Abstract: The present invention is directed to a method for increasing security of a machine as its user searches a web page using a search engine, the method comprising the steps of: classifying the web page by a security rank; and upon presenting a hyperlink to the web page, displaying its security rank along with the hyperlink. The method may further comprise the step of: inspecting the web page. The method may further comprise the step of: cleaning the web page of malicious content. The method may further comprise the step of: storing a cleaned copy of the web page in a cache of the search engine. The method may further comprise the step of: upon invoking the web page by the user's machine via the search engine, accessing the cleaned copy stored on the cache to the user's machine.

Abstract: The present invention is directed to a method for indicating if an executable file is malicious, the method comprising the steps of: indicating if the executable file is packed; and if the executable file is packed, determining the executable file as malicious if the executable file satisfies a maliciousness criterion, such as a size less than 200 KB. According to a preferred embodiment of the invention, indicating if the executable file is packed is carried out by the steps of: for at least one section of the file which is not a resource section: compressing at least a part of the section; and indicating that the executable is packed if the compression ratio as a result of the compressing is less than a threshold (e.g., about 10 percent).

Abstract: The present invention is directed to a method for detecting unwanted executables and preventing the damage thereof, comprising: defining at least one API call as suspicious; scanning an executable for detecting suspicious API calls; and upon detecting a suspicious API call within said executable, either just determining said executable as unwanted or inspecting said executable. Following inspection, if said executable is indicated as unwanted and/or malicious, the damage thereof is prevented by eliminating the suspicious calls from said executable, discarding said executable, etc.