Abstract: Techniques allow runtime extensions to a whitelist that locks down a computational system. For example, executable code is not only subject to whitelist checks that allow (or deny) its execution, but is also subject to checks that determine whether a whitelisted executable is itself trusted to introduce further executable code into the computational system in which it is allowed to run. In general, deletion and/or modification of instances of code that are already covered by the whitelist are also disallowed in accordance with a security policy. Accordingly, an executable that is trusted may be allowed to delete and/or modify code instances covered by the whitelist. In general, trust may be coded for a given code instance that seeks to introduce, remove or modify code.

Abstract: Techniques have been developed to allow runtime extensions to a whitelist that locks down a computational system. For example, executable code (including e.g., objects such as a script or active content that may be treated as an executable) is not only subject to whitelist checks that allow (or deny) its execution, but is also subject to checks that determine whether a whitelisted executable is itself trusted to introduce further executable code into the computational system in which it is allowed to run. In general, deletion and/or modification of instances of code that are already covered by the whitelist are also disallowed in accordance with a security policy. Accordingly, an executable that is trusted may be allowed to delete and/or modify code instances covered by the whitelist. In general, trust may be coded for a given code instance that seeks to introduce, remove or modify code (e.g., in the whitelist itself).

Abstract: Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role.

Abstract: Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role.

Abstract: Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role.

Abstract: Accessing files within a compressed image to boot from the compressed image. In one embodiment, the compressed image includes a boot environment and a software image combined to reduce file redundancy. The invention boots into the boot environment within the compressed image to install the software image on a computer.

Abstract: A system, method and data structure for transmitting a first image including a first software and for transmitting a second image including a second software, wherein the first and second images include common file data. The server simultaneously transmits the common data to first and second destination devices via the shared network. The server is adapted to transmit the first file data to the first destination device via the shared network and the second file data to the second destination device via the shared network.

Abstract: Servicing a computer using a self-contained computer servicing device. The device includes a memory storing an operating system. The device includes a first interface for connecting the device to the computer and a second interface for connecting the device to a network. A driver for the second interface is also stored in the memory. The device accesses a bootable image of an operating system of the computer on the network via the second interface or stored on the memory. The device boots the computer by executing the operating system stored in the memory of the device and services operations of the computer according to the bootable image.

Abstract: A method and system of transferring boot files from a server to a client having a pre-installation environment. The server authenticates the client. The client authenticates the server. The boot files are transferred from the authenticated server to the authenticated client. The boot files may be authenticated by the client before execution to create an operating system.

Abstract: Accessing files within a compressed image to boot from the compressed image. In one embodiment, the compressed image includes a boot environment and a software image combined to reduce file redundancy. The invention boots into the boot environment within the compressed image to install the software image on a computer.

Abstract: A system and method for copying a run-time image independent of computer context from a source computer-readable medium to one or more target computer-readable media of a target computer. Software of the invention integrates the copied software product with the target computer. The software applies an operating system and/or associated application programs to the target computer as a run-time image.

Abstract: A system, method and data structure for transmitting a first image including a first software and for transmitting a second image including a second software, wherein the first and second images include common file data. The server simultaneously transmits the common data to first and second destination devices via the shared network. The server is adapted to transmit the first file data to the first destination device via the shared network and the second file data to the second destination device via the shared network.

Abstract: Accessing files within a compressed image to boot from the compressed image. In one embodiment, the compressed image includes a boot environment and a software image combined to reduce file redundancy. The invention boots into the boot environment within the compressed image to install the software image on a computer.

Abstract: A system and method for copying a run-time image independent of computer context from a source computer-readable medium to one or more target computer-readable media of a target computer. Software of the invention integrates the copied software product with the target computer. The software applies an operating system and/or associated application programs to the target computer as a run-time image.