periods of time. To facilitate the use of both modules, a non-uniformly sampled discrete network event time series for the network event is converted into a uniformly sampled network event time series.

Abstract: A storage management device can receive a request for a modification history for a location within a data store, determine one or more times at which at least a portion of data stored at the location was modified, and transmit the one or more determined times.

Abstract: A method, computer program product and system that establishes and maintains a business continuity policy in a server consolidation environment. Business continuity is ensured by enabling high availability of applications. When an application is started, restarted upon failure, or moved due to an overload situation, a system is selected best fulfilling the requirements for running the application. These requirements can include application requirements, such as an amount of available capacity to handle the load that will be placed on the system by the application. These requirements can further include system requirements, such as honoring a system limit of a number of applications that can be run on a particular system. Respective priorities of applications can be used to determine whether a lower-priority application can be moved to free resources for running a higher-priority application.