Abstract: A method of providing information about a device is proposed. According to the method, user-specific information of a first user is provided to the device. The user-specific information is related to a user experience of the device used by the first user. The user-specific information is stored in a non-volatile memory of the device. Upon a request of a second user, device-specific information based on the stored user-specific feedback information from the non-volatile memory of the device is outputted to the second user. A device with an electrical circuit, non-volatile memory, and an output circuit is proposed.

Abstract: The present disclosure relates to concepts of acoustic noise cancelling. A noise cancelling apparatus contains a propulsion component configured to autonomously move the noise cancelling apparatus, and circuitry. The circuitry is configured to determine a position of an acoustic source, to determine a position of an acoustic receiver, and, depending on the detected positions of the acoustic source and the acoustic receiver, to control the propulsion component to navigate the noise cancelling apparatus to a target position to at least partly cancel an acoustic signal from the acoustic source at the position of the acoustic receiver.

Abstract: Aspects of the invention relate to a method for preventing communication through covert channels in a Local Area Network (LAN).

Abstract: A method of providing information about a device is proposed. According to the method, user-specific information of a first user is provided to the device. The user-specific information is related to a user experience of the device used by the first user. The user-specific information is stored in a non-volatile memory of the device. Upon a request of a second user, device-specific information based on the stored user-specific feedback information from the non-volatile memory of the device is outputted to the second user. A device with an electrical circuit, non-volatile memory, and an output circuit is proposed.

Abstract: There provided a method, including executing on a processor the steps of: monitoring DNS related network traffic including domain name-to-IP key value pairs, monitoring at least such non-DNS related network traffic that is targeting routable IP addresses, determining whether the monitored non-DNS related network traffic is related to a domain name, in the event that the monitored non-DNS related network traffic is determined to be related to a domain name, searching the monitored DNS related network traffic for a matching domain name, in the event that the matching domain name is found in the search, determining whether IP addresses related to the matching domain names also match, and in the event that the IP addresses related to the matching domain names do not match, determining that an internal name-to-IP resolution from a local configuration file is used for the domain name and triggering an alert.

Abstract: The present disclosure relates to concepts of acoustic noise cancelling. A noise cancelling apparatus contains a propulsion component configured to autonomously move the noise cancelling apparatus, and circuitry. The circuitry is configured to determine a position of an acoustic source, to determine a position of an acoustic receiver, and, depending on the detected positions of the acoustic source and the acoustic receiver, to control the propulsion component to navigate the noise cancelling apparatus to a target position to at least partly cancel an acoustic signal from the acoustic source at the position of the acoustic receiver.

Abstract: Methods and apparatus are disclosed for detecting if a source of initial content is serving exploits to a target device exposed to initial content. The method includes selecting at least two target devices and dividing the selected target devices into at least two groups, and causing the at least two groups to appear towards the initial content as having different software profiles towards the initial content. Information is obtained regarding at least one of connections and content transmitted/received by the at least two groups as a result of exposure to the initial content. The obtained information between the at least two groups is compared. If the comparison indicates that target devices in one of the at least two groups transmit/receive at least one of additional connections and additional content due to being exposed to the initial content, deciding that a source of the initial content serves exploits.

Abstract: A method of detecting malware present on a computer system. A set of applications is predefined as benign, and profiles are provided for respective benign applications. Each profile identifies one or more procedures known to be performed by the associated benign application, each procedure being identified by a characteristic action and one or more expected actions. Behavior of the computer system is monitored to detect performance, by a running application, of a characteristic action of a procedure of a benign application. Upon detection of performance of a characteristic action, the profile provided for the associated benign application is used to detect a deviation from the expected actions of the procedure; and the detection of a deviation is used to identify the running application as malicious or suspicious.

Abstract: There are provided measures for enabling/realizing an integrity check of a DNS server setting, thereby enabling/realizing detection of DNS hacking or hijacking. Such measures could exemplarily include triggering a DNS resolution operation by a service device configured to provide a service using the DNS server setting, wherein the DNS server setting is used for DNS resolution or DNS forwarding in service provisioning, acquiring the IP address of a DNS server device, which is configured to perform DNS resolution in service provisioning, by reading the IP address of the DNS server device included in a DNS message as part of the triggered DNS resolution operation by the service device, and processing the acquired IP address of the DNS server device for evaluating integrity of the DNS server setting used in service provisioning.

Abstract: A method and apparatus for detecting a Return-Oriented Programming exploitation. At a computer device, a mechanism to detect a control transfer of a code location in a memory is established. This may be, for example, hooking the control transfer. The code location relates to an electronic file. In the event that a control transfer of the code location is detected, a comparison is made between a destination code location address with values in the freed stack. If the code location address matches any of the values in the freed stack, then it is determined that the control transfer of the code location relates to a Return-Oriented Programming exploitation.

Abstract: Aspects of the invention relate to a method for preventing communication through covert channels in a Local Area Network (LAN).

Abstract: Aspects of the invention relate to a method of identifying a potential attack in network traffic that includes payload data transmitted to a host entity in the network. The method includes: monitoring and checking said traffic on route to said host entity for intrusion attacks at a network entity acting as a proxy server; performing a first data-check on one or more data bytes of the payload data at the network entity acting as a proxy server; performing a second data-check, equivalent to the first data-check, on data of the network equivalent to the one or more bytes of payload data at a network entity acting as an Intrusion Detection System/Intrusion Protection System (IDS/IPS); and comparing the results of the first and second data-checks to determine if there is a mismatch, any mismatch being an indication that said step of monitoring and checking said traffic is unreliable.

Abstract: A method and apparatus for scanning for or removing malware from a computer device. Under normal circumstances, the computer device is controlled by a first operating system installed in a memory of the device. In order to scan for or remove the malware from the computer device, control of the computer device is passed from the first operating system to a second operating system and, under the control of the second operating system, the device is either scanned for malware or the malware is removed. This allows malware to be detected or removed, even if it has affected the first operating system in some way in order to evade detection or removal.

Abstract: There provided a method, including executing on a processor the steps of: monitoring DNS related network traffic including domain name-to-IP key value pairs, monitoring at least such non-DNS related network traffic that is targeting routable IP addresses, determining whether the monitored non-DNS related network traffic is related to a domain name, in the event that the monitored non-DNS related network traffic is determined to be related to a domain name, searching the monitored DNS related network traffic for a matching domain name, in the event that the matching domain name is found in the search, determining whether IP addresses related to the matching domain names also match, and in the event that the IP addresses related to the matching domain names do not match, determining that an internal name-to-IP resolution from a local configuration file is used for the domain name and triggering an alert.

Abstract: Methods and apparatus are disclosed for detecting if a source of initial content is serving exploits to a target device exposed to initial content. The method includes selecting at least two target devices and dividing the selected target devices into at least two groups, and causing the at least two groups to appear towards the initial content as having different software profiles towards the initial content. Information is obtained regarding at least one of connections and content transmitted/received by the at least two groups as a result of exposure to the initial content. The obtained information between the at least two groups is compared. If the comparison indicates that target devices in one of the at least two groups transmit/receive at least one of additional connections and additional content due to being exposed to the initial content, deciding that a source of the initial content serves exploits.

Abstract: A method of detecting malware present on a computer system. A set of applications is predefined as benign, and profiles are provided for respective benign applications. Each profile identifies one or more procedures known to be performed by the associated benign application, each procedure being identified by a characteristic action and one or more expected actions. Behaviour of the computer system is monitored to detect performance, by a running application, of a characteristic action of a procedure of a benign application. Upon detection of performance of a characteristic action, the profile provided for the associated benign application is used to detect a deviation from the expected actions of the procedure; and the detection of a deviation is used to identify the running application as malicious or suspicious.

Abstract: A method and apparatus for scanning for or removing malware from a computer device. Under normal circumstances, the computer device is controlled by a first operating system installed in a memory of the device. In order to scan for or remove the malware from the computer device, control of the computer device is passed from the first operating system to a second operating system and, under the control of the second operating system, the device is either scanned for malware or the malware is removed. This allows malware to be detected or removed, even if it has affected the first operating system in some way in order to evade detection or removal.

Abstract: A method and apparatus for scanning for or removing malware from a computer device. Under normal circumstances, the computer device is controlled by a first operating system installed in a memory of the device. In order to scan for or remove the malware from the computer device, control of the computer device is passed from the first operating system to a second operating system and, under the control of the second operating system, the device is either scanned for malware or the malware is removed. This allows malware to be detected or removed, even if it has affected the first operating system in some way in order to evade detection or removal.

Abstract: Methods, apparatus, connection systems, and client devices are described. The apparatus receives a multiplicity of DNS query messages from multiple client devices. For each received DNS query message to a malware domain name or a particular domain name, the apparatus sends a marker DNS response message to the corresponding client device for use in detecting whether the client device is infected with malware or is accessing the particular domain name. The connection system receives a connection request from a client device of the multiple client devices for access to the communication network, and sends marker detection information to the client device for use in identifying whether client device is marked as infected with malware or accessing a particular domain name. It is determined whether the client device is infected with malware or accessed the particular domain name. The client device may be blocked or granted access to the communication network.

Abstract: The invention relates to computer security and to systems and methods for detecting and protecting against malicious content such as computer viruses. Gateway (200) and security (400) computers for protecting a client computer (300) against dynamically generated malicious content. The gateway computer includes: a receiver configured to receive original content, the original content including a call to an original function, the call including an associated input. The gateway computer further includes: a content modifier unit configured to modify the original content to produce modified content, wherein the modified content includes at least a portion of the original content and a call to a shielding function, the shielding function being operable to cause the client computer to transmit an instruction to a security computer (400) to inspect the input associated with the call to the original function.