Abstract: A method, and associated system and computer program product, of validating site data. The method includes the steps of, in a processing system 200, receiving 100 an indication of site data, performing a comparison 110 of the indication to site data criteria, and validating or invalidating 120 the indication based on a result of the comparison. The indication of site data could be at least part of a webpage, a link to a webpage, a Uniform Resource Locator, an IP address, at least part of an AJAX page, and/or at least part of a document.

Abstract: When a program is loaded for execution, all code pages of the program except the one containing the entry point are set to be non-executable. When the executing program attempts to jump between code pages, an exception is thrown. Responsive to such an exception, a control flow graph of the program is examined, to determine if the attempted jump between code pages is expected. If the attempted jump is not expected, it is determined that the program is attempting a malicious activity. If the attempted jump is expected, the code page to which the program is attempting to jump is set to be executable, and control is returned to the program such that the jump executes.

Abstract: Various systems and methods generate access control policies. For example, one method can receive attribute information regarding a computer user. The method can compare the attribute information with access control information and select a value of an access restriction based on a result of the comparing. The access restriction indicates whether a computer resource can be accessed or not. The method then generates an access control policy that includes the value of the access restriction.

Abstract: A method and apparatus for creating a database replica comprising receiving database information from a source server to create a database replica on a target server. The target server subsequently receives at least one set of update data (e.g., a transaction log) from the source server. Lastly, the target server modifies the database replica in accordance to changes detailed in the at least one set of said update data.

Abstract: A method for calculating a One Time Password. A secret is concatenated with a count, where the secret is uniquely assigned to a token. The secret can be a private key or a shared secret symmetric key. The count is a number that increases monotonically at the token with the number of one-time Passwords generated at the token. The count is also tracked at an authentication server, where it increases monotonically with each calculation of a one-time Password at the authentication server. An OTP can be calculated by hashing a concatenated secret and count. The result can be truncated.

Abstract: A method/system of determining if one or more entities in a data storage medium of a processing system are malicious, wherein the method comprises recording entity properties of the one or more entities when at least part of the processing system is in a range of operating usage; and determining, using the entity properties, if the one or more entities are malicious.

Abstract: An apparatus or method in which information external to a file is used to select a directory within a file system where the file is to be stored. In one embodiment of the method a first request is received to create a first file in a file system, wherein the first request comprises a first file system path. First information is also received that describes data contained in a first data object. A first redirect file system path component is selected from a plurality of redirect file system path components in response to receiving the first information. The first file system path is then modified by adding the first redirect file system path component to the first file system path.

Abstract: The present invention relates to an accelerated process and corresponding computer program for Transmission Control Protocol (TCP) communications with multiple remote computers that results in much greater speed and economy of computer resources. The process decouples the previously connection-oriented nature of TCP and allows it to be used in a much more efficient connection-less manner by combining a process of sending TCP packets out in a connection-less manner and receiving communications by listening on a network interface. The state of communications is tracked by a state table that is updated as the communication process proceeds with TCP communication information and application layer information encapsulated within the TCP communication.

Abstract: A system and method for automatic authentication includes automatically calculating a security code on a computer running a security program. The security program resides on the same computer as a web browser. In response to a user signing into a web based account on a web site accessed by the web browser, automatically verifying that the security program is registered with the web based account. In response to a second factor security code entry request on the web based account, automatically entering the security code into the web based account. The security code is transmitted to the web site transparently to the user for login.

Abstract: A method, computer readable medium, and apparatus for creating and using backups which allow restoration of applications and/or specific content using volume image backup files. A directory of applications and application specific content is created which, along with metadata associated therewith, allows selection and restoration of such content using data stored in a volume image backup file, thereby reducing the time needed to create backups which are restorable at the application level.

Abstract: A method and apparatus for monitoring storage unit ownership to continuously balance input/output loads across storage processors is provided. In one embodiment, a method for rebalancing loads across a plurality of storage processors using storage unit ownership information includes accessing ownership information between a plurality of storage units and a plurality of storage processors within a storage subsystem and in response to a load imbalance across the plurality of storage processors, modifying storage unit ownership of at least one storage unit of the plurality of storage units from a storage processor of the plurality of storage processors to another storage processor of the plurality of storage processors based on the ownership information.

Abstract: Techniques relating to data deduplication at the file system level are disclosed. A system may include a block cache configured to store data blocks indicated as being shared by multiple files. The system may be coupled to a storage configured to permanently store data for the multiple files. The computer system may receive a file request, and, upon determining that the file request includes shared data, the computer system may service the request wholly or in part using the block cache. When multiple requests including multiple file identifiers (but referring to the same underlying shared data) are received, a shared (common) file identifier may be used in looking up data for the multiple requests, reducing block cache storage, and improving block cache performance and overall system operation.

Abstract: A method may include receiving a request to install a second version of a software product over a first version of the software product, installing the second version of the software product in a dormant state while the first version of the software product is running, and swapping the first and second versions of the software product by activating the second version of the software product and deactivating the first version of the software product. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: To prevent gaming of a reputation system, a security token is generated for a security module using metadata about the client observed during the registration of the security module. The registration server selects metadata for use in generating the security token. The generated security token is provided to identify the client in later transactions. A security server may conduct a transaction with the client and observe metadata about the client during the transaction. The security server also extracts metadata from the security token. The security server correlates the observed metadata during the transaction with the extracted metadata from the security token. Based on the result of the correlation, a security policy is applied. As a result, the metadata in the security token enables stateless verification of the client.

Abstract: A computer-implemented method for reclaiming storage space from deleted volumes on thin-provisioned disks may include: 1) identifying a deleted volume, 2) identifying storage space on a thin-provisioned disk that was allocated to the deleted volume, 3) saving information that identifies the storage space, 4) identifying a policy that specifies reclaiming the storage space asynchronously with respect to the deleted volume, and then 5) reclaiming the storage space asynchronously with respect to deletion of the volume in accordance with the policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for mapping virtual drives is described. In one embodiment, the method for mapping virtual drives comprises processing first locations of a plurality of file system objects within a virtual volume and converting the first locations of the plurality of file system objects within the virtual volume into second locations of the plurality of file system objects relative to a virtual drive of at least one virtual drive, wherein the at least one virtual drive form a portion of the virtual volume.

Abstract: An exemplary method for reducing false positives produced by heuristics may include: 1) training a heuristic using a set of training data, 2) deploying the heuristic, 3) identifying false positives produced by the heuristic during deployment, and then 4) tuning the heuristic by: a) duplicating at least a portion of the false positives, b) modifying the training data to include the duplicate false positives, and c) re-training the heuristic using the modified training data. Corresponding systems and computer-readable media are also disclosed.

Abstract: A collection of stored data concerning digital content on read-only optical media is maintained. The data collection comprises signatures identifying specific releases of digital content stored on optical media, and results of scanning the specific releases for malware. The coupling of optical media to a computing device is detected. In response, an identifying signature of the digital content on the optical medium is created, and the data collection is searched for the signature. Where the signature is found in the data collection, the stored scanning result for the corresponding digital content is retrieved. Instead of scanning the coupled optical medium, the retrieved scanning result is used to determine its malware infection status. Where the signature is not found in the data collection, the optical medium is scanned for malware.

Abstract: A cluster of virtual servers includes a plurality of physical nodes, where each physical node executes virtualization software which implements a virtualization environment in which one or more virtual server machines execute. The virtualization software executed by each physical node may enable the virtualization environment implemented by the physical node to be dynamically changed. Some types of configuration changes to the virtualization environment may take a significant amount of time to perform, e.g., several seconds or longer. While the configuration change is taking place, the physical node may be unable to respond to messages sent by other physical nodes in the cluster of virtual servers. The nodes may execute message broadcast software which implements a message broadcast protocol which takes into account the dynamic configuration changes to the virtualization environments of the nodes in the cluster of virtual servers so that these periods of unresponsiveness can be handled gracefully.

Abstract: A system, method, and medium for performing incremental backups of a Microsoft SQL server database. A snapshot of the database is created, and then a map identifying the changed extents is retrieved from the snapshot. The changed extents are then retrieved from the snapshot and stored in a backup storage device. For a restore operation, a full database backup file is written to a storage device and then the changed extents from a stored incremental backup file may be merged with the full backup file. Next, the database server is notified of the reconstructed file and then the reconstructed file is mounted by the database server as a live instance of the database.