Abstract: A computer network penetration test discovers vulnerabilities in the network using a number of scan modules. The scan modules perform their scanning of the network separately but in parallel. A scan engine controller oversees the data fed to and received from the scan modules, and controls the sharing of information among the modules according to data records and configuration files that specify how a user-selected set of penetration objectives should be carried out. The system allows for penetration strategies to be attempted simultaneously and independently. Information from each strategy is shared with other strategies so each can be more effective, and together they form a very comprehensive approach to network penetration. The strategies can be throttled at different levels to allow for those that are more likely to achieve success to run at the highest speeds.

Abstract: The present invention provides a system and method for restricting access to data received by a computer over a network by filtering certain data from the data received. In a preferred embodiment, the present invention provides a computer based method for filtering objectionable or target text data from World Wide Web pages which are received by a computer system connected to the Internet. According to the method, if the web page requested by the user contains only a minimum of objectionable or target data, the user may receive a portion of the filtered web page for downloading and viewing on his or her computer. If the web page requested contains a large amount of objectionable or target data, the invention will cause a “forbidden” page to be displayed on the user's computer monitor.

Abstract: Voice conversations by way of communications devices are conducted by transmitting symbols representative of a user's voice from a transmitting communications device (101.1, 101.2) and recreating the user's voice at a receiving communications device (101.1, 101.1). The communications devices (101) each include a processing engine (104) responsive to a user's voice input (110) for generating speech sample data (112) indicative of predetermined portions of the user's voice. A storage device (106) is coupled to the processing engine (104) and stores the speech sample data (112). The processing engine (104) also includes a communication module (200, 300, 400) that generates transmission data, indicative of the user's voice spoken during a communication session as a function of the speech sample data (112) and causes transmission of the transmission data to a remotely located recipient of the communication session.

Abstract: A system is disclosed for controlling intelligible access to secured files by means of a user-memorized password in combination with a user-associated passport record. The passport record takes on two forms, one when it is physically secured within the workstation and a different second form when the passport record is in-transit. Log-in privileges are granted after a presented passport record passes a number of tests including digital signature authentication, and the ability to extract two different encrypted keys from the passport record. The in-transit record does not carry one of those two keys.

Abstract: In accordance with the invention a method of securely and automatically authenticating a user is disclosed. Bona fides are entered for a user, hashed, and stored at an authenticating entity, remote from the user's computer. When a user forgets his/her password, the user enters his/her bona fides, which are again hashed on the user's system, and then securely transmitted to the authenticating entity. The authenticating entity compares the received, hashed bona fides to those previously stored at the authenticating entity. If the comparison shows that the values match or otherwise appropriately correlate, the user will be authenticated. The user will then be provided with the means to access his/her encrypted data. In other words, once authenticated the authenticating entity will automatically provide the user and/or the user's computer with an access key, in one embodiment, allowing the user to access his/her encrypted data.

Abstract: A method for detecting computer viruses comprising three phases: a decryption phase, an exploration phase, and an evaluation phase. A purpose of the decryption phase is to emulate a sufficient number of instructions to allow an encrypted virus to decrypt its viral body. A purpose of the exploration phase is to emulate at least once all sections of code within a region deemed likely to contain any virus present in the target program. A purpose of the evaluation phase is to analyze any suspicious behavior observed during the decryption and exploration phases to determine whether the target appears to be infected.

Abstract: A computer readable file of a first state (3.0) is updated to a second state (3.2) through the use of an incremental update (112) which provides the information necessary to construct the file of the second version (3.2) from a file of the first version (3.2). In order to allow for future access to the first version (3.0), without maintaining a copy of the file of the first version (3.0), a back-update file (206) is created. The back-update file (206) provides the information necessary to construct a file of the first state (3.0) from a file of the second state (3.2).

Abstract: A system is disclosed for controlling intelligible access to secured files by means of a user-memorized password in combination with a user-associated passport record. The passport record takes on two forms, one when it is physically secured within the workstation and a different second form when the passport record is in-transit. Log-in privileges are granted after a presented passport record passes a number of tests including digital signature authentication, and the ability to extract two different encrypted keys from the passport record. The in-transit record does not carry one of those two keys.

Abstract: A machine system includes bubble protection for protecting the information of certain classes of files from unauthorized access by way of unauthorized classes of programs at unauthorized periods of time. The machine system additionally may have OTF mechanisms for automatic decryption of confidential file data on a per-use basis and automatic later elimination of the decrypted data by scorching and/or re-encrypting is disclosed. The system can operate within a multi-threaded environment. The machine system additionally may have a digital signature mechanism for protecting file data from unauthorized tampering. The machine system additionally may have a volume-encryption mechanism for protecting plaintext versions of file data from exposure in events of power outages.

Abstract: A method and article of manufacture, such as a magnetic disk containing computer instructions, for preventing a device driver from disabling an operating system during boot-up is provided. Fault tolerant booting software is provided in a computer having remote control software. The computer is able to provide video information to another remote computer in response to a user's input. The fault tolerant booting software interfaces with the computer's various device drivers, including, a video driver, keyboard driver, and a pointing device driver. The fault tolerant booting software attaches to identified device drivers to prevent a faulty driver filter from rendering the operating system inoperable for failing to load during a bootstrap routine. The method includes a step of restoring registry information after the fault tolerant booting software attaches the device filters to identified device drivers. Messages are also displayed to identify a faulty device driver.

Abstract: The export record of an operating system kernel employing dynamically-linked loading modules (e.g., portable-executable modules) is thunked so as to globally and forcibly redirect service requests from afterwards loaded modules to subclassing routines instead of to original servicing routines of the kernel. The base location of the kernel is determined from an Image_Base entry of its disk-image. An offset storing position in the export record is overwritten with a value equal to the value of the address of the subclassing routine minus the kernel's base address. Use of the thunked export record is forced even for ‘bound’ external references by altering the time stamp in the kernel's export record to a nonmatching value.

Abstract: A system is disclosed for controlling intelligible access to secured files by means of a user-memorized password in combination with a user-associated passport record. The passport record takes on two forms, one when it is physically secured within the workstation and a different second form when the passport record is in-transit. Log-in privileges are granted after a presented passport record passes a number of tests including digital signature authentication, and the ability to extract two different encrypted keys from the passport record. The in-transit record does not carry one of those two keys.

Abstract: Incremental updating of a file (100) that has been rebased or realigned is accomplished through the use of a canonical form (100B). In terms of rebasing, a canonical form (100B) is one that has been rebased to a predetermined base address (104). In one embodiment this predetermined base address (104) is zero. In terms of realigning, a canonical form (100B) is one that has been realigned in a predetermined way. In one embodiment, the segments (110) of the file (100) are realigned such that there is no gap (114) between the end of one segment (110) and the start of the next segment (110). In another embodiment, the segments (110) of the file (100) are realigned to page boundaries (112) of a predetermined size. An incremental update (124) for the file (100) is determined that transforms the file from the canonical form (100B) to the desired update form (100C).

Abstract: A boot failure recovery system operates to diagnose a failed system boot in a computer operating system which boots by bootstrapping from a boot sector (12) of a storage medium (10) using configuration information (82). The boot failure recovery system includes an agent (24) which monitors operating system files used during system boot and which stores information regarding changes to the system files to a change file. A repair module (22) analyzes the change file to determine the cause of the failed system boot. A boot check module (16) responds to initiation of a system boot by determining if a prior system boot was successful. Boot check module (16) causes execution of a first boot sector code module (16) upon occurrence of a successful prior system boot and causes execution of the repair module (22) upon occurrence of a failed prior system boot.

Abstract: Prior to execution of a file system structure modification procedure (406) which can leave the file system structure in an invalid state, a copy is made of a boot record (110), and the boot record (110) is replaced by a recovery program (130). If the file system structure modification procedure (406) fails, leaving the file system structure in an invalid state, the recovery program (130) is automatically executed when the computer is rebooted (414). In one embodiment, the recovery program (130) completes the failed file system structure modification (406). In another embodiment, the recovery program (130) rolls the file system structure back to a valid state which predates the attempted file system structure modification (406). After restoring the file system structure to an intact state, the recovery program (130) uses the copy of the boot record (110) to restore the boot record (110) to its original state.

Abstract: A computer readable file of an original state is updated to a final state. The original state and the final state are both states within a sequence (100) of states, which sequence (100) includes at least one hub state and one non-hub state. A first hub version, which corresponds to a hub state which is at least as early in the sequence as the original state, is stored locally. A hub incremental update (110) is retrieved (314) and used to update (316) the hub version to a second hub version, which second hub version corresponds to a hub state which is at least as early in the sequence (100) as the final state. A final incremental update (112) is retrieved (320) and used with the file of the final hub version to produce (322) a file of the final state. The files corresponding to both the second hub state and the final state are retained (324).

Abstract: An apparatus and computer method, that are generally referred to herein as ANTI-FREEZE.TM., are provided for controlling the operation of a computer running under a multitasking operating system (OS) such as WINDOWS.RTM. 95 or WINDOWS.RTM. NT operating system. When an application program becomes unresponsive to inputs from the keyboard and/or mouse, ANTI-FREEZE.TM. provides a user interface for identifying the unresponsive program and for causing the OS to send a message to the identified program. If the identified program responds to the message, ANTI-FREEZE.TM. determines if the identified program has any disabled windows and if so, enables a a disabled window. If the identified program does not respond to the message, ANTI-FREEZE.TM. modifies the stack or another part of the identified program in a way that causes it to become responsive to messages sent from the OS.

Abstract: A system and method for deploying one or more software packages (18) over a communications interface (1). A push trigger (10) is sent to a server computer (2). In response to the trigger (10), the server computer (2) generates a notification package (12, 13, 14). The notification package (12, 13, 14) is sent over the communications interface (1) to at least one client computer (2). Each client computer (2) contains at least one notification transport (15, 16, 17) which recognizes a corresponding notification package (12, 13, 14). The notification transport (15, 16, 17) then instructs the server computer (2) to automatically push the software package (18) to the client computer (4) over the communications interface (1). E-mail transport (15), UNC transport (16), and opportunistic transport (17) are described.

Abstract: System and method for verifying the integrity of contents within a computer file. A security value S is stored within the file. A verification function f is applied against the entire contents of the file including S, where f is a function of S. Results R of the applying step are compared against a preselected value r, where r is not stored within the file. When R equals r, a determination is made that the file has not been modified. f is typically a distributive invertible function such as the Cyclic Redundancy Check (CRC) function known as modulo p, where p is a prime number and is one bit greater than the length of S. Typically, the value of r is zero. Before executing the verification function f, a check generating program is first executed. This check generating program is executed by a computer that is remote from the file, further enhancing the security of the system.

Abstract: System, method, and computer readable medium for examining a file (1) associated with an originating computer (2) to determine whether a virus is present within the file (1). File (1) contains at least one sector and is scanned by an antivirus module (3). An identification and hash value of each scanned sector, a date of an update to antivirus module (3), and a version number of antivirus module (3) are stored into a critical sectors file (4). Hash values can be calculated by an antivirus accelerator module (5). An authentication module (12) affixes a digital signature to critical sectors file (4). File (1), critical sectors file (4), and digital signature (15) are then transmitted over network (14) to a recipient computer (11). File (1) sectors that were scanned by originating computer (2) are examined by antivirus module (3'). Each of these sectors again has its hash value calculated and compared with the hash value of the corresponding sector as stored within critical sectors file (4).