Abstract: Multiple apps of an ecosystem on a computer securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem. An ecosystem agent creates an ecosystem directory, which contains policy information and identification information concerning each specific app in the ecosystem, including the ecosystem agent. Each ecosystem app generates an asymmetric key pair, the public key of which it shares only with apps in the ecosystem through the directory. The ecosystem agent's private key is used to encrypt the directory. Data is securely communicated between apps in the ecosystem, by encrypting and decrypting messages and data objects with the appropriate ecosystem app keys. Each specific app in the ecosystem complies with enterprise information control policy. Ecosystem apps can read a policy from the directory, and receive policy updates from the enterprise.

Abstract: A method and apparatus for safe and secure access to dynamic domain name systems. In one embodiment a method comprises transmitting a DNS query to a dynamic DNS server. The DNS query comprises a domain name. A DNS answer is received from the dynamic DNS server in response to transmitting the DNS query. The DNS answer comprises an IP address. A request is transmitted to a host at the IP address in response to receiving the DNS answer. A digital certificate is received in response to transmitting the request. The received digital certificate is then compared with each of a plurality of digital certificates stored in memory. The IP address is transmitted to a client computer system if the received digital certificate compares equally with one of the plurality of digital certificates.

Abstract: The risk of inadvertent introduction of software bugs to a large number of users during a software update is minimized by controlling updates using a uniform mechanism of sending updates to seed users. A value-generating module generates a value for a computer, the value falling within a population range of values. A sampling range-generating module generates a sampling range of values as a proper subset of the population range, the probability of the random value falling within the sampling range being predetermined. An eligibility determination module determines whether the computer is eligible to receive a software update, the computer being determined eligible when the random value for the computer falls within the sampling range, and an update module provides the software update to the computer based on the eligibility determination. In some embodiments, a problem review module determines whether the update has caused a problem for computers receiving the update.

Abstract: Attempts by computing devices to access centralized data are managed according to device classification level rules. A request to access centralized data is received from an unclassified computing device. The unclassified computing device is classified into a specific one of the defined classes, based at least partially on information concerning the computing device read from the received request. Where a definition of the unclassified computing device has already been assigned to a specific class, the unclassified computing device is classified accordingly. Otherwise, the unclassified computing device is compared to multiple classified computing devices, and the unclassified computing device is classified according to the one that is most similar. Responsive to the classification of the computing device, the received request to access centralized data is governed according to a device classification level rule which specifies access policy for computing devices of the defined class.

Abstract: A possibly pre-infected system is inspected for the existence of tracked application-specific accounts. In a tracked application-specific account is found, the system is further audited to verify that only authorized processes are using the account and that the authorized account creation application is installed on the host computer system.

Abstract: A computer-implemented method for providing application manifest information may include analyzing source code of a software application. The method may also include detecting that the source code is programmed to access a computer resource and determining a security implication of the source code being programmed to access the computer resource. Determining the security implication may include providing a notification of the security implication of the source code to a developer of the source code. Determining the security implication may also include providing information about the security implication in an application manifest. Systems and computer-readable-media for creating and editing application manifests are also disclosed.

Abstract: A computer-implemented method for introducing variation in sub-system output signals to prevent device fingerprinting may include (1) intercepting, on a computing device, an output signal sent from a sub-system device on a computing device to a software component on the computing device, (2) identifying a margin of error for the output signal, (3), creating a modified output signal by introducing variation into the output signal in such a way that (a) the variation does not exceed the margin of error for the output signal and (b) the modified output signal cannot be used to identify the computing device, and (4) sending the modified output signal to the software component. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A document handling device receives a request to perform a task on document data, the document data comprising at least one of an electronic document to be converted by the document handling device into a non-digital form or a physical document received by the document handling device in the non-digital form. Responsive to receiving the request, the document handling device makes a determination as to whether the requested task violates a data loss prevention policy, and performs an action based on the determination.

Abstract: A computer-implemented method for securely managing multimedia data captured by a mobile computing device is disclosed. The method may include (1) identifying a mobile computing device, (2) receiving multimedia data captured by the mobile computing device that has been encrypted using an asymmetric public key, (3) decrypting the multimedia data captured by the mobile computing device using an asymmetric private key, and (4) auditing the multimedia data captured by the mobile computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for providing secure access to local network devices may include (1) identifying a local area network that provides Internet connectivity to at least one device within the local area network, (2) obtaining, from an identity assertion provider, (i) a shared secret for authenticating the identity of a guest user of the device and (ii) a permission for the guest user to access the device from outside the local area network, (3) storing the shared secret and the permission within the local area network, (4) receiving, via the Internet connectivity, a request by the guest user from outside the local area network to access the device, and (5) providing access to the device in response to validating the request based on the shared secret and the permission. Various other methods and systems are also disclosed.

Abstract: A computer-implemented method for detecting client types may include identifying a communication from a client system transmitted according to a network protocol, analyzing the communication to determine at least one protocol implementation characteristic that describes how the client system implemented the network protocol in the communication, submitting the protocol implementation characteristic to a protocol implementation database that correlates client types with protocol implementation characteristics and receiving, in response to submitting the protocol implementation characteristic, a client type of the client system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Unauthorized uses of embedded objects in websites are detected, in order to protect users from phishing sites using cloned copies of such objects. Authorized parties register objects for use at legitimate locations (e.g., specific IP address ranges or domains). When a client computing device accesses a website, the objects in the website are checked against the registered objects, to determine whether the objects are registered for use by the site being accessed. Depending upon trust status information concerning the objects, the access of the website can be permitted or blocked, or the user can be warned about questionable or un-trusted embedded objects. Additionally, the party that registered an object can be notified, in the case of an indication of unauthorized use of the object by a website.

Abstract: Selective projection of user interface elements between a host and a plurality of guests is provided according to a configurable policy. User interface elements generated by guests and/or the host are captured. It is determined whether to project captured elements into the user interface with which the user is currently interacting, based on the policy. In some cases, it is determined to project a captured element originating from a first user interface into a second user interface with which the user is currently interacting, based on factors such as source, destination, element attributes, element contents and/or element type. Responsive to such a determination, the captured element is projected into the current user interface, thereby presenting the projected element to the user.

Abstract: A computer-implemented method for introducing variation in sub-system output signals to prevent device fingerprinting may include (1) intercepting, on a computing device, an output signal sent from a sub-system device on a computing device to a software component on the computing device, (2) identifying a margin of error for the output signal, (3), creating a modified output signal by introducing variation into the output signal in such a way that (a) the variation does not exceed the margin of error for the output signal and (b) the modified output signal cannot be used to identify the computing device, and (4) sending the modified output signal to the software component. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for managing electronic message distribution are disclosed. In one particular embodiment, the techniques may be realized as a method for managing electronic message distribution, the method includes analyzing an electronic message, determining whether the electronic message satisfies one of a plurality of predetermined conditions, converting at least a portion of the electronic message from a first format to a second format based on the determination of whether the electronic message satisfies the one of the plurality of predetermined conditions, and transmitting the converted electronic message.

Abstract: A computer-implemented method to preserve network settings for a computing device in a pre-boot environment is described. Initiation of a shut down process for the computing device is detected. Network configuration information is identified. A timestamp to associate with the identified network configuration information is generated. The identified network configuration information and the associated timestamp are stored in a storage medium.

Abstract: A security module determines categories of files normally accessed by a software application. The security module monitors file accesses of the application to determine whether the application accesses files belonging to different categories than it normally accesses. If the categories of the files accessed are the same, then the file accesses are allowed to proceed. If the categories of the files accessed are different, then the security module takes a security action.

Abstract: Techniques for inter-virtual machine communication are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for interaction with a guest virtual machine comprising monitoring image loads into electronic memory of a guest virtual machine using a secure virtual machine, identifying a memory structure having a specified format, and performing, using the secure virtual machine, at least one of reading one or more portions of the identified memory structure and setting a value in the identified memory structure.

Abstract: A computer-implemented for sharing the results of computing operations among related computing systems may include: 1) identifying a need to perform a computing operation on a file, 2) identifying a unique identifier associated with the file, 3) determining, by using the unique identifier to query a shared store that is shared by a group of related computing systems, that at least one computing system within the group of related computing systems has previously performed the computing operation on an instance of the file, and then 4) retrieving the results of the computing operation from the shared store instead of performing the computing operation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Malware that is signed with multiple, valid credentials is detected. A central computer such as a server receives secure hashes of signed application bodies and immutable portions of corresponding digital signatures for a plurality of signed applications from a plurality of client computers. Received secure hashes of signed application bodies are compared. Multiple instances of a single signed application are identified based on the comparing of multiple received secure hashes of signed application bodies. Responsive to identifying multiple instances of the single signed application, received secure hashes of immutable portions of digital signatures corresponding to identified multiple instances of the single signed application are compared. Responsive to the results of this comparing, a potential maliciousness of the signed application is adjudicated.