Abstract: A client computing device has a storage device storing a plurality of files and a system agent. The system agent applies a hash function to binary data read from the plurality of files to generate a set of data signatures. A server computing device has a database interface to access a database representing a state of the network and storage for a set of exemplar data signatures resulting from a scan of one or more exemplar computing devices, each data signature generated by applying a hash function to binary data representing a file. The client computing device is configured to receive and compare the set of exemplar data signatures with the generated set of data signatures, and to transmit data to the server computing device based on the comparison. The server computing device is configured to obtain data received from the client computing device and update records in the database.

Abstract: A method of monitoring an operating state of a computing device includes running a system agent on the computing device. An introduced process is executed on the computing device, and a captured parameter relating to at least one of the system agent and the introduced process is captured. The captured parameter is compared to at least one pre-determined parameter. Where the captured parameter differs from the pre-determined parameter by more than a pre-determined threshold, a signal indicative of a change in operating state of the computing device is output.

Abstract: A method of comparing a candidate file with an exemplar file, includes: receiving a candidate file comprising candidate file data; processing the candidate file data to generate a candidate file fingerprint representing the candidate file, the candidate file fingerprint comprising a plurality of fingerprint strings each representing a portion of the candidate file data; and comparing the candidate file fingerprint with an exemplar file fingerprint representing the exemplar file, the exemplar file comprising exemplar file data and the exemplar file fingerprint comprising a plurality of fingerprint strings each representing a portion of the exemplar file data. A candidate file fingerprint is generated by applying a rolling hash function to the candidate file data to generate a sequence of strings, and adding to the candidate file fingerprint a fingerprint string comprising a substring from the sequence of strings when a predetermined string pattern appears in the sequence of strings.

Abstract: A method of monitoring an operating state of a computing device includes running a system agent on the computing device. An introduced process is executed on the computing device, and a captured parameter relating to at least one of the system agent and the introduced process is captured. The captured parameter is compared to at least one pre-determined parameter. Where the captured parameter differs from the pre-determined parameter by more than a pre-determined threshold, a signal indicative of a change in operating state of the computing device is output.

Abstract: Certain examples described herein relate to components of a network computer system. These components may be one or more of a client computing device and a server computing device communicatively coupled to each other over a network. An example client computing device has a data storage device storing a plurality of files and a system agent. The system agent operates to apply a hash function to binary data read from the plurality of files to generate a set of data signatures. An example server computing device has a database interface to access a database representing a state of the network and data storage to store a set of exemplar data signatures resulting from a scan of one or more exemplar computing devices, each data signature being generated by applying a hash function to binary data representing a file. The client computing device is configured to receive the set of exemplar data signatures and compare these with the generated set of data signatures.

Abstract: Methods and systems are described herein to restrict execution of files stored on a computing device. In an example a request to execute a file is intercepted by a security agent on the computing device. The security agent is arranged to determine if metadata stored with the with the file comprises a cryptographic code comprising a function of at least a private key of a security server in communication with the computing device and a first hash value the first hash value being an output of a hash function applied to data associated with the file at a first time. If the security agent determines that the metadata comprises the cryptographic code, it verifies the code with a public key of the security server, obtains a second hash value of the file at a second time and executes the file if the first hash value matches the second hash value.

Abstract: A device suppresses flicker and improves compatibility of a lamp including at least one solid state light source, the lamp being operably connected to a control circuit, such as a dimmer circuit. The device includes a connector enabling connection of the solid state light source to a lamp socket configured to receive an incandescent light source, and an adapter circuit connected in parallel with the at least one solid state light source when the solid state light source is connected to the socket via the connector. The adapter circuit provides a resistive path for current to pass through the lamp, during all or part of the AC mains cycle.

Abstract: Certain examples described herein relate to security profiling files on a computer system, including determining a similarity between two executable program files. Byte samples are obtained from each executable program file, respective distributions of byte values are determined, and a difference metric between said distributions is determined, for example by a byte sampler. Responsive to the difference metric indicating a similarity, file import sections of the executable program files are processed to determine a set of application programming interface references for each executable program file. A similarity metric is determined as a function of a number of matching entries in the sets of application programming interface references, and responsive to the similarity metric indicating a similarity between the application programming interface references, an indication is made to a computer security utility that the executable program files are similar.

Abstract: Methods and systems are described herein to restrict execution of files stored on a computing device. In an example a request to execute a file is intercepted by a security agent on the computing device. The security agent is arranged to determine if metadata stored with the with the file comprises a cryptographic code comprising a function of at least a private key of a security server in communication with the computing device and a first hash value the first hash value being an output of a hash function applied to data associated with the file at a first time. If the security agent determines that the metadata comprises the cryptographic code, it verifies the code with a public key of the security server, obtains a second hash value of the file at a second time and executes the file if the first hash value matches the second hash value.

Abstract: A device suppresses flicker and improves compatibility of a lamp including at least one solid state light source, the lamp being operably connected to a control circuit, such as a dimmer circuit. The device includes a connector enabling connection of the solid state light source to a lamp socket configured to receive an incandescent light source, and an adapter circuit connected in parallel with the at least one solid state light source when the solid state light source is connected to the socket via the connector. The adapter circuit provides a resistive path for current to pass through the lamp, during all or part of the AC mains cycle.

Abstract: Software installed on a computer network is often inconsistently, or even incorrectly, identified. The same software may be identified in different ways. A catalogue of standardized identifiers is provided. The actual identifiers of software installed on the network are accessed and mapped to the standardized identifiers of the catalogue. The standardized identifiers are used to manage the installed software, monitor license compliance and/or, monitor maintenance agreements amongst other uses. Data relating to the use of the software is also be obtained and associated with the identification data. Identified software is uninstalled if it complies with a preset criterion. The usage data together with the standardized identifiers may be used to un-install un-used or under used software and licenses cancelled or reallocated. The standardized identifiers may be used to identify if forbidden software is being used and if so to compulsorily un-install the software.

Abstract: Software installed on a computer network is often inconsistently, or even incorrectly, identified. The same software may be identified in different ways. A catalogue of standardized identifiers is provided. The actual identifiers of software installed on the network are accessed and they are mapped to the standardized identifiers of the catalogue. The standardized identifiers are used to manage the installed software, monitor license compliance and/or, monitor maintenance agreements amongst other uses. Data relating to the use of the software may also be obtained and associated with the identification data. The usage data together with the standardized identifiers allows managers to more reliably manage software on the network. For example un-used software may be un-installed and licenses cancelled or reallocated.

Abstract: Software installed on a computer network is often inconsistently, or even incorrectly, identified. The same software may be identified in different ways. A catalogue of standardised identifiers is provided. The actual identifiers of software installed on the network are accessed and mapped to the standardised identifiers of the catalogue. The standardised identifiers are used to manage the installed software, monitor license compliance and/or, monitor maintenance agreements amongst other uses. Data relating to the use of the software is also be obtained and associated with the identification data. Identified software is uninstalled if it complies with a preset criterion. The usage data together with the standardised identifiers may be used to un-install un-used or under used software and licenses cancelled or reallocated. The standardised identifiers may be used to identify if forbidden software is being used and if so to compulsorily un-install the software.

Abstract: Software installed on a computer network is often inconsistently, or even incorrectly, identified. The same software may be identified in different ways. A catalogue of standardised identifiers is provided. The actual identifiers of software installed on the network are accessed and they are mapped to the standardised identifiers of the catalogue. The standardised identifiers are used to manage the installed software, monitor license compliance and/or, monitor maintenance agreements amongst other uses. Data relating to the use of the software may also be obtained and associated with the identification data. The usage data together with the standardised identifiers allows managers to more reliably manage software on the network. For example un-used software may be un-installed and licenses cancelled or reallocated.