Abstract: In accordance with the present invention, a system, method, and computer-readable medium for identifying malware at a network transit point such as a computer that serves as a gateway to an internal or private network is provided. A network transmission is scanned for malware at a network transit point without introducing additional latency to the transmission of data over the network. In accordance with one aspect of the present invention, a computer-implemented method for identifying malware at a network transit point is provided. More specifically, when a packet in a transmission is received at the network transit point, the packet is immediately forwarded to the target computer. Simultaneously, the packet and other data in the transmission are scanned for malware by an antivirus engine. If malware is identified in the transmission, the target computer is notified that the transmission contains malware.

Abstract: A system and method for identifying and removing potentially unwanted software. A mechanism is provided that identifies suspect programs to a user and allows the user to prevent the suspect programs from running without actually deleting them. In one embodiment, scanner data identifying potentially unwanted software is displayed in a GUI that allows the user to inhibit its continued execution. For example, any software not on a list of known, benign applications/processes may be identified as potentially unwanted. Similarly, software that displays one or more suspect behaviors may be so identified, allowing the user to distinguish between normal and suspect software without irreversibly altering the user's system.

Abstract: The present invention provides a system, method, and computer-readable medium for identifying and removing active malware from a computer. Aspects of the present invention are included in a cleaner tool that may be obtained automatically with an update service or may be downloaded manually from a Web site or similar distribution system. The cleaner tool includes a specialized scanning engine that searches a computer for active malware. Since the scanning engine only searches for active malware, the amount of data downloaded and resource requirements of the cleaner tool are less than traditional antivirus software. The scanning engine searches specific locations on a computer, such as data mapped in memory, configuration files, and file metadata for data characteristic of malware. If malware is detected, the cleaner tool removes the malware from the computer.

Abstract: The present invention is directed to a system and methods for protecting a limited resource computer from malware. Aspects of the present invention use antivirus software on a general purpose computer to prevent malware from infecting a limited resource computer. Typically, antivirus software on the general purpose computer is kept “up-to-date” with the most recent software updates. When a connection is established between the limited resource computer and the general purpose computer, a signature of each application installed on the limited resource computer is transmitted to the general purpose computer. Then antivirus software on the general purpose computer compares the received signatures to known malware. Finally, the results of the scan are reported to the limited resource computer.

Abstract: In general, embodiments of the present invention provide protection for anti-malware software programs (also referred to herein as anti-malware) that is in addition to the protection that currently exists. In particular, instead of only protecting anti-malware programs from malware attacks by attempting to detect the malware software programs (also referred to herein as malware) before they can accomplish their malicious task, embodiments of the present invention obfuscate, or hide, the anti-malware and/or files associated with the anti-malware. Obfuscating files makes it difficult for malware to locate the information needed to accomplish its malware tasks. Additionally, because obfuscation makes file location difficult, malware that attempts to overcome this protection technique will likely include or use a detection engine.

Abstract: A self-healing device is provided in which changes made between the time that an infection resulting from an attack on the device was detected and an earlier point in time to which the device is capable of being restored may be recovered based, at least in part, on what kinds of changes were made, whether the changes were bona fide or malware induced, whether the changes were made after the time that the infection likely occurred, and whether new software was installed.

Abstract: In accordance with the present invention, a system, method, and computer-readable medium for identifying malware in a request to a Web service is provided. One aspect of the present invention is a computer-implemented method for protecting a computer that provides a Web service from malware made in a Web request. When a request is received, an on-demand compilation system compiles high-level code associated with the request into binary code that may be executed. However, before the code is executed, antivirus software designed to identify malware scans the binary code for malware. If malware is identified, the antivirus software prevents the binary code associated with the request from being executed.

Abstract: Methods, systems, and computer program products for synchronizing data stored at one or more message clients with data stored at a message server where the message clients may receive update notifications and may represent the data using different data structures than the message server uses to represent the same data. A token is associated with each data change that occurs at the message server. The message server sends each change and associated token to the message clients. When the message clients request a synchronization, the tokens they received are returned to the message server for comparison with the tokens the message server sent to the message clients. If the message clients do not return a particular token, the message server determines that the clients did not receive the corresponding change and resends the change to the message clients. Tokens may also be used to divide a change into one or more portions, with only one portion being provided initially.

Abstract: Methods, systems, and computer program products for synchronizing data stored at one or more message clients with data stored at a message server where the message clients may receive update notifications and may represent the data using different data structures than the message server uses to represent the same data. A token is associated with each data change that occurs at the message server. The message server sends each change and associated token to the message clients. When the message clients request a synchronization, the tokens they received are returned to the message server for comparison with the tokens the message server sent to the message clients. If the message clients do not return a particular token, the message server determines that the clients did not receive the corresponding change and resends the change to the message clients. Tokens may also be used to divide a change into one or more portions, with only one portion being provided initially.

Abstract: Methods, systems, and computer program products for synchronizing data stored at one or more message clients with data stored at a message server where the message clients may receive update notifications and may represent the data using different data structures than the message server uses to represent the same data. A token is associated with each data change that occurs at the message server. The message server sends each change and associated token to the message clients. When the message clients request a synchronization, the tokens they received are returned to the message server for comparison with the tokens the message server sent to the message clients. If the message clients do not return a particular token, the message server determines that the clients did not receive the corresponding change and resends the change to the message clients. Tokens may also be used to divide a change into one or more portions, with only one portion being provided initially.

Abstract: Methods, systems, and computer program products for negotiating a secure end-to-end connection using a proxy server as an intermediary. The client first negotiates a secure connection between the client and the proxy so that any credentials exchanged will be encrypted. After the exchange of authentication credentials, the secure client-proxy connection is altered so that no further encryption takes place. The client and server then negotiate a secure end-to-end connection through the proxy, with the secure end-to-end connection being encapsulated within the insecure client-proxy connection. In this way, the overhead of creating a separate client-proxy connection for the secure end-to-end connection may be avoided, but the insecure client-proxy connection introduces only minimal overhead because it no longer encrypts any data that it carries.

Abstract: The dynamic conversion of a data structure from an origin data format into a destination data format is described. Instead of using a single data conversion module to accomplish this data conversion, a gateway computer system identifies a sequence of format conversion modules that, when executed in sequence, converts the data structure from the origin to the destination data format. The conversion occurs dynamically during run time and reduces the amount of needed data conversion modules significantly, particularly when there is a large amount of possible origin data formats and destination data formats. This conversion is particularly useful when communicating over wireless networks since there is little standardization in wireless devices resulting in wireless devices having many different proprietary data formats.

Abstract: Methods, systems, and computer program products for negotiating a secure end-to-end connection using a proxy server as an intermediary. The client first negotiates a secure connection between the client and the proxy so that any credentials exchanged will be encrypted. After the exchange of authentication credentials, the secure client-proxy connection is altered so that no further encryption takes place. The client and server then negotiate a secure end-to-end connection through the proxy, with the secure end-to-end connection being encapsulated within the insecure client-proxy connection. In this way, the overhead of creating a separate client-proxy connection for the secure end-to-end connection may be avoided, but the insecure client-proxy connection introduces only minimal overhead because it no longer encrypts any data that it carries.

Abstract: Methods, systems, and computer program products for synchronizing data stored at one or more message clients with data stored at a message server where the message clients may receive update notifications and may represent the data using different data structures than the message server uses to represent the same data. A token is associated with each data change that occurs at the message server. The message server sends each change and associated token to the message clients. When the message clients request a synchronization, the tokens they received are returned to the message server for comparison with the tokens the message server sent to the message clients. If the message clients do not return a particular token, the message server determines that the clients did not receive the corresponding change and resends the change to the message clients. Tokens may also be used to divide a change into one or more portions, with only one portion being provided initially.

Abstract: A flexible gateway accommodates data transfer from a data origination device over a wide variety of networks to a wide variety of destination devices, even if those networks use different protocols, and even if the devices recognize different data formats. Thus, the gateway can perform work previously requiring numerous gateways. After the gateway receives information from a data source, the gateway identifies the specific device type and the specific network type to which the information is to be routed. The gateway then calls device and network drivers associated with the specific device and network identified with the destination device. These drivers then manipulate the data using the device driver into the format recognized by the destination device, and then provide the manipulated data to the destination device over the identified network using the compatible protocol. Thus, the destination device properly receives and interprets the information provided by the data source.

Abstract: Methods, systems, and computer program products for negotiating a secure end-to-end connection using a proxy server as an intermediary. The client first negotiates a secure connection between the client and the proxy so that any credentials exchanged will be encrypted. After the exchange of authentication credentials, the secure client-proxy connection is altered so that no further encryption takes place. The client and server then negotiate a secure end-to-end connection through the proxy, with the secure end-to-end connection being encapsulated within the insecure client-proxy connection. In this way, the overhead of creating a separate client-proxy connection for the secure end-to-end connection may be avoided, but the insecure client-proxy connection introduces only minimal overhead because it no longer encrypts any data that it carries.