Abstract: A framework for a security system is described. The framework may be used to track which security engines are available to enforce security policies. A security engine is a software resource that enforces security policies designed to help ensure that a vulnerability of an application or operating system cannot be exploited. The framework may be used to maintain a holistic view of a status of computing devices that a security system is configured to operate with. The framework may enforce security policies uniformly across components of a security system by providing an application program interface. The security system may broker security enforcement events and security policies. By providing these services, the framework presents a unified model for interactions between software components and the security system.

Abstract: Techniques for securing applications and operating systems are provided. In an embodiment, the system notifies a user that a security enforcement action is being taken even though the condition prompting the action is detected by a security engine that executes in kernel mode. The security engine enforces security policies that help to ensure that a vulnerability of an application or operating system cannot be exploited. In an embodiment, the security system may solicit input from a user relating to a security enforcement action even though the condition prompting the action is detected by a security engine that executes in kernel mode. Security policies may be defined as sets of rules, each having a condition and an action. The security system thus enables kernel mode components to provide notifications to a user or solicit input from the user.

Abstract: A programming interface includes a first group of functions related to communicating a new security policy to multiple security engines. Each of the multiple security engines is configured to replace an existing security policy with the new security policy. The programming interface also includes a second group of functions related to communicating an indication of each security engine's readiness to implement the new security policy.

Abstract: Methods providing clients with a full contextual metadata experience. Metadata include multiple forms of property data, or information, relating to media accessed by a media player, such as a CD in a CD-ROM drive of a computer. Metadata is transferred from a server to a client. Identification parameters associated with the accessed media file are submitted by the client to a server, and property data is retrieved and forwarded to the client. The metadata provides the user with integrated, contemporaneous property data directly related to the media file being played, providing automatic, integrated access to data from multiple databases, simply by accessing a related media file through a media player, without further direction from the user.

Abstract: Methods, computer readable mediums and systems provide media player users with a full contextual metadata experience. Metadata include multiple forms of property data, or information, relating to media accessed by a media player, such as a CD in a CD-ROM drive of a computer. Metadata is transferred from a server to a client. Identification parameters associated with the accessed media file are submitted by the client to a server, and property data is retrieved and forwarded to the client. The metadata provides the user with integrated, contemporaneous property data directly related to the media file being played, providing automatic, integrated access to data from multiple databases, simply by accessing a related media file through a media player, without further direction from the user.

Abstract: Individual records of a data set include data and semantic information to describe the data. The records in the data set are encoded to generate an encoded data set using a compression function which is determined from semantic information that is common to multiple records of the data set. Multiple records of the encoded data set include the data without the common semantic information. The encoded data set is transmitted, or otherwise communicated, to a destination device along with an expansion function that includes the semantic information that is common to the multiple records of the data set. The destination device expands the encoded data set with the expansion function such that the multiple records of the encoded data set are expanded to include the common semantic information.

Abstract: Individual records of a data set include data and semantic information to describe the data. The records in the data set are encoded to generate an encoded data set using a compression function which is determined from semantic information that is common to multiple records of the data set. Multiple records of the encoded data set include the data without the common semantic information. The encoded data set is transmitted, or otherwise communicated, to a destination device along with an expansion function that includes the semantic information that is common to the multiple records of the data set. The destination device expands the encoded data set with the expansion function such that the multiple records of the encoded data set are expanded to include the common semantic information.

Abstract: Individual records of a data set include data and semantic information to describe the data. The records in the data set are encoded to generate an encoded data set using a compression function which is determined from semantic information that is common to multiple records of the data set. Multiple records of the encoded data set include the data without the common semantic information. The encoded data set is transmitted, or otherwise communicated, to a destination device along with an expansion function that includes the semantic information that is common to the multiple records of the data set. The destination device expands the encoded data set with the expansion function such that the multiple records of the encoded data set are expanded to include the common semantic information.

Abstract: Page-view recording with click-thru tracking is described. In an embodiment, a tracking system receives a request for content that includes request-tracking information. The request-tracking information designates that the tracking system receive the content request before the request is communicated to a content provider. The request for content is communicated to the content provider that provides the content. The content includes content-tracking information that the tracking system receives from a requesting device when the content is provided to the requesting device. The tracking system maintains the request-tracking and the content-tracking information, and associates the request-tracking and the content-tracking information with the destination device.

Abstract: Methods providing clients with a full contextual metadata experience. Metadata include multiple forms of property data, or information, relating to media accessed by a media player, such as a CD in a CD-ROM drive of a computer. Metadata is transferred from a server to a client. Identification parameters associated with the accessed media file are submitted by the client to a server, and property data is retrieved and forwarded to the client. The metadata provides the user with integrated, contemporaneous property data directly related to the media file being played, providing automatic, integrated access to data from multiple databases, simply by accessing a related media file through a media player, without further direction from the user.

Abstract: A framework for a security system is described. The framework may be used to track which security engines are available to enforce security policies. A security engine is a software resource that enforces security policies designed to help ensure that a vulnerability of an application or operating system cannot be exploited. The framework may be used to maintain a holistic view of a status of computing devices that a security system is configured to operate with. The framework may enforce security policies uniformly across components of a security system by providing an application program interface. The security system may broker security enforcement events and security policies. By providing these services, the framework presents a unified model for interactions between software components and the security system.

Abstract: Page-view recording with click-thru tracking is described. In an embodiment, a tracking system receives a request for content that includes request-tracking information. The request-tracking information designates that the tracking system receive the content request before the request is communicated to a content provider. The request for content is communicated to the content provider that provides the content. The content includes content-tracking information that the tracking system receives from a requesting device when the content is provided to the requesting device. The tracking system maintains the request-tracking and the content-tracking information, and associates the request-tracking and the content-tracking information with the destination device.

Abstract: Languages for expressing security policies are provided. The languages comprise rules that specify conditions and actions. The rules may be enforced by a security engine when a security enforcement event occurs. The languages support data separation, dynamic evaluation, and ordered rule scope. By separating data from logic, security engines may only need to be updated with a portion of rules that change. With dynamic evaluation, expressions of rules may be evaluated dynamically, such as by querying a database, when a security engine enforces a rule. With ordered rule scope, when a security enforcement event implicates a number of rules simultaneously, the rules may be enforced in a deterministic and logically organized manner.

Abstract: Individual records of a data set include data and semantic information to describe the data. The records in the data set are encoded to generate an encoded data set using a compression function which is determined from semantic information that is common to multiple records of the data set. Multiple records of the encoded data set include the data without the common semantic information. The encoded data set is transmitted, or otherwise communicated, to a destination device along with an expansion function that includes the semantic information that is common to the multiple records of the data set. The destination device expands the encoded data set with the expansion function such that the multiple records of the encoded data set are expanded to include the common semantic information.

Abstract: Individual records of a data set include data and semantic information to describe the data. The records in the data set are encoded to generate an encoded data set using a compression function which is determined from semantic information that is common to multiple records of the data set. Multiple records of the encoded data set include the data without the common semantic information. The encoded data set is transmitted, or otherwise communicated, to a destination device along with an expansion function that includes the semantic information that is common to the multiple records of the data set. The destination device expands the encoded data set with the expansion function such that the multiple records of the encoded data set are expanded to include the common semantic information.

Abstract: Techniques for securing applications and operating systems are provided. In an embodiment, the system notifies a user that a security enforcement action is being taken even though the condition prompting the action is detected by a security engine that executes in kernel mode. The security engine enforces security policies that help to ensure that a vulnerability of an application or operating system cannot be exploited. In an embodiment, the security system may solicit input from a user relating to a security enforcement action even though the condition prompting the action is detected by a security engine that executes in kernel mode. Security policies may be defined as sets of rules, each having a condition and an action. The security system thus enables kernel mode components to provide notifications to a user or solicit input from the user.

Abstract: Individual records of a data set include data and semantic information to describe the data. The records in the data set are encoded to generate an encoded data set using a compression function which is determined from semantic information that is common to multiple records of the data set. Multiple records of the encoded data set include the data without the common semantic information. The encoded data set is transmitted, or otherwise communicated, to a destination device along with an expansion function that includes the semantic information that is common to the multiple records of the data set. The destination device expands the encoded data set with the expansion function such that the multiple records of the encoded data set are expanded to include the common semantic information.

Abstract: Security policy update supporting at least one security service provider includes each of one or more security service providers receiving a set of new rules to be enforced as part of a new security policy. Each security service provider processes the new rules in order to be ready to begin using the new rules, but continues to use the previous set of rules until instructed to begin using the new rules. When all of the one or more security service providers are ready to begin using the new rules, they are instructed to begin using the new rules at which point all of the security service providers begin using the set of new rules substantially concurrently.

Abstract: A programming interface includes a first group of functions related to communicating a new security policy to multiple security engines. Each of the multiple security engines is configured to replace an existing security policy with the new security policy. The programming interface also includes a second group of functions related to communicating an indication of each security engine's readiness to implement the new security policy.

Abstract: An event, such as a security-related event, is received from a first security engine or another source. A second security engine is identified that is configured to utilize information contained in the event. The information contained in the event is then communicated to the second security engine. Additionally, other information, such as system state information, can be provided to one or more security engines.