Abstract: A security system with methodology for interprocess communication control is described. In one embodiment, a method for controlling interprocess communication is provided that includes steps of: defining rules indicating which system services a given application can invoke; trapping an attempt by a particular application to invoke a particular system service; identifying the particular application that is attempting to invoke the particular system service; and based on identity of the particular application and on the rules indicating which system services a given application can invoke, blocking the attempt when the rules indicate that the particular application cannot invoke the particular system service.

Abstract: A system and methodology for protecting new computers by applying a preconfigured security update policy is described. In one embodiment, for example, a method is described for controlling connections to a computer upon its initial deployment, the method comprises steps of: upon initial deployment of the computer, applying a preconfigured security policy that establishes a restricted zone of preapproved hosts that the computer may connect to upon its initial deployment; receiving a request for a connection from the computer to a particular host; based on the preconfigured security policy, determining whether the particular host is within the restricted zone of preapproved hosts; and blocking the connection if the particular host is not within the restricted zone of preapproved hosts.

Abstract: A security system with methodology for interprocess communication control is described. In one embodiment, a method for controlling interprocess communication is provided that includes steps of: defining rules indicating which system services a given application can invoke; trapping an attempt by a particular application to invoke a particular system service; identifying the particular application that is attempting to invoke the particular system service; and based on identity of the particular application and on the rules indicating which system services a given application can invoke, blocking the attempt when the rules indicate that the particular application cannot invoke the particular system service.

Abstract: A system and methodology for providing community-based security policies is described. In one embodiment in a system comprising a plurality of devices connected to a network, a security module is provided for establishing security settings for regulating network access at these devices. Information is collected from at least some the devices about the security settings established on such devices and consensus security settings are generated based upon the collected information. In response to a request for network access at a particular device, determining whether or not to permit network access is based, at least in part, upon the consensus security settings.

Abstract: A computing environment with methods for monitoring access to an open network such as the Internet, is described. The system includes one or more client computers, each operating applications (e.g., Netscape Navigator or Microsoft Internet Explorer) requiring access to an open network, such as a WAN or the Internet, and a router or other equipment that serves a routing function (e.g., a cable modem) for the client computers. A centralized security enforcement module on the router maintains access rules for the client computers and verifies the existence and proper operation of a client-based security module on each client computer. The router-side security module periodically sends out a router challenge via Internet broadcast to the local computers on the network. If the client-side security module is installed and properly operating, the client-side security module responds to the router challenge. The responses received by the router-side security module are maintained in a table.

Abstract: Information Management System and methods providing an improved user interface (UI) are described. In particular, the present invention provides a specialized region of the user interface which comprises a world or "landscape" which is a core representation or view of the user's own data. To render the landscape with representations of the data most important to the user, the system, at runtime, actually examines the underlying data which has been stored by the user. The system then dynamically alters the user interface at runtime to include representations of information which is important to the user. In operation, the system presents an interface comprising a background bitmap and further comprises diverse objects which are "plugged into" the background. Each object which is plugged in is typically a completely separate object which represents particular user data which is of interest to a currently logged-on user.

Abstract: System and methods are described for efficient storage and processing of non-uniform data records. An exemplary embodiment includes a Databank system having a Database Engine, a Database Engine API (Application Program Interface), a Databank Engine, a Databank Engine Class Interface, and a Databank (storage). The Databank storage itself comprises a Descriptor Table (Form Definition) and a Data Repository. The Descriptor Table comprises a plurality of field descriptors for characterizing user information stored in the Databank. The Data Repository, on the other hand, stores the actual data from the non-uniform data records. It comprises "static" fields and a "dynamic" field. The static fields store core fields necessary for characterizing each data record (irrespective of what type of information a given data record stores). User data are stored in a structured, pre-defined manner using logical fields (or "subfields") of the dynamic field.

Abstract: System and methods are described for efficient storage and processing of non-uniform data records. An exemplary embodiment includes a Databank system having a Database Engine, a Database Engine API (Application Program Interface), a Databank Engine, a Databank Engine Class Interface, and a Databank (storage). The Databank storage itself comprises a Descriptor Table (Form Definition) and a Data Repository. The Descriptor Table comprises a plurality of field descriptors for characterizing user information stored in the Databank. The Data Repository, on the other hand, stores the actual data from the non-uniform data records. It comprises "static" fields and a "dynamic" field. The static fields store core fields necessary for characterizing each data record (irrespective of what type of information a given data record stores). User data are stored in a structured, pre-defined manner using logical fields (or "subfields") of the dynamic field.