Abstract: Descriptions of files detected at endpoints are submitted to a security server. The descriptions describe the names of the files and unique identifiers of the files. The security server uses the unique identifiers to identify files having different names at different endpoints. For a given file having multiple names, the names are processed to account for name differences unlikely to have been caused by malware. The processed names for the file are analyzed to determine the amount of dissimilarity among the names. This analysis is used to generate a score indicating a confidence that the computer file contains malicious software, where a greater amount of dissimilarity among the names generally indicates a greater confidence that the computer file contains malicious software. The score is weighted based on file name frequency, the age of the file, and the prevalence of the file. The weighted score is used to determine whether the computer file contains malicious software.

Abstract: A method and apparatus for providing a volume image backup of selected objects is provided. In one embodiment, a method for creating volume image backups using selected objects of a source volume, comprises processing metadata and mapping information regarding at least one object of a source volume, wherein the mapping information is used to identify at least one data block within the source volume for the at least one object, wherein the at least one object is selected from a plurality of objects configuring a file system hierarchy of at least one image file using the metadata and storing the at least one data block in the at least one image file using the mapping information.

Abstract: Data uploaded from a mobile unit to a remote site can be buffered at an intermediate wireless base station, allowing an initial wireless link to be rapidly terminated and freed for other uses. In one implementation, a method includes forming a wireless link between a device and a first wireless receiver site, receiving a portion of a data set from the device, relinquishing the wireless link, and then transmitting the portion of the data set from the first wireless receiver site to a service provider. In another implementation, a method includes receiving, via an intermediate wireless base station, a backup request and a portion of data to be backed up from a device. The portion of the data to be backed up is received after a wireless link between the device and the wireless base station has been terminated.

Abstract: A request from a software developer is received to digitally sign software included in the request. A security policy associated with the software developer is accessed where the security policy describes criteria for valid request by the software developer. A determination is made whether the request is valid based at least in part on the security policy. The software is digitally signed responsive to the determination indicating that the request is valid. The digitally signed software is provided to the software developer.

Abstract: A computer-implemented method for detecting infected files may include identifying a set of known-clean files. The method may also include identifying a set of characteristics of an unchecked file. The method may further include determine that the unchecked file is related to a clean file in the set of known-clean files. The determination may be based on the set of characteristics of the unchecked file. The method may additionally include determining whether the unchecked file is functionally equivalent to the clean file. This determination may be based on the set of characteristics of the unchecked file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: To prevent gaming of a reputation system, a security token is generated for a security module using metadata about the client observed during the registration of the security module. The registration server selects metadata for use in generating the security token. The generated security token is provided to identify the client in later transactions. A security server may conduct a transaction with the client and observe metadata about the client during the transaction. The security server also extracts metadata from the security token. The security server correlates the observed metadata during the transaction with the extracted metadata from the security token. Based on the result of the correlation, a security policy is applied. As a result, the metadata in the security token enables stateless verification of the client.

Abstract: A region of memory is logically divided into a number of segments, each of which is logically divided into a number of blocks. Blocks are allocated sequentially. A head pointer and a tail pointer demarcate the section of allocated blocks. As allocated blocks are added, the tail pointer is moved so that it remains at the end of the section of allocated blocks. If the tail pointer is within a threshold distance of the head pointer, then the head pointer is moved from its current position to a new position, and the allocated blocks between the current and new positions are freed (deallocated and/or erased). Thus, writes to the memory can be performed sequentially, and blocks can be freed in advance of when they are actually needed.

Abstract: A method for classifying a process that modifies a registry attribute is described. At least one attribute associated with a registry is monitored. A determination is made that the at least one attribute has been modified. The process that modified the at least one attribute is identified. One or more characteristics of the identified process is evaluated. The identified process is classified based on the evaluation of the one or more characteristics of the identified process.

Abstract: A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user's browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer.

Abstract: A method and apparatus for creating and using a snapshot in data backup and/or other data services. The method creates snapshot(s) of volume(s) using a select set of Snapshot Providers, transports the snapshots to a server for processing and processes the snapshots. Processing may include creating a backup, data mining the snapshot, and the like.

Abstract: Techniques for providing a differential backup from a storage image are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for providing a differential backup from a storage image comprising identifying one or more dirty blocks in a storage image, creating a differential backup data structure, and transmitting the one or more dirty blocks to a data management process utilizing the differential backup data structure to provide a differential backup.

Abstract: Techniques for providing multiplexed data for backup are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for providing multiplexed data for backup comprising determining one or more criteria for a set of data to be backed up by a backup device, wherein the one or more criteria are based at least in part on reducing encryption overhead for the set of data. The method further includes identifying one or more sets of data to form a multiplexed backup based upon the one or more sets of data meeting the one or more criteria, and transmitting the one or more identified sets of data to the backup device for backup.

Abstract: A computer-implemented method for migrating an object from a deduplication store to an external domain in an external media is described. A deduplication store (dstore) deduplication map (dmap) is retrieved from a dstore for an object stored in the dstore. A determination is made as to whether an external dmap exists in the external domain for an object referenced in the dstore dmap. If the external dmap exists, a determination is made as to whether data referenced in the dstore dmap exist in the external dmap. If the referenced data do not exist, the referenced data is extracted from the dstore to the external domain. If the external dmap does not exist, the object and the associated dmap are extracted from the dstore to the external domain.

Abstract: Various embodiments of a system and method for restoring a file are described herein. A previous version of the file may be split into segments and backed up to a server computer system. In response to a subsequent request to restore the file to the previous version, the current segments of the file may be compared to the backup segments stored on the server computer system. The segments that have changed may be retrieved from the server computer system and used to restore the corresponding segments of the current version of the file to their previous states. Segments that have not changed do not need to be transferred across the network from the server computer system. In further embodiments, one or more of the segments that have changed may be obtained locally from other files, thus further reducing the amount of data transferred across the network.

Abstract: Techniques for reducing broadcast messages are disclosed. In one particular exemplary embodiment, the techniques may be realized as an apparatus for reducing broadcast messages. The apparatus may comprise a module to create a virtual group member list associated with at least one virtual group comprising at least members of a physical group. The apparatus may also comprise a module to send a broadcast message to members listed in the virtual group member list. The apparatus may further comprise a module to retain a responding member in the virtual group member list if a broadcast message is received from the responding member. The apparatus may still further comprise a module to remove a non-responding member from the virtual group member list if a broadcast message is not received from the non-responding member.

Abstract: Techniques for providing data in dynamic account and device management are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic account and device management. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a user device to be managed. The one or more processors may be configured to transmit a request for delegate authority to manage the user device. The one or more processors may be configured to receive delegate authority to manage the user device. The one or more processors may be configured to provide network access to the user device. The one or more processors may also be configured to manage the user device and monitor data communicated to and from the user device.

Abstract: A system, method, and medium for performing data duplication from a first storage device to a second storage device at a block level. A backup application processes metadata prior to replicating the data to determine the best method for performing the duplication operation. Several images may be selected for duplication, and instead of copying the images one at a time, the backup application copies data from the first storage device to the second storage device block-by-block. The catalog metadata may be updated so that the backup application may be made aware of the new copy of data. The replicated data may be accessed for future restore operations such that individual files may be retrieved from the replicated data by the backup application.

Abstract: Embodiments of the present invention comprise a method and apparatus for performing data backup from multiple nodes of a computer network. In one or more embodiments, the method of performing a data backup from multiple nodes of a computer network comprising generating a control message within a control node and, in response to the control message, enabling two or more nodes of the multiple nodes to access a tape drive concurrently.