Abstract: A computer-implemented method for assessing Internet addresses may include (1) identifying an Internet Protocol address, (2) identifying a plurality of files downloaded from the Internet Protocol address, (3) generating an aggregation of security assessments that relates to the Internet Protocol address and that may be based at least in part on a security assessment of each of the plurality of files, (4) determining a trustworthiness of the Internet Protocol address based at least in part on the aggregation of security assessments and (5) facilitating a security action based at least in part on the trustworthiness of the Internet Protocol address. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for trust propagation of signed files across devices may include identifying a signed file on a device, calculating, on the device, a hash based at least in part on the signed file, querying, with the hash, a server which has verified that the signed file is trustworthy based on a digital signature of the signed file having been verified by an additional device capable of verifying digital signatures, receiving on the device, in response to querying the server, a trust indicator indicating that the digital signature of the signed file has been verified and trusting the signed file on the device, based on the trust indicator indicating that the digital signature of the signed file has been verified. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure provides for performing virus scans at a storage device that stores one or more virtual machine disk image files (VMDK files). A secure AV module can coordinate communication between a file system on the storage device, a file system (FS) decoder, and an anti-virus engine to perform a virus scan of files contained within a VMDK file. A secure AV module can determine a subset of files that include changed data, where the subset of files is stored in a file system volume within a VMDK file. The secure AV module can use an FS decoder to translate file addresses relative to the file system volume into file addresses relative to the network storage file system. A secure AV module can provide the network storage file system addresses of the subset of files to the anti-virus engine, which can perform a virus scan on the files.

Abstract: A system and method for replaying writes in a replication log is provided. The replay of writes in the replication log can begin at some point after detecting an imminent overflow condition is detected. One method involves detecting the imminent overflow condition, performing a first synchronization for regions of the first volume based upon information in a first subset of the replication log, processing information in a second subset of the replication log while the first synchronization is ongoing, and performing a second synchronization for regions of the first volume based upon information in the second subset of the replication log, subsequent to the first synchronization and subsequent to processing the information in the second subset of the replication log.

Abstract: A mobile device identifies a secure document that contains one or more context rules that correspond to the secure document. The mobile device determines whether a user is authorized to access the secure document based on the one or more context rules. The mobile device identifies an original document format for the secure document if the user is authorized to access the secure document and identifies an authorized application installed on the mobile device for accessing the secure document using the original document format. The authorized application corresponds to the original document format of the secure document. The mobile device sends the secure document to the authorized application.

Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detect malware at the client. The security module computes a hygiene score based on detected malware and provides it to the reputation server. The security module monitors client encounters with entities such as files, programs, and websites. When a client encounters an entity, the security module obtains a reputation score for the entity from the reputation server. The security module evaluates the reputation score and optionally cancels an activity involving the entity. The reputation server computes reputation scores for the entities based on the clients' hygiene scores and operations performed in response to the evaluations. The reputation server prioritizes malware submissions from the client security modules based on the reputation scores.

Abstract: Various embodiments of a system and method for providing input/output virtualization for a file are disclosed. The system may include a filter program that intercepts a write request for a particular file and stores change information specifying the data and the write location indicated by the write request. However, the file itself is not modified. The filter program may also intercept a read request referencing the file and determine whether change information representing a write request to write data at the location specified by the read request has been previously stored. If so then the data specified by the change information is returned in response to the read request.

Abstract: A computer-implemented method for managing web browser histories may include (1) identifying a website visited via a web browser, (2) selecting one or more website categories for which websites are not to be referenced in the web browser history, (3) querying a website categorization database to verify whether the visited website belongs to a selected website category, (4) receiving, in response to querying the website categorization database, an indication that the website belongs to a selected website category, and (5) blocking, based on the website belonging to a selected category, the website from being referenced in the web browser history. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for managing references in deduplicating data systems may include (1) identifying a first instance of a data segment stored within a deduplicating data system that reduces redundant data storage by storing at least two data objects such that each of the two data objects references the first instance of the data segment, (2) identifying an additional data object to be stored by the deduplicating data system that includes the data segment, (3) determining whether a reference limit associated with the first instance of the data segment has been reached, and (4) storing, based at least in part on determining that the reference limit associated with the first instance of the data segment has been reached, a second instance of the data segment within the deduplicating data system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting data leaks may include (1) monitoring at least one data-distribution channel utilized by an entity, (2) detecting a plurality of full DLP policy violations and/or partial DLP policy violations committed by the entity by analyzing data distributed by the entity via the data-distribution channel, (3) determining that the entity's DLP policy violations cumulatively exceed a predetermined threshold, and (4) performing a security action in response to determining that the entity's DLP policy violations cumulatively exceed the predetermined threshold. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for collecting thief-identifying information on stolen computing devices may include (1) receiving an indication that a computing device has been stolen, (2) detecting an attempt by a thief of the stolen computing device to access a user account of the thief via the stolen computing device, (3) collecting, based at least in part on detecting the attempt by the thief of the stolen computing device to access the user account of the thief via the stolen computing device, information capable of identifying the thief, and (4) reporting, to a remote computing device, the information capable of identifying the thief. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for using event-correlation graphs to generate remediation procedures may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing, in response to detecting the suspicious event involving the first actor, an event-correlation graph that includes (i) a first node that represents the first actor, (ii) a second node that represents a second actor, and (iii) an edge that interconnects the first node and the second node and represents an additional suspicious event involving the first actor and the second actor, and (3) using the event-correlation graph to generate a procedure for remediating an effect of an attack on the computing system that is reflected in the event-correlation graph. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for informing users about applications available for download may include (1) identifying, through sharing functionality provided by an operating system, shared content that identifies an application hosted by an application distribution platform, (2) in response to identifying the shared content, obtaining security information about the identified by the shared content, and (3) informing, prior to a user downloading the application, the user of the obtained security information about the application to enable the user to make an informed decision about whether to download the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for pre-installation detection of malware on mobile devices may include intercepting one or more communications of an application installation agent that installs applications on a mobile computing device. The method may further include identifying, based on the one or more intercepted communications, an application that has been at least partially downloaded by the application installation agent. The method may also include, in response to identifying the application, and before the application is installed on the mobile computing device, scanning the application for malware. The method may additionally include determining, based on the scan, that the application contains malware. The method may finally include performing a security action in response to determining that the application contains malware. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An exemplary computer-implemented method for generating reputation ratings for URLs may include (1) identifying a URL that identifies the location of at least one web resource, (2) identifying the computing health of at least one member of a computing community that has accessed the URL, (3) generating, based at least in part on the computing health of the member(s) that accessed the URL, a reputation rating for the URL that indicates whether the URL represents a potential security risk, and then (4) providing the reputation rating for the URL to at least one additional computing device to enable the additional computing device to evaluate whether the URL represents a potential security risk. In addition, a client-side, computer-implemented method for determining whether a URL represents a potential security risk may be based at least in part on such a reputation rating. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for generating a One Time Password (OTP) based upon a value TEC that can change based both upon the occurrence of an event and the passage of time. The OTP can be computed at a token and sent to a verifier. The verifier stores exact or estimated parameters necessary to compute one or more expected OTPs from the token, including TEC. The value TEC can be synchronized between the token and the verifier.

Abstract: A method and apparatus for safe and secure access to dynamic domain name systems. In one embodiment a method comprises transmitting a DNS query to a dynamic DNS server. The DNS query comprises a domain name. A DNS answer is received from the dynamic DNS server in response to transmitting the DNS query. The DNS answer comprises an IP address. A request is transmitted to a host at the IP address in response to receiving the DNS answer. A digital certificate is received in response to transmitting the request. The received digital certificate is then compared with each of a plurality of digital certificates stored in memory. The IP address is transmitted to a client computer system if the received digital certificate compares equally with one of the plurality of digital certificates.

Abstract: A computer-implemented method for managing delivery of email to local recipients. The computer-implemented method may include establishing a local reputation for an email sender address. The method may include storing a domain-name-system record associated with the local reputation on a domain-name system. The domain-name system may be mail-transfer agent agnostic. The method may also include identifying one or more emails sent from the email sender address to one or more local recipients. The method may include forming a spam verdict for each of the one or more emails by analyzing contents of each of the one or more emails. The method may additionally include updating the local reputation for the email sender address based on the one or more spam verdicts.

Abstract: A method for creating customer-specific tools for generating certificate signing requests may include (1) identifying a request from a customer for a tool for generating a certificate signing request for a digital certificate, (2) creating, in response to the request, a customer-specific version of the tool that is unique to the customer by injecting information into the customer-specific version of the tool that (a) uniquely identifies the customer and (b) identifies a desired encryption algorithm for the digital certificate and/or a desired certificate authority for the digital certificate, (3) configuring the customer-specific version of the tool to generate the certificate signing request using the injected information, and (4) providing the customer-specific version of the tool to the customer to enable the customer to generate, using the customer-specific version of the tool, the certificate signing request without having to manually provide the injected information.

Abstract: A system and method for restoring a database are described. The method may comprise requesting to begin receiving notifications of transactions that occur in the database. In response to the request, notifications of a plurality of transactions that occur in the database may be received, and information specifying the plurality of transactions may be stored. The method may further comprise receiving user input requesting to restore the database to a previous state. In response, the stored information may be retrieved, and a graphical user interface indicating the plurality of transactions specified by the stored information may be displayed. The method may further comprise receiving user input to the graphical user interface selecting a particular transaction of the plurality of transactions. In response, the database may be restored to a particular point in time relative to a time at which the particular transaction occurred.