Abstract: Systems and methods for Internet access control are presented. A third-party application is hosted by a third-party server on the Internet. The third-party application has third-party data of a user. An Internet access control device detects an Internet access by the user to a target server on the Internet. The Internet access control device allows or blocks the Internet access depending on whether the Internet access is permitted or prohibited based on the third-party data.

Abstract: A multiclass classifier generates a probability vector for individual data units of an input data stream. The probability vector has prediction probability values for classes that the multiclass classifier has been trained to detect. A class with the highest prediction probability value among the classes in a probability vector is selected as the predicted class. A confidence score is calculated based on the prediction probability value of the class. Confidence scores of the class are accumulated within a sliding window. The class is declared to be the detected class of the input data stream when the accumulated value of the class meets an accumulator threshold. A security policy for an application program that is mapped to the class is enforced against the input data stream.

Abstract: In one embodiment, incremental backups containing information on modified addressable portions of a data storage device are evaluated for presence of malicious codes (“malwares”). Each modified addressable portion may be individually accessed and scanned for malicious codes. Each modified addressable portion may also be mapped to its associated file, allowing the associated file to be scanned for malicious codes. These allow an incremental backup to be evaluated even when it only contains portions, rather than the entirety, of several different files. A clean incremental backup may be selected for restoring the data storage device in the event of malicious code infection.

Abstract: In one embodiment, a server computer determines whether an email entering a private computer network is malicious (e.g., part of a directory harvest attack or bounce-source attack) by determining the recipient email address of the email and the Internet Protocol (IP) address of the source of the email. When the server computer determines that the email is malicious, the server computer may reject the email by sending a non-deterministic response to the source of the email. The non-deterministic response may include an error message that is different from the actual reason why the email is being rejected. The rejection may be sent as an immediate reply or postponed, for example.

Abstract: In one embodiment, a method of generating a listing of valid email addresses in a private computer network includes monitoring of inbound emails and outbound delivery failure notification emails. Recipient email addresses of inbound emails may be indicated in the listing as valid email addresses. The delivery failure notification emails may be indicative of receipt in the private computer network of an undeliverable email. The recipient email address of the undeliverable email may be identified in the listing as an invalid email address. Comparing the recipient email addresses of undeliverable emails and inbound emails advantageously allows generation of the listing of valid email addresses in the private computer network without having to ask an email server for such a listing.

Abstract: In one embodiment, incremental backups containing information on modified addressable portions of a data storage device are evaluated for presence of malicious codes (“malwares”). Each modified addressable portion may be individually accessed and scanned for malicious codes. Each modified addressable portion may also be mapped to its associated file, allowing the associated file to be scanned for malicious codes. These allow an incremental backup to be evaluated even when it only contains portions, rather than the entirety, of several different files. A clean incremental backup may be selected for restoring the data storage device in the event of malicious code infection.

Abstract: Methods and arrangements for implementing new email handling policies in gateway logic that is inserted upstream of the existing email system (which may or may not have an existing email gateway). By inserting the gateway logic upstream of the existing email system, it is unnecessary to reconfigure existing email handling logic since the remainder of the email system downstream of the newly inserted gateway logic is substantially undisturbed. Techniques and arrangements are proposed to ensure the remainder of the email system continues to function correctly after the insertion of the new gateway logic.

Abstract: A software module at an e-mail gateway server scans incoming e-mail messages suspected of being phishing messages and inserts a script program into the head or body of the message in HTML form. The message is converted into an HTML document if necessary. The script program is written in a language such as VBScript, JScript, ECMAScript or JavaScript and can be run in a browser. The modified message is delivered to the recipient. When the e-mail client software on the user's desktop encounters the HTML content a browser starts up and the script program is executed by the browser. The script program can then take any action necessary to counter any hostile content of the message such as providing a warning message, comparing hyperlinks, intercepting a redirect request, warning about suspect attachments, etc.