Abstract: A computer-implemented method may include establishing, within a parental-control software system, an academic-performance policy that defines how academic performance of a student affects at least one parental-control setting enforced on a computing system accessible to the student. The computer-implemented method may also include receiving, via an electronic communication from a school of the student, grade information that indicates the student's academic performance. The computer-implemented method may further include applying the academic-performance policy by updating the parental-control setting commensurate with the student's academic performance. In addition, the computer-implemented method may include detecting an attempt by the student to access a resource of the computing system and applying the updated parental-control setting to control the student's access to the resource of the computing system.

Abstract: A method for detecting malware may include 1) receiving a request to determine whether a connection from a client device to a server is being blocked, 2) attempting to connect to the server from a kernel mode of the client device, 3) determining that the client device successfully connected to the server from the kernel mode, 4) attempting to connect to the server from a user mode of the client device, 5) determining that the client device did not successfully connect to the server from the user mode, 6) determining, based on the client device successfully connecting to the server from the kernel mode and failing to connect to the server from the user mode, that malware is blocking the connection from the client device to the server, and 7) in response to determining that the malware is blocking the connection, performing at least one security action.

Abstract: A computer-implemented method for using reputation data to detect packed malware may include: 1) identifying a file downloaded from a portal, 2) determining that the file has been packed, 3) obtaining community-based reputation data for the file, 4) determining, by analyzing the reputation data, that instances of the file have been encountered infrequently (or have never been encountered) within the community, and then 5) performing a security operation on the file (by, for example, quarantining or deleting the file).

Abstract: A user mode application component invokes the assistance of a kernel mode driver component to detect and/or remediate malicious code on a computer system. The user mode application may include code that detects, for example, spyware and computer viruses, from user mode and when appropriate takes protective action when malicious code is detected. In one aspect, when the user mode application is unable to perform a selected operation in attempting to detect and/or take protective action, the user mode application invokes a kernel mode driver for assistance. The kernel mode driver assists user mode application in detecting malicious code and/or taking protective action by enabling or otherwise performing a selected operation for the user mode application.

Abstract: Upon detection of a rootkit, a host computer system is rebooted. The boot process is interrupted. Access to a media, e.g., a volume or disk, containing the rootkit is gained and the media is directly accessed. The rootkit is disabled, e.g., renamed or deleted, and the host computer system is rebooted a second time. If the rootkit has not been previously removed, e.g., only renamed, the rootkit is removed, e.g., using a conventional antivirus application. Thus, upon detection of a rootkit, the rootkit is removed without a clean boot.

Abstract: A malicious driver replacement application is installed on a host computer system and registered as a boot execute application. On notification of a malicious driver detection, the malicious driver replacement application reboots the host computer system and locks the volume of a storage disk containing the malicious driver. The malicious driver is replaced directly on the storage disk with a dummy driver having innocuous code. The malicious driver replacement application reboots the host computer system, and on reboot of the host computer system, the dummy driver is loaded rather than the malicious driver thus preventing the malicious driver from interfering with the standard operating system routines and allowing the malicious driver to be remediated.