Abstract: System, method, and computer-readable medium for managing removal of unused objects on a subject computer system that includes a plurality of computing resources. Current configuration and operational state information of a subject computer system are analyzed to detect a presence of unused objects on the subject computer system. An estimated degree of impact that unused objects have on the workload of at least one computing resource of the plurality of computing resources is obtained. A measure of the exigency of taking action to remove the unused objects is determined based on the estimated degree of impact and on the current degree of workload of the at least one computing resource. Instructions are generated for removing specific ones of the unused objects for which the exigency of taking action is sufficiently great.

Abstract: Disclosed are systems, methods and computer program products for reducing security risk in a computer network. The system includes an administration server that collect information about one or more computers in the network, including the following information: computer user's external drive usage history, software installation history, and Web browsing history. The server calculates based on the collected information a security rating of the computer user. The server then adjust a security rating of the computer user based on the security rating of at least one other user of another computer connected to the same computer network. The server then selects security policy of the security software based on the adjusted security rating of the computer user. Different security policies provide different network security settings and prohibitions on launching of executable files from external drives.

Abstract: A method and system for identification of malware threats on web resources. The system employs a scheduled antivirus (AV) scanning of web resources. The scheduled scanning of web resources allows to create malware check lists and to configure access to web resources. Frequency and depth of inspection (i.e., scan) are determined for each web resource. The user identifiers are used for scheduled AV scanning of web resources. The system allows for scanning a web resource based on selected configurations without using additional client applications.

Abstract: Disclosed is a portable security device and method for detection and treatment of computer malware. The security device includes a communication interface for connecting to a computer, a memory for storing a set of data for use in malware detection experiments, and an antivirus engine configured to perform one or more malware detection experiments on the computer. A malware detection experiment includes simulating a connection to the computer of a data storage device containing a predefined set of data. The antivirus engine further configured to identify modifications in the set of data contained in the data storage device after termination of one or more malware detection experiments, analyze a modified set of data for presences of computer malware, determine a treatment mechanism for the detected malware, perform treatment of the detected malware on the computer, and generate user reports.

Abstract: Disclosed are systems, methods and computer program products for reducing security risk in a computer network. The system includes an administration server that collect information about one or more computers in the network, including the following information: computer user's external drive usage history, software installation history, and Web browsing history. The server calculates based on the collected information a security rating of the computer user. The server then adjust a security rating of the computer user based on the security rating of at least one other user of another computer connected to the same computer network. The server then selects security policy of the security software based on the adjusted security rating of the computer user. Different security policies provide different network security settings and prohibitions on launching of executable files from external drives.

Abstract: A system, method and computer program product for optimization of execution of anti-malware (AV) applications. A number of false-positive determinations by an AV system are reduced by correcting malware detection rules using correction coefficients. A number of malware objects detected by the AV system are increased by correction of ratings determined by the rules using correction coefficients. An automated testing of new detection rules used by the AV system is provided. The new rules having zero correction coefficients are added to the rules database and results of application of the new rules are analyzed and the rules are corrected or modified for further testing.

Abstract: Disclosed are systems, methods and computer program products for reducing security risk in a computer network. The system includes an administration server that collects system usage, user profile and security incidents information from a plurality of computers in the network. The server determines values of one or more risk factors for each computer using the collected information. The server then calculates security rating of each computer user as a function of the risk factors and adjusts the calculated security rating of a given computer user based on the security ratings of other computer users with whom the given computer users communicates. The server then selects, based on the adjusted security rating, security settings for the computer of the given user in order to reduce user's security risk to the computer network and applies the selected security settings to the computer of the given user.

Abstract: Disclose are system, method and computer program product for protecting passwords from interception. An example method comprise: intercepting a plurality of data entry events generated by a data entry device, wherein the plurality of data entry events comprise a user-entered password; detecting an anomaly event in the plurality of intercepted data entry events; comparing the detected anomaly event with one or more preset anomalies; if the detected anomaly event matches at least one preset anomaly, identifying a replacement character string associated with said at least one preset anomaly; replacing the detected anomaly event in the plurality of intercepted data entry events with the replacement character string to generate a converted password; and sending the converted password instead of the user-entered password to a user authentication device for authentication of the user.

Abstract: A method and system for identification of malware threats on web resources. The system employs a scheduled antivirus (AV) scanning of web resources. The scheduled scanning of web resources allows to create malware check lists and to configure access to web resources. Frequency and depth of inspection (i.e., scan) are determined for each web resource. The user identifiers are used for scheduled AV scanning of web resources. The system allows for scanning a web resource based on selected configurations without using additional client applications.

Abstract: Disclosed are systems, methods and computer program products for adaptive policy-based configuration of programs. An example method comprises collecting from computer system configuration and performance information and rating system performance based on the collected information. The method further includes selecting based on the performance rating an operational policy for a computer program. The policy specifies program settings and limits of system resource utilization by the program. The method further includes monitoring system resource utilization during program execution on the computer system to determine whether system resource utilization exceeds the limit specified in the operational policy. If the system resource utilization exceeds the specified limit, the method selects another policy specifying different program settings and a different limit of system resource utilization.

Abstract: Disclosed are systems, methods and computer program products for adaptive policy-based configuration of programs. An example method comprises collecting from computer system configuration and performance information and rating system performance based on the collected information. The method further includes selecting based on the performance rating an operational policy for a computer program. The policy specifies program settings and limits of system resource utilization by the program. The method further includes monitoring system resource utilization during program execution on the computer system to determine whether system resource utilization exceeds the limit specified in the operational policy. If the system resource utilization exceeds the specified limit, the method selects another policy specifying different program settings and a different limit of system resource utilization.

Abstract: Disclosed are systems, methods and computer program products for centralized detection and management of malware-related information for use by different security applications. In one example, the centralized security management system comprises a central knowledge database of security information, such as information about various types of malware and other security threats. The system further includes an interpreter module that provides a plurality of customized Extensible Markup Language (XML) interfaces for receiving and parsing information queries from remote security applications developed by different vendors. The system further includes a plurality of local and remote analytical modules (engines) that analyze information queries from the security applications using malware-related information contained in the central knowledge database.

Abstract: A system for permanent data deletion is provided. The file deletion system consists of a permanent deletion unit, an analysis module, a database of rules for forming deletion algorithm and an algorithm forming unit. A file to be deleted is passed into the system and the system permanently deletes the file. The system dynamically forms the deletion algorithm based on algorithm forming rules. The rules are selected from the database according to file parameters and user criteria. The file parameters are determined by the analysis module. A user has an access to algorithm forming rules and can edit the rules. Algorithm forming rules can be based on an arbitrary number of complex conditions.

Abstract: Disclosed are systems, methods and computer program products for adaptive configuration of conflicting applications. An example method comprises collecting system configuration information from a computer system, including system hardware and software information. The method further comprises monitoring system resource utilization during execution of a first program and one or more second programs. The method further comprises determining one or more critical levels of system resource utilization by applying fuzzy logic rules to the collected system configuration information. When the monitored system resource utilization exceeds the determined critical level for a predetermined period of time, determining, based on the collected software information, if the first program conflicts with execution of one or more second programs.

Abstract: Disclosed are systems, methods and computer program products for adaptive polity-based configuration of programs. An example method comprises collecting from a computer system configuration and performance information, rating system performance based on the collected information and classifying the computer system based on its performance rating. The method further includes selecting based on the system classification an operational policy for a computer program. Each policy specifies different program settings and different limits of system resource utilization by the program for each class of computer systems. The method further includes monitoring system resource utilization during program execution to determine whether system resource utilization exceeds the limit specified in the selected operational policy. If the system resource utilization exceeds the specified limit, the method selects another policy specifying different program settings and a different limit of system resource utilization.

Abstract: Disclosed are systems and methods for computer malware detection. The system is configured to emulate execution of a program code, monitor events of program execution, classify the monitored events as malicious or non-malicious, and collect information about unclassifiable events. The system further includes one or more analyst workstations configured to isolate a program analyst from external audiovisual stimuli. The workstation includes a video output device operable to display a list of unclassifiable events and event-related information to the program analyst and a user input device operable to receive analyst's physiological response indicative of whether the displayed list of unclassifiable events exhibits malicious behavior.

Abstract: An anti-virus (AV) system based on a hardware-implemented AV module for curing infected computer systems and a method for updating AV databases for effective curing of the computer system. The hardware-based AV system is located between a PC and a disk device. The hardware-based AV system can be implemented as a separate device or it can be integrated into a disk controller. An update method of the AV databases uses a two-phase approach. First, the updates are transferred to from a trusted utility to an update sector of the AV system. Then, the updates are verified within the AV system and the AV databases are updated. The AV system has its own CPU and memory and can be used in combination with AV application.

Abstract: The present invention is intended as a method, system and computer program product for identification of malware components based on automatically collected statistical data and providing effective cure to infected computer systems. The malware components on a user's computer system are identified and appropriate cure is administered in a form of cure scripts. The cure scripts are automatically generated based on collected comprehensive malware-related statistical data. The statistical data is collected through generating protocol logs of malware affected computer system. The protocol logs are stored in the database. The statistical data is also collected through emulation of known malware components. Cure solutions against malware in a form of scripts are also stored in the database for future references. The system constantly collects malware-related statistics (i.e., self-teaches) and effectiveness of the cure provided to infected computer systems is improved with time.

Abstract: A system, method, and computer program product for secure rating of processes in an executable file for malware presence comprising: (a) detecting an attempt to execute a file on a computer; (b) performing an initial risk assessment of the file; (c) starting a process from code in the file; (d) analyzing an initial risk pertaining to the process and assigning an initial security rating to the process; (e) monitoring the process for the suspicious activities; (f) updating the security rating of the process when the process attempts to perform the suspicious activity; (g) if the updated security rating exceeds a first threshold, notifying a user and continuing execution of the process; and (h) if the updated security rating exceeds a second threshold, blocking the action and terminating the process.