Abstract: A method of interpreting a rule and a rule-interpreting apparatus for rule-based security apparatus, and an apparatus implementing the method. The method comprises the following steps: designating a suspicious timeslot; if any packet does not present in the designated timeslot, capturing current incoming packets or capturing other incoming packets in the designated timeslot next time; automatically associating the packets in the designated timeslot to form at least one traffic flow corresponding to a connection or call; analyzing the at least one traffic flow to select at least one suspicious target traffic flow; and outputting the at least one selected suspicious target flow.

Abstract: A method of interpreting a rule and a rule-interpreting apparatus for rule-based security apparatus, and an apparatus implementing the method. The method comprises the following steps: designating a suspicious timeslot; if any packet does not present in the designated timeslot, capturing current incoming packets or capturing other incoming packets in the designated timeslot next time; automatically associating the packets in the designated timeslot to form at least one traffic flow corresponding to a connection or call; analyzing the at least one traffic flow to select at least one suspicious target traffic flow; and outputting the at least one selected suspicious target flow.

Abstract: A method of interpreting a rule and a rule-interpreting apparatus for rule-based security apparatus, and an apparatus implementing the method. The method includes the following steps: designating a suspicious timeslot; if any packet does not present in the designated timeslot, capturing current incoming packets or capturing other incoming packets in the designated timeslot next time; automatically associating the packets in the designated timeslot to form at least one traffic flow corresponding to a connection or call; analyzing the at least one traffic flow to select at least one suspicious target traffic flow; and outputting the at least one selected suspicious target flow.

Abstract: A method of interpreting a rule and a rule-interpreting apparatus for rule-based security apparatus, and an apparatus implementing the method. The method comprises the following steps: designating a suspicious timeslot; if any packet does not present in the designated timeslot, capturing current incoming packets or capturing other incoming packets in the designated timeslot next time; automatically associating the packets in the designated timeslot to form at least one traffic flow corresponding to a connection or call; analyzing the at least one traffic flow to select at least one suspicious target traffic flow; and outputting the at least one selected suspicious target flow.

Abstract: Client computers may be configured to communicate with a security server computer to receive access point information for computer network wireless access points in a particular geographic location. A client computer may provide its current geographic location to the security server computer to request access point information. The server computer may retrieve from an access point database access point information for computer network wireless access points in the geographic location. The server computer may provide the access point information to the client computer, which may display the access point information over a geographic map. The access point information may indicate whether any computer network wireless access point in the geographic location poses a computer security threat.

Abstract: Anti-pharming techniques in wireless computer networks at pre-IP state are disclosed. A user computer connecting to a wireless computer network may include an anti-pharming module configured to monitor data communications to and from a wireless access point of the wireless computer network. The anti-pharming module may be configured to determine if data communication going in a direction from the wireless access point to the user computer originated from a wireless station rather than a server configured to dynamically provide network addresses to computers connecting to the wireless computer network. The wireless station may be deemed a malicious computer perpetrating a pharming attack when it originated the data communication and is responding to a request to obtain network address previously sent by the user computer.

Abstract: In one embodiment, a peer-to-peer (P2P) protect server may include a crawler to obtain files available for P2P data transfer. The P2P protect server may employ a scan engine to scan the files for computer viruses, and store the results of the scanning in a database. A P2P protect application running in a P2P client may request the P2P protect server for information on whether or not a particular file available for P2P data transfer is infected with a computer virus. This allows the user of the P2P client to make an informed decision before downloading the file from another P2P client.

Abstract: To protect a user computer from eavesdroppers, a secure communication connection is created through a computer network. The secure communication connection may be created even when the user computer communicates with a web server computer that does not support secure communication connections. The secure communication connection may be to a protection server computer. Another communication connection may be formed between the protection server computer and the web server computer to allow the user computer to transfer data to the web server computer by way of the protection server computer. The creation of the secure communication connection may be by user request or automatic upon detection of protected address or data.