Abstract: Tracking malware state information assigned to computers in an enterprise network is described. A computer may transition from a current malware state to a new malware state in accordance with a plurality of stored rules and detection of an anti-malware event on the computer. Examples of anti-malware events include, but are not limited to, detection of new malware on the computer or cleaning of the computer. The malware state information for computers on the network may be mapped to a risk level representing an amount of risk that infected computers present to other computers on the network. The results of a risk level assessment for the computers on the network may be output via a user interface to enable an administrator of the network to prioritize servicing of computers with detected malware.

Abstract: An arrangement for dynamically identifying and intercepting potential software threats before they execute on a computer system is provided in which a file system filter driver (called a “mini-filter”) interfaces with an anti-malware service to selectively generate an alert event and allow the threat to run, in addition to generating an alert event and suspending the threat. The decision to suspend the threat or allow it to run is made through application of a cascading logic hierarchy that includes respective policy-defined actions, user-defined actions, and signature-defined actions. The mini-filter generates the alert event to the anti-malware service whenever a file is opened, or modified and closed. The service uses an engine to scan the file to identify potential threats which are handled though application of the logic hierarchy which provides for configurations defined in a lower tier of the hierarchy to be overridden by those contained in a higher tier.

Abstract: Tracking malware state information assigned to computers in an enterprise network is described. A computer may transition from a current malware state to a new malware state in accordance with a plurality of stored rules and detection of an anti-malware event on the computer. Examples of anti-malware events include, but are not limited to, detection of new malware on the computer or cleaning of the computer. The malware state information for computers on the network may be mapped to a risk level representing an amount of risk that infected computers present to other computers on the network. The results of a risk level assessment for the computers on the network may be output via a user interface to enable an administrator of the network to prioritize servicing of computers with detected malware.

Abstract: A system and method for generating aggregated content views in a computing network are provided. A host computing device obtains a request for an aggregated view of content corresponding to a set of criteria. The host computing device queries itself and each computing device in a defined network for locally stored content matching the set of criteria. The query results are merged and displayed to a user at the host computing device as an aggregated list view.

Abstract: Computers on a local computer network, such as a home network or a small business network, are formed into a secured network group that provides common user access control and enables resource sharing among the computers in the group. A computer on the local network discovers whether there are secured network groups existing on the local network. If one secured network group is found, the computer indicates to a second computer in the group its desire to join the group, and establishes trust with that computer, such as by entering a proper user name and password, or a secret identification number. Once the trust is established, the first computer joins the group. Within the secured network group, user accounts and user profiles are replicated to each of the computers in the group. The establishment of trust and the replication of user accounts and profiles among the computers in the group enable the implementation of security policies and user access control in a group-wide manner.

Abstract: A system and method for generating aggregated content views in a computing network are provided. A host computing device obtains a request for an aggregated view of content corresponding to a set of criteria. The host computing device queries itself and each computing device in a defined network for locally stored content matching the set of criteria. The query results are merged and displayed to a user at the host computing device as an aggregated list view.

Abstract: A system and method for aggregating and extending parental controls auditing in an unmanaged computing network are provided. A parental control system, including a parental control database, logging interface, and audit process, resides on each host computing device in an unmanaged computing network that is capable of synchronizing data residing on one of the host computing devices with data residing on the other devices in the network. The parental control system facilitates the logging and reporting of parental control audit information in a manner that allows parents to aggregate the audit information to obtain a comprehensive audit report of their children's use of all computers in the home, and is extensible and customizable by the applications from which the parental control audit information originates.

Abstract: A system and method for aggregating and extending parental controls auditing in an unmanaged computing network are provided. A parental control system, including a parental control database, logging interface, and audit process, resides on each host computing device in an unmanaged computing network that is capable of synchronizing data residing on one of the host computing devices with data residing on the other devices in the network. The parental control system facilitates the logging and reporting of parental control audit information in a manner that allows parents to aggregate the audit information to obtain a comprehensive audit report of their children's use of all computers in the home, and is extensible and customizable by the applications from which the parental control audit information originates.

Abstract: An arrangement for dynamically identifying and intercepting potential software threats before they execute on a computer system is provided in which a file system filter driver (called a “mini-filter”) interfaces with an anti-malware service to selectively generate an alert event and allow the threat to run, in addition to generating an alert event and suspending the threat. The decision to suspend the threat or allow it to run is made through application of a cascading logic hierarchy that includes respective policy-defined actions, user-defined actions, and signature-defined actions. The mini-filter generates the alert event to the anti-malware service whenever a file is opened, or modified and closed. The service uses an engine to scan the file to identify potential threats which are handled though application of the logic hierarchy which provides for configurations defined in a lower tier of the hierarchy to be overridden by those contained in a higher tier.

Abstract: A system and process for interacting with a system in an insecure state is described. Before logging into a secure state of a computer system, a user is able to access limited information including calendar information regarding meetings for that day and the like. In some aspects of the invention, a user may interact with a displayed note pad for receiving handwritten or typed notes. Aspects of the described system and method permit a user to quickly review or interact with a computer prior to logging into a secured state of the computer system.

Abstract: A system and method for aggregating and extending parental controls auditing in an unmanaged computing network are provided. A parental control system, including a parental control database, logging interface, and audit process, resides on each host computing device in an unmanaged computing network that is capable of synchronizing data residing on one of the host computing devices with data residing on the other devices in the network. The parental control system facilitates the logging and reporting of parental control audit information in a manner that allows parents to aggregate the audit information to obtain a comprehensive audit report of their children's use of all computers in the home, and is extensible and customizable by the applications from which the parental control audit information originates.

Abstract: A system and method for aggregating and extending parental controls auditing in an unmanaged computing network are provided. A parental control system, including a parental control database, logging interface, and audit process, resides on each host computing device in an unmanaged computing network that is capable of synchronizing data residing on one of the host computing devices with data residing on the other devices in the network. The parental control system facilitates the logging and reporting of parental control audit information in a manner that allows parents to aggregate the audit information to obtain a comprehensive audit report of their children's use of all computers in the home, and is extensible and customizable by the applications from which the parental control audit information originates.

Abstract: A system and method for aggregating and extending parental controls auditing in an unmanaged computing network are provided. A parental control system, including a parental control database, logging interface, and audit process, resides on each host computing device in an unmanaged computing network that is capable of synchronizing data residing on one of the host computing devices with data residing on the other devices in the network. The parental control system facilitates the logging and reporting of parental control audit information in a manner that allows parents to aggregate the audit information to obtain a comprehensive audit report of their children's use of all computers in the home, and is extensible and customizable by the applications from which the parental control audit information originates.

Abstract: A system and method for generating aggregated content views in a computing network are provided. A host computing device obtains a request for an aggregated view of content corresponding to a set of criteria. The host computing device queries itself and each computing device in a defined network for locally stored content matching the set of criteria. The query results are merged and displayed to a user at the host computing device as an aggregated list view.

Abstract: This invention is directed to provide a method for enabling an administrator to monitor and selectively limit the computer functions available to a user. The method is carried out on a personal computer by an administrator, and administrator decisions can be enforced on other personal computers in a local network. The invention enables an administrator to restrict a user's logon hours, logon duration, access to computer functions, and access to applications based on content rating. In addition, the administrator may temporarily restrict or extend normally allowed access privileges. The invention also allows for the monitoring, auditing, and reporting of a user's computer function usage to an administrator.

Abstract: Methods and apparatuses are provided for controlling application software while switching between session in a multi-session computing environment. An apparatus includes memory coupled to switching logic and application program managing logic. The switching logic is configured to selectively switch console control of a computing device between at least two user kernel sessions that are maintained in the memory. The application program managing logic is configured to selectively control at least one application program that is operatively configured within at least one of the user kernel sessions. For example, the application program managing logic can be configured to stop the operation, restart certain application programs, notify application programs about switching events, and/or adjust the playback of audio and/or video signals associated certain application programs.

Abstract: A user interface is configured to identify and display each of the one or more service providers servicing the user's computing system. The interface also identifies the presence information that is being supplied to the service providers by the user's computing system for publication. The presence information that is provided to the service providers can include, but is not limited to, the name, alias, location, and network status of the user. A user can make global or discrete customized changes to the presence information that is provided to each of the service providers through the user interface. Modifications made to the presence information can also be made automatically to reflect a new condition or status in the user's presence on a network that is provided by a service provider.

Abstract: Generally described, a method, software system, and computer-readable medium are provided for efficiently collecting data this useful in developing software systems to identify and protect against malware. In accordance with one embodiment, a method for collecting data to determine whether a malware is propagating in a networking environment is provided. More specifically, the method includes receiving preliminary data sets at a server computer from a plurality of client computers that describes attributes of a potential malware. Then a determination is made regarding whether secondary data is needed to implement systems for protecting against the potential malware. If secondary data is needed, the method causes the secondary data to be collected when an additional preliminary data set is received from a client computer.

Abstract: Embodiments of a feedback-driven malware detector are directed to protecting a computer from programs that perform actions that are malicious or not expected by a user. In one embodiment, the feedback-driven malware detector performs a method that initially determines whether the state of an application program scheduled to be added to an extensibility point on a computer is already known. If the state of the object is not already known, the user is informed that an application program is being installed on the computer and that the application program is being added to an extensibility point. Then, input is obtained from the user that assists in determining whether the application program is malware.

Abstract: Systems and/or methods are described that enable a user to elevate his or her rights. In one embodiment, these systems and/or methods present a user interface identifying an account having a right to permit a task in response to the task being prohibited based on a user's current account not having that right.