Abstract: Techniques for categorizing programs running on an information handling system. One method includes, while a program is running on an information handling system in a manner that permits the program to infect the information handling system, calculating a first score and a second score. The first score is indicative of the likelihood that the program is malicious; the second score is indicative of the likelihood that the program is valid. This method further includes categorizing the program with respect to the likelihood of the program infecting the information handling system, including by categorizing the program as valid code based on the second score being above a threshold value, regardless of the first score.

Abstract: A method for classifying a process that modifies a registry attribute is described. At least one attribute associated with a registry is monitored. A determination is made that the at least one attribute has been modified. The process that modified the at least one attribute is identified. One or more characteristics of the identified process is evaluated. The identified process is classified based on the evaluation of the one or more characteristics of the identified process.

Abstract: Behavioral blocking of overlay-type identity stealers is achieved by detecting a transactional web page session, evaluating a property of a window corresponding to a process running on the computer system, and then, based on a result of the evaluation, blocking a behavior of the process for a duration of the transactional web page session. The evaluation of the property window involves determining whether the window exhibits one or more characteristics representing activity of an overlay-type identity stealer.

Abstract: Techniques for categorizing programs running on an information handling system. One method includes, while a program is running on an information handling system in a manner that permits the program to infect the information handling system, calculating a first score and a second score. The first score is indicative of the likelihood that the program is malicious; the second score is indicative of the likelihood that the program is valid. This method further includes categorizing the program with respect to the likelihood of the program infecting the information handling system, including by categorizing the program as valid code based on the second score being above a threshold value, regardless of the first score.

Abstract: Systems and methods for configuring a specific-use computing system are disclosed. A computing system may comprise a first set of predetermined application programs and a processor limited to executing the first set of predetermined application programs and pre-approved application programs received from a pre-approved computing device. The computing system may also include a communication interface configured to enable communication between the first computing system and the pre-approved computing device. Exemplary methods and computer-readable media are also enclosed.

Abstract: A method for implementing an online transaction security product includes downloading an online transaction security product program from a web site to an information handling system. The security product program includes an anti-malicious code program configured to detect malicious code on the information handling system. Lastly, the security product program is executed, wherein the anti-malicious code program of the security product program operates to detect malicious code on the information handling system.

Abstract: A method for detecting malicious code on an information handling system includes executing malicious code detection code (MCDC) on the information handling system. The malicious code detection code includes detection routines. The detection routines are applied to executable code under investigation running on the information handling system during the execution of the MCDC. The detection routines associate weights to respective executable code under investigation in response to detections of a valid program or malicious code as a function of respective detection routines. Lastly, executable code under investigation is determined a valid program or malicious code as a function of the weights associated by the detection routines. Computer-readable media and an information handling system are also disclosed.

Abstract: A method for detecting malicious code on an information handling system includes executing malicious code detection code (MCDC) on the information handling system. The malicious code detection code includes detection routines. The detection routines are applied to executable code under investigation running on the information handling system during the execution of the MCDC. The detection routines associate weights to respective executable code under investigation in response to detections of a valid program or malicious code as a function of respective detection routines. Lastly, executable code under investigation is determined a valid program or malicious code as a function of the weights associated by the detection routines. Computer-readable media and an information handling system are also disclosed.

Abstract: A method for detecting malicious code on an information handling system includes executing malicious code detection code (MCDC) on the information handling system. The malicious code detection code includes detection routines. The detection routines are applied to executable code under investigation running on the information handling system during the execution of the MCDC. The detection routines associate weights to respective executable code under investigation in response to detections of a valid program or malicious code as a function of respective detection routines. Lastly, executable code under investigation is determined a valid program or malicious code as a function of the weights associated by the detection routines. Computer-readable media and an information handling system are also disclosed.

Abstract: Systems and methods for configuring a specific-use computing system are disclosed. A computing system may comprise a first set of predetermined application programs and a processor limited to executing the first set of predetermined application programs and pre-approved application programs received from a pre-approved computing device. The computing system may also include a communication interface configured to enable communication between the first computing system and the pre-approved computing device. Exemplary methods and computer-readable media are also enclosed.

Abstract: A method for implementing an online transaction security product includes downloading an online transaction security product program from a web site to an information handling system. The security product program includes an anti-malicious code program configured to detect malicious code on the information handling system. Lastly, the security product program is executed, wherein the anti-malicious code program of the security product program operates to detect malicious code on the information handling system.

Abstract: A method for implementing an online transaction security product includes downloading an online transaction security product program from a web site to an information handling system. The security product program includes an anti-malicious code program configured to detect malicious code on the information handling system. Lastly, the security product program is executed, wherein the anti-malicious code program of the security product program operates to detect malicious code on the information handling system.

Abstract: A method for implementing an online transaction security product includes downloading an online transaction security product program from a web site to an information handling system. The security product program includes an anti-malicious code program configured to detect malicious code on the information handling system. Lastly, the security product program is executed, wherein the anti-malicious code program of the security product program operates to detect malicious code on the information handling system.

Abstract: A method for detecting malicious code on an information handling system includes executing malicious code detection code (MCDC) on the information handling system. The malicious code detection code includes detection routines. The detection routines are applied to executable code under investigation running on the information handling system during the execution of the MCDC. The detection routines associate weights to respective executable code under investigation in response to detections of a valid program or malicious code as a function of respective detection routines. Lastly, executable code under investigation is determined a valid program or malicious code as a function of the weights associated by the detection routines. Computer-readable media and an information handling system are also disclosed.