Abstract: Systems and methods for methods network activity. The methods include receiving at an interface connection data associated with a request from a first device to download an application from a source, downloading the application to a second device based on the request, and executing, using one or more processors executing instructions stored on memory, the downloaded application to obtain behavioral data of the application. The methods further include assigning, using the one or more processors, a risk score to the application based on the behavioral data of the application to determine whether the application is malicious before the application is downloaded by the first device, and implementing, using the one or more processors, a download decision for the first device based on the assigned risk score, wherein the download decision indicates at least whether the first device is able to download the application associated with the request.

Abstract: Systems and methods for monitoring a file download. The methods include communicating, using a first device, a request to download a file from a source; receiving at the first device a first plurality of packets related to the file; modifying the first plurality of packets to create a second plurality of packets; and communicating the second plurality of packets to a second device configured to reassemble the second plurality of packets, extract the file from the reassembled second plurality of packets, and obtain behavioral data associated with the file. The methods further include receiving at the first device the behavioral data associated with the file, and implementing a download decision based on the behavioral data associated with the file, wherein the implemented download decision indicates at least whether the first device downloads the file.

Abstract: In one example, a data security system may determine prevalence of a file based query data for an object (e.g., a file or a hash or a file). An example algorithm may provide using a statistically justifiable estimate of the prevalence while storing few data records, and therefore may provide prevalence information in O(1) time complexity (i.e., constant time). Such an algorithm may be applied in near real-time to provide, e.g., an immediate response to a query for the prevalence of a file.

Abstract: A method for securing an electronic device includes, at a level below all of the operating systems of an electronic device, trapping a first attempt and second attempt to access sensitive system resources of the electronic device. The method also includes identifying the first attempt and second attempt as representing a potential malware attack, comparing the sequence of the first attempt and second attempt against a first anti-malware rule, and, based on the comparison of the sequence of the first attempt and second attempt against the first anti-malware rule, allowing the second attempt. The first attempt and second attempt originate from code of the same operating entity. The first anti-malware rule includes a requirement of a sequence of attempts including the first attempt followed by the second attempt.

Abstract: Particular embodiments described herein provide for an electronic device that can receive, at a rating system, a request for a data rating of data, determine a rating type for the data, receiving rating logic for the rating type, and rate the data using the rating logic. The rating logic for the rating type is included in a dedicated rating database. Also, the rating logic may separate from the rating system and the rating logic can be updated without having to update the rating system.

Abstract: In one example, a data security system may determine prevalence of a file based query data for an object (e.g., a file or a hash or a file). An example algorithm may provide using a statistically justifiable estimate of the prevalence while storing few data records, and therefore may provide prevalence information in O(1) time complexity (i.e., constant time). Such an algorithm may be applied in near real-time to provide, e.g., an immediate response to a query for the prevalence of a file.

Abstract: A method and computer program produce provide the capability to use UDP to send messages that include more data than can be handled by a single UDP packet. A method for performing data transfer implemented in a computer system comprises transmitting a request for data, receiving a response to the request for data comprising a portion of the requested data and an indication that additional data is available, and transmitting a request for additional data.

Abstract: A method for securing an electronic device includes, at a level below all of the operating systems of an electronic device, trapping a first attempt and second attempt to access sensitive system resources of the electronic device. The method also includes identifying the first attempt and second attempt as representing a potential malware attack, comparing the sequence of the first attempt and second attempt against a first anti-malware rule, and, based on the comparison of the sequence of the first attempt and second attempt against the first anti-malware rule, allowing the second attempt. The first attempt and second attempt originate from code of the same operating entity. The first anti-malware rule includes a requirement of a sequence of attempts including the first attempt followed by the second attempt.

Abstract: A system, method, and computer program product are provided for tracking the migration of objects to determine whether to perform a network based check. In operation, an object is identified. Furthermore, a first security niche associated with the object is determined. Additionally, it is determined if the object is migrating from the first security niche to a second security niche. Still yet, a network based security check is conditionally performed if it is determined the object is migrating from the first security niche to the second security niche.

Abstract: A system, method, and computer program product are provided for tracking the migration of objects to determine whether to perform a network based check. In operation, an object is identified. Furthermore, a first security niche associated with the object is determined. Additionally, it is determined if the object is migrating from the first security niche to a second security niche. Still yet, a network based security check is conditionally performed if it is determined the object is migrating from the first security niche to the second security niche.

Abstract: A method and computer program produce provide the capability to use UDP to send messages that include more data than can be handled by a single UDP packet. A method for performing data transfer implemented in a computer system comprises transmitting a request for data, receiving a response to the request for data comprising a portion of the requested data and an indication that additional data is available, and transmitting a request for additional data.

Abstract: A method and computer program product provide the capability to use UDP to send messages that include more data than can be handled by a single UDP packet. A method for performing data transfer implemented in a computer system comprises transmitting a request for data, receiving a response to the request for data comprising a portion of the requested data and an indication that additional data is available, and transmitting a request for additional data.

Abstract: An apparatus and techniques for detecting the loading and unloading of materials on a mobile structure are disclosed. The techniques can be used to detect when material is on a support structure of the mobile structure and to detect when the material is off the support structure of the mobile structure.

Abstract: A method, system, and computer program product for processing email messages rescans emails messages that have already been scanned for spam and delivered to user inboxes with updated spam detection rules. This increases the accuracy of spam scanning and reduces the need for users to submit missed spam in emails that was not detected at the time the emails were received, but would subsequently be detected with newer anti-spam rules. A method of processing email messages comprises receiving email messages in a local inbox or in an inbox on an email server, or both, the received email messages having been scanned using spam detection rules to determine whether or not they include spam, obtaining updated spam detection rules, and rescanning at least some of the received email messages using the updated spam detection rules to determine whether or not they include spam.

Abstract: A method and computer program product prevent false positives from occurring by reducing or preventing legitimate web site content from triggering matches to phishing black lists, but provides time and cost savings over manual review of black lists. A method implemented in a computer system for detecting false positives among a plurality of search patterns of web sites that include illegitimate content comprises accessing a first page of a legitimate web site, obtaining all links included in the first page, for each link included in the first page that points to a page on the web site, determining whether the link matches at least one of the plurality of search patterns, and for each link that matches the search pattern, indicating that the search pattern is a false positive.

Abstract: An apparatus and techniques for detecting the loading and unloading of materials on a mobile structure are disclosed. The techniques can be used to detect when material is on a support structure of the mobile structure and to detect when the material is off the support structure of the mobile structure.

Abstract: A method, system, and computer program product for processing email messages rescans emails messages that have already been scanned for spam and delivered to user inboxes with updated spam detection rules. This increases the accuracy of spam scanning and reduces the need for users to submit missed spam in emails that was not detected at the time the emails were received, but would subsequently be detected with newer anti-spam rules. A method of processing email messages comprises receiving email messages in a local inbox or in an inbox on an email server, or both, the received email messages having been scanned using spam detection rules to determine whether or not they include spam, obtaining updated spam detection rules, and rescanning at least some of the received email messages using the updated spam detection rules to determine whether or not they include spam.

Abstract: A method and computer program product prevent false positives from occurring by reducing or preventing legitimate web site content from triggering matches to phishing black lists, but provides time and cost savings over manual review of black lists. A method implemented in a computer system for detecting false positives among a plurality of search patterns of web sites that include illegitimate content comprises accessing a first page of a legitimate web site, obtaining all links included in the first page, for each link included in the first page that points to a page on the web site, determining whether the link matches at least one of the plurality of search patterns, and for each link that matches the search pattern, indicating that the search pattern is a false positive.

Abstract: A method and computer program produce provide the capability to use UDP to send messages that include more data than can be handled by a single UDP packet. A method for performing data transfer implemented in a computer system comprises transmitting a request for data, receiving a response to the request for data comprising a portion of the requested data and an indication that additional data is available, and transmitting a request for additional data.

Abstract: Method and apparatus are described for compensating for a linear time scale change in a received signal, so as to correctly rescale the frame sequence of the received signal. Firstly, an initial estimate of the sequence of symbols is extracted from the received signal. Successive estimates of correctly time scaled sequences of the symbols are then generated by interpolating the values of the initial estimates.