Abstract: The subject disclosure relates to antimalware scanning, and more particularly to offline antimalware scanning of a host environment via an alternate, known safe operating system. An offline scanning product obtains data previously written by the host environment online antimalware scanning tool, e.g., configuration data and antimalware signatures in shared data stores accessible to the offline and online products, and uses that data to perform the offline antimalware scan. The offline scanning product writes results information and any quarantined files to other shared data stores, whereby the online environment, when rebooted, has access to the information, such as for review and to upload telemetry information to an online service for analysis. Also described is offline replacement of operating system files that cannot be cleaned or removed when online.

Abstract: Methods, systems, and computer-readable media are disclosed for identifying telemetry data. A particular method scans a file and compares the file to at least one attribute to be used for telemetry collection. When the file is identified as a telemetry candidate, an offer to submit a sample of the file is sent to a server. A response to the offer is received from the server. If the response to the offer indicates an acceptance, a sample of the file is sent to the server.

Abstract: A system and method for protecting a computer system connected to a communication network from a potential vulnerability. The system and method protects a computer system that is about to undergo or has just undergone a change in state that may result in placing the computer system at risk to viruses, and the like, over a communication network. The system and method first detect an imminent or recent change in state. A security component and a fixing component react to the detection of the change in state. The security component may raise the security level to block incoming network information, other than information from a secure or known location, or information requested by the computer system. The fixing component implements a fixing routine, such as installing missing updates or patches, and on successfully completing the fixing routine, the security level is relaxed or lowered.

Abstract: A system and method for controlling access to a computer provides for loose security within a local network while retaining strong security against external access to the network. In one embodiment, a user has access to trusted nodes in a secured group within an unmanaged network, without being required to choose, enter and remember a login password. To establish such a secure blank password or one-click logon account for the user on a computer, a strong random password is generated and stored, and the account is designated as a blank password account. If the device is part of a secured network group, the strong random password is replicated to the other trusted nodes. When a user with a blank password account wishes to log in to a computer, the stored strong random password is retrieved and the user is authenticated.

Abstract: The subject disclosure relates to antimalware scanning, and more particularly to offline antimalware scanning of a host environment via an alternate, known safe operating system. An offline scanning product obtains data previously written by the host environment online antimalware scanning tool, e.g., configuration data and antimalware signatures in shared data stores accessible to the offline and online products, and uses that data to perform the offline antimalware scan. The offline scanning product writes results information and any quarantined files to other shared data stores, whereby the online environment, when rebooted, has access to the information, such as for review and to upload telemetry information to an online service for analysis. Also described is offline replacement of operating system files that cannot be cleaned or removed when online.

Abstract: In an implementation of user interface transition, a user interface logon page is displayed with selectable logon controls that each have a corresponding user-identifiable indicator. A transition from the user interface logon page to a user interface desktop page is initiated in response to a selectable logon control being selected. The transition displays the user-identifiable indicator corresponding to the selectable logon control uninterrupted throughout the transition, and the user-identifiable indicator corresponding to the selectable logon control is displayed on the user interface desktop page.

Abstract: In an implementation of user interface start page, the start page includes a user-identifiable indicator associated with a user of a computing system to indicate that the user is logged-on to the computing system. The user interface start page also includes user-selectable controls from one or more regions of a user interface desktop page which is displayed after a transition from the user interface start page to the user interface desktop page. Each of the user-selectable controls on the user interface start page initiate a display of information associated with the user when selected.

Abstract: This invention is directed to provide a method for enabling an administrator to monitor and selectively limit the computer functions available to a user. The method is carried out on a personal computer by an administrator, and administrator decisions can be enforced on other personal computers in a local network. The invention enables an administrator to restrict a user's logon hours, logon duration, access to computer functions, and access to applications based on content rating. In addition, the administrator may temporarily restrict or extend normally allowed access privileges. The invention also allows for the monitoring, auditing, and reporting of a user's computer function usage to an administrator.

Abstract: Systems and/or methods are described that enable a credential interface. These systems and/or methods may build a credential user interface enabling a user to choose between multiple credentials and submit an authenticator for a chosen credential. These systems and/or methods may also gather information about arbitrary credentials and build a user interface for submission of authenticators for these arbitrary credentials.

Abstract: Methods, systems, and computer-readable media are disclosed for identifying telemetry data. A particular method scans a file and compares the file to at least one attribute to be used for telemetry collection. When the file is identified as a telemetry candidate, an offer to submit a sample of the file is sent to a server. A response to the offer is received from the server. If the response to the offer indicates an acceptance, a sample of the file is sent to the server.

Abstract: This invention is directed to provide a method for enabling an administrator to monitor and selectively limit the computer functions available to a user. The method is carried out on a personal computer by an administrator, and administrator decisions can be enforced on other personal computers in a local network. The invention enables an administrator to restrict a user's logon hours, logon duration, access to computer functions, and access to applications based on content rating. In addition, the administrator may temporarily restrict or extend normally allowed access privileges. The invention also allows for the monitoring, auditing, and reporting of a user's computer function usage to an administrator.

Abstract: Methods and apparatuses are provided for controlling application software while switching between session in a multi-session computing environment. An apparatus includes memory coupled to switching logic and application program managing logic. The switching logic is configured to selectively switch console control of a computing device between at least two user kernel sessions that are maintained in the memory. The application program managing logic is configured to selectively control at least one application program that is operatively configured within at least one of the user kernel sessions. For example, the application program managing logic can be configured to stop the operation, restart certain application programs, notify application programs about switching events, and/or adjust the playback of audio and/or video signals associated certain application programs.

Abstract: Embodiments of a feedback-driven malware detector are directed to protecting a computer from programs that perform actions that are malicious or not expected by a user. In one embodiment, the feedback-driven malware detector performs a method that initially determines whether the state of an application program scheduled to be added to an extensibility point on a computer is already known. If the state of the object is not already known, the user is informed that an application program is being installed on the computer and that the application program is being added to an extensibility point. Then, input is obtained from the user that assists in determining whether the application program is malware.

Abstract: A user interface is configured to identify and display each of the one or more service providers servicing the user's computing system. The interface also identifies the presence information that is being supplied to the service providers by the user's computing system for publication. The presence information that is provided to the service providers can include, but is not limited to, the name, alias, location, and network status of the user. A user can make global or discrete customized changes to the presence information that is provided to each of the service providers through the user interface. Modifications made to the presence information can also be made automatically to reflect a new condition or status in the user's presence on a network that is provided by a service provider.

Abstract: A system and method for identifying and removing potentially unwanted software. A mechanism is provided that identifies suspect programs to a user and allows the user to prevent the suspect programs from running without actually deleting them. In one embodiment, scanner data identifying potentially unwanted software is displayed in a GUI that allows the user to inhibit its continued execution. For example, any software not on a list of known, benign applications/processes may be identified as potentially unwanted. Similarly, software that displays one or more suspect behaviors may be so identified, allowing the user to distinguish between normal and suspect software without irreversibly altering the user's system.

Abstract: In response to a user instruction to initiate media playback, which instruction may come from a dedicated media playback hardware button or from a user interface on a display screen, a computer operating system activates a predesignated media playback user account. The account may be limited to access of media playback applications and files located within shared directories. The operating system also launches a media playback application in response to the user instruction to initiate media playback. Instead of activating an account in response to a media playback instruction, the operating system can execute a media player application within a login screen.

Abstract: Systems and/or methods are described that enable a user to elevate his or her rights. In one embodiment, these systems and/or methods present a user interface identifying an account having a right to permit a task in response to the task being prohibited based on a user's current account not having that right.

Abstract: A credential is translated with one of different credential provider modules each translating a corresponding different type of credential into a common protocol. The translated credential is communicated through an API to a logon UI module to an operating system (OS) of a local machine. An OS logon module is called by the logon UI module to authenticate the translated credential against a credential database. A user identified by the translated credential is logged on to access the local machine when the authentication is successful. The credential can also be used with a selection received from the logon UI module via a corresponding one of different pre-log access provider (PLAP) modules that each communicate with the API. The API establishes a network session with an access service specified by the selected PLAP module when the credential is authenticated with the credential database.

Abstract: A trust evaluation framework exposes a common interface that may be used by file transfer clients in the process of retrieving or downloading a file. Using the common interface, each file transfer client can take advantage of multiple trust providers to evaluate the incoming file. In this way, disparate file transfer clients can present a common user experience for downloading or retrieving files. In addition, trust providers may be updated or added to the system without modifying the installed file transfer clients. This enables the user experience to be incrementally improved without updating the installed programs.

Abstract: This invention is directed to provide a method for enabling an administrator to monitor and selectively limit the computer functions available to a user. The method is carried out on a personal computer by an administrator, and administrator decisions can be enforced on other personal computers in a local network. The invention enables an administrator to restrict a user's logon hours, logon duration, access to computer functions, and access to applications based on content rating. In addition, the administrator may temporarily restrict or extend normally allowed access privileges. The invention also allows for the monitoring, auditing, and reporting of a user's computer function usage to an administrator.