Abstract: It has been discovered that identifying files introduced into a system, particularly those originating from external sources, as being subject to security evaluation and deferring the security evaluation until access or attempted access of the file reduces security vulnerabilities of a system. A file introduced into a processing system is tagged with a security tag if the file is introduced via a supervised introduction point and/or introduced by a supervised program. Upon access or attempted access of the tagged file, security evaluation is initiated on the file.

Abstract: It has been discovered that identifying files introduced into a system, particularly those originating from external sources, as being subject to security evaluation and deferring the security evaluation until access or attempted access of the file reduces security vulnerabilities of a system. A file introduced into a processing system is tagged with a security tag if the file is introduced via a supervised introduction point and/or introduced by a supervised program. Upon access or attempted access of the tagged file, security evaluation is initiated on the file.

Abstract: A cryptographic hash of content (e.g., applications, documents, widgets, software, music, videos, etc.) is created and made available for distribution over a network (or by other means) as part of a ticket file. The ticket file can be cryptographically signed to ensure its authenticity. The ticket file and content can be downloaded separately (e.g., from different websites) to a user system (e.g., a computer, mobile phone, media player/recorder, personal digital assistant (PDA), etc.). The user system verifies the signature of the ticket file and the content hash to ensure that the content has not been compromised. The ticket file can include information relating to downloading the content (e.g., a Uniform Resource Identifier (URI)) and other meta-data (e.g., hash type, content information, public key, size, version, etc.).