Abstract: Making a trust decision is disclosed. One or more members of a social trust network are polled for information associated with a trust decision about a computing environment. The information includes information collected automatically with respect to activities of one or more of the one or more members of the social trust network. At least one action is taken based at least in part on the information.

Abstract: A computer-implemented method for directing application updates may include (1) identifying information that indicates a rate at which an earlier version of an application is exploited in attacks on computing system security, (2) identifying additional information that indicates a rate at which a later version of the application is exploited in attacks on computing system security, (3) determining how updating the application from the earlier version to the later version will impact computing system security by comparing the rate the earlier version of the application is exploited with the rate at which the later version of the application is exploited, and (4) directing a computing system with a determination about updating an installation of the earlier version of the application to the later version of the application based on determining how updating the application will impact computing system security. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for reducing executable code vulnerability are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for reducing executable code vulnerability comprising analyzing a binary file, using at least one computer processor, to identify a vulnerable executable code structure, and configuring the identified executable code structure to reduce vulnerability.

Abstract: Techniques for detecting infected websites are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting an infected website comprising receiving at least one redirection report from at least one security agent, receiving at least one malware report from the at least one security agent, analyzing correlation between the at least one redirection report and the at least one malware report, aggregating information from the at least one redirection report, the at least one malware report, and the correlation analysis, and detecting an infected website based on the aggregated information.

Abstract: Malware that is signed with multiple, valid credentials is detected. A central computer such as a server receives secure hashes of signed application bodies and immutable portions of corresponding digital signatures for a plurality of signed applications from a plurality of client computers. Received secure hashes of signed application bodies are compared. Multiple instances of a single signed application are identified based on the comparing of multiple received secure hashes of signed application bodies. Responsive to identifying multiple instances of the single signed application, received secure hashes of immutable portions of digital signatures corresponding to identified multiple instances of the single signed application are compared. Responsive to the results of this comparing, a potential maliciousness of the signed application is adjudicated.

Abstract: Application usage is profiled based on application streaming. Code pages of multiple applications are streamed from a server to multiple client computers (endpoints) for execution. The streaming of the code pages is monitored, and usage data is collected such as which pages are streamed to which endpoints, under what circumstances and when. By referencing the streamed code pages and the underlying source code, the code pages are mapped (at least approximately) to corresponding application features. The collected usage data usage and the relevant mapping are analyzed, to create application usage profile data for streamed applications. The application usage profile data can include such information as how often, when, where and by whom application components are being executed, as well as which components cause errors, are most popular, confuse users, etc.

Abstract: A method and apparatus for controlling connectivity within a wireless network. In one embodiment, connectivity control device is provided within the wireless network to disrupt the communications with neighboring nodes of any computer within a protected network. In one embodiment of the invention, all of the wireless computers within a network are logged within the connectivity control device e.g., the wireless interface card identification number is logged. When a computer within the protected network attempts to connect to a neighboring wireless node, the connectivity control device transmits a signal that disrupts the communication with a neighboring wireless node. This disruption may occur by sending a disjoin frame or signal, or other form of communication, to disconnect the unauthorized access.

Abstract: Social engineering attacks are simulated to a user, by performing the steps of the attacks without actually performing any malicious activity. Educational security information is displayed to the user, based on the user's response to simulated social engineering attacks. If the user responds to a simulated social engineering attack in a manner indicating that the user is vulnerable, educational security information can be displayed that educates the user as to how to avoid being victimized. One or more security settings for protecting the user's computer from malware can be adjusted, based on the user's response to the simulating of social engineering attacks. Additionally, other factors can be adjusted based on the user's response to the simulating of social engineering attacks, such as a security hygiene rating and/or a level of monitoring activity concerning the user.

Abstract: A computer-implemented method may include performing an evaluation of the computing system's health. The computer-implemented method may also include comparing results of the evaluation with the results of at least one prior evaluation of the computing system's health and then determining, based on the comparison, that a current state of health of the computing system is healthier than at least one prior state of health of the computing system. In addition, the computer-implemented method may include creating a backup of the computing system. A computer-implemented method for managing backups of a computing system based on health information is also disclosed. Corresponding systems and computer-readable media are also disclosed.

Abstract: A query is received from a client device regarding an object. The query includes an identifier of the object and a set of associated usage attributes describing a usage of the object on the client device. A set of usage facts associated with the identified object is identified. The set of usage facts describe typical usages of the object on a plurality of client devices. A determination is made whether the usage of the object on the client device is suspicious based on the set of usage facts associated with the object and the set of usage attributes included in the query. A report is provided to the client device based on the determination.

Abstract: A computer-implemented method for determining authorship of an unclassified notification message is described. An unclassified notification message with one or more target sentences is received. A message model based on one or more classified notification messages stored in a data storage device is retrieved. One or more linguistic analysis procedures are performed on the one or more target sentences. Results of the one or more linguistic analysis procedures are compared with one or more characteristics of the message model. The unclassified notification message is classified based on the results of the comparison.

Abstract: A computer-implemented method for directing application updates may include (1) identifying information that indicates a rate at which an earlier version of an application is exploited in attacks on computing system security, (2) identifying additional information that indicates a rate at which a later version of the application is exploited in attacks on computing system security, (3) determining how updating the application from the earlier version to the later version will impact computing system security by comparing the rate the earlier version of the application is exploited with the rate at which the later version of the application is exploited, and (4) directing a computing system with a determination about updating an installation of the earlier version of the application to the later version of the application based on determining how updating the application will impact computing system security. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The instant disclosure describes various exemplary systems and methods for exonerating an untrusted software component based solely on a trusted software component's non-optional or “hard” dependency on the untrusted software component. In one example, a method for exonerating untrusted software components in this manner may include: 1) identifying a dependent software component, 2) determining that the dependent software component is a non-optional dependent component of at least one trusted software component, and then 3) classifying the dependent software component as a trusted software component. As detailed herein, such a method may enable security software to quickly and efficiently exonerate untrusted components by association without having to scan or perform other intrusive and/or resource-intensive security operations on such untrusted software components.

Abstract: A computer-implemented method for classifying an unclassified process as a potentially trusted process based on dependencies of the unclassified process is described. A component loaded by the unclassified process is identified. A determination is made as to whether a hard dependency exists between the unclassified process and the loaded component. A hard dependency exists if the unclassified process depends on the loaded component in order to execute. The unclassified process is classified as a potentially trusted process if a hard dependency exists between the unclassified process and the loaded component.

Abstract: A communication between an entity and a host is identified. Reputation information associated with a set of other entities that communicate with the host is identified. A reputation score associated with the host is generated based on the reputation information associated with a set of other entities. A reputation score associated with the entity is generated based on the reputation score associated with the host.

Abstract: Determining reputation information is disclosed. A honey token is included in an online identity data. The honey token is to monitor for misuse of all or part of the online identity data. Optionally, information associated with at least one use of the honey token is aggregated with other reputation information.

Abstract: A security module on a computing device applies security rules to examine content in a network cache and identify suspicious cache content. Cache content is identified as suspicious according to security rules, such as a rule determining whether the cache content is associated with modified-time set into the future, and a rule determining whether the cache content was created in a low-security environment. The security module may establish an out-of-band connection with the websites from which the cache content originated through a high security access network to receive responses from the websites, and use the responses to determine whether the cache content is suspicious cache content. Suspicious cache content is removed from the network cache to prevent the suspicious cache content from carrying out malicious activities.

Abstract: Method and apparatus for accepting a digital identity of a user based on transitive trust among parties are described. One aspect of the invention relates to managing a digital identity of a user. The digital identity is provided to a first party, where the digital identity includes a self-asserted claim. An acceptance token is obtained from the first party. The acceptance token purports authenticity of the self-asserted claim according to the first party. The digital identity and the acceptance token are provided to a second party to request validation of the self-asserted claim by the second party based on the acceptance token.

Abstract: A method and apparatus for identifying an optimal configuration of a resource is described. In one embodiment, the method for using a health scoring technique to improve a health of the computer comprises processing profile information and a health score associated with the computer having a resource, wherein the profile information indicates installed software and hardware configuration, wherein the health score represents a health of the computer and identifying an optimal configuration of the resource based on profile information and the health score.

Abstract: Monitoring for potential misuses of identity information is disclosed. A profile comprising a user's identity information is received. An indication from a third party website that at least a portion of the identity information in the user's profile is being or has been provided to register at the third party website, alter user information stored by the third party website, or both is received. Whether the indicated use of the identity information is a potential misuse is evaluated.