Abstract: A method and apparatus for using a remote delegate is described. In one embodiment, the method comprising evaluating information that identifies at least one of software packages resident in a client computer or licenses associated with the software packages using a remote delegate and enabling use of a resource at the client computer based on the information through use of the remote delegate.

Abstract: A method, apparatus and computer-readable medium for extending the functionality of an operating system is described. The method comprises installing an installable file system as a root file system of the operating system, mounting a default file system of the operating system as a folder accessible by the installable file system and using the installable file system to process data between the operating system and the default file system. The apparatus is a system for extending the functionality of an operating system comprising a computing device comprising a processor and a memory for executing the operating system, wherein the operating system mounts an installable file system other than a default file system of the operating system as a root file system and the installable file system mounts the default file system of the operating system as a folder.

Abstract: A method, apparatus and system for using login information includes an account where login information is used to access the account, a login information usage data for storing the login information used on the account and a manager application coupled to the accounts through a network. The manager application is configured to access the login information and determine at least one potentially or actually compromised account, determine login information related to the at least one potentially or actually compromised account, determine at least one other account having similar login information and notify a user regarding a potential threat to the at least one other account.

Abstract: Knowledge of a module's behavior when the module's reputation is formed is obtained. If the module's behavior changes, this change is detected. In one embodiment, upon a determination that the module's behavior has changed, the module's original reputation is lost. In this manner, malicious trusted modules are detected and defeated.

Abstract: Applications on a mobile device are sampled for detecting applications causing performance problems on the device. The method includes periodically logging performance information for a mobile device suspected to be having performance problems. The method further includes periodically logging identifying information about multiple applications on the mobile device. The method also includes periodically providing to a security server the logged performance information for the mobile device and the logged identifying information about the applications. In addition, the method includes, in response to a request from the security server for more information about one of the applications, providing a copy of the application to the security server for analysis of the impact by the application on performance of the mobile device. The method can further include receiving from the security server an indication that the application for which the copy was provided is causing a performance problem on the mobile device.

Abstract: A system and a method are disclosed for authenticating a user of a mobile computing device. Information is received describing the location of the mobile computing device. The information can include the current location of the device or a current type of user activity associated with a location. A current timeout length is determined based on this information. If the mobile computing device has remained idle for a time period equal to the current timeout length, the user of the mobile computing device is authenticated.

Abstract: Method and apparatus for securing confidential data related to a user in a computer is described. In one example, rules are obtained that provide a representation of the confidential data. A storage system in the computer is searched using the rules to detect a file having at least a portion of the confidential data. The file is encrypted the in-place within the storage system using symmetric encryption based on a secret associated with the user.

Abstract: The popularity of various application features is tracked, and applications are compiled or otherwise configured for optimization based on the use of the more popular features. More specifically, application features are mapped to corresponding sections of underlying code, and compiler directives are generated to direct a compiler to optimize the application for the performance of specific, application features, based on their popularity. This way, the application is compiled for use at an application feature level, rather than for size or speed generally. In another embodiment, the optimization is performed after compile time, by rearranging object code pages of an executable image, based on corresponding application feature popularity.

Abstract: A possibly pre-infected system is inspected for the existence of tracked application-specific accounts. In a tracked application-specific account is found, the system is further audited to verify that only authorized processes are using the account and that the authorized account creation application is installed on the host computer system.

Abstract: A computer-implemented method for providing application manifest information may include analyzing source code of a software application. The method may also include detecting that the source code is programmed to access a computer resource and determining a security implication of the source code being programmed to access the computer resource. Determining the security implication may include providing a notification of the security implication of the source code to a developer of the source code. Determining the security implication may also include providing information about the security implication in an application manifest. Systems and computer-readable-media for creating and editing application manifests are also disclosed.

Abstract: A document handling device receives a request to perform a task on document data, the document data comprising at least one of an electronic document to be converted by the document handling device into a non-digital form or a physical document received by the document handling device in the non-digital form. Responsive to receiving the request, the document handling device makes a determination as to whether the requested task violates a data loss prevention policy, and performs an action based on the determination.

Abstract: A computer-implemented method for securely managing multimedia data captured by a mobile computing device is disclosed. The method may include (1) identifying a mobile computing device, (2) receiving multimedia data captured by the mobile computing device that has been encrypted using an asymmetric public key, (3) decrypting the multimedia data captured by the mobile computing device using an asymmetric private key, and (4) auditing the multimedia data captured by the mobile computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Reputations of domain registrars are calculated based on the hosting of risky domains. The more undesirable domains a registrar hosts, the lower is its reputation. The risk level of the hosted domains is also a factor in determining the reputation. When a user attempts to access a hosted domain, the calculated reputation of the hosting domain registrar is used in determining what security steps to apply to the access attempt. The worse the reputation of the hosting registrar, the more security is applied, all else being equal.

Abstract: Making a trust decision is disclosed. One or more members of a social trust network are polled for information associated with a trust decision about a computing environment. The information includes information collected automatically with respect to activities of one or more of the one or more members of the social trust network. At least one action is taken based at least in part on the information.

Abstract: Unauthorized uses of embedded objects in websites are detected, in order to protect users from phishing sites using cloned copies of such objects. Authorized parties register objects for use at legitimate locations (e.g., specific IP address ranges or domains). When a client computing device accesses a website, the objects in the website are checked against the registered objects, to determine whether the objects are registered for use by the site being accessed. Depending upon trust status information concerning the objects, the access of the website can be permitted or blocked, or the user can be warned about questionable or un-trusted embedded objects. Additionally, the party that registered an object can be notified, in the case of an indication of unauthorized use of the object by a website.

Abstract: A security module determines categories of files normally accessed by a software application. The security module monitors file accesses of the application to determine whether the application accesses files belonging to different categories than it normally accesses. If the categories of the files accessed are the same, then the file accesses are allowed to proceed. If the categories of the files accessed are different, then the security module takes a security action.

Abstract: Application usage is profiled based on application streaming. Code pages of multiple applications are streamed from a server to multiple client computers (endpoints) for execution. The streaming of the code pages is monitored, and usage data is collected such as which pages are streamed to which endpoints, under what circumstances and when. By referencing the streamed code pages and the underlying source code, the code pages are mapped (at least approximately) to corresponding application features. The collected usage data usage and the relevant mapping are analyzed, to create application usage profile data for streamed applications. The application usage profile data can include such information as how often, when, where and by whom application components are being executed, as well as which components cause errors, are most popular, confuse users, etc.

Abstract: A computer-implemented method for managing email configuration may include receiving a first email message from a first device, identifying device-type information in the first email message, identifying a second email message addressed to the first email address, and using the device-type information to select email-configuration information for the second email. The method may further include reformatting a body of the second email based on the email-configuration information, removing an attachment to the second email in response to the email-configuration information, providing a user with the email-configuration information for the second email message, and associating the device-type information with the first email address. A computer-implemented method for including email-configuration information in an email may involve identifying a first email message from a first user, including email-configuration information in the first email message, and sending the first email message to a first recipient.

Abstract: A method and apparatus for controlling connectivity within a wireless network. In one embodiment, connectivity control device is provided within the wireless network to disrupt the communications with neighboring nodes of any computer within a protected network. In one embodiment of the invention, all of the wireless computers within a network are logged within the connectivity control device e.g., the wireless interface card identification number is logged. When a computer within the protected network attempts to connect to a neighboring wireless node, the connectivity control device transmits a signal that disrupts the communication with a neighboring wireless node. This disruption may occur by sending a disjoin frame or signal, or other form of communication, to disconnect the unauthorized access.

Abstract: A digital identity device automatically discovers a current environmental context in order to dynamically generate a digital persona that is appropriate and specific to that context. The digital identity device can also output physical tokens that are appropriate or specific to the identity context.