Abstract: The invention provides an application layer security method and system to secure trusted computer applications from executing out of their intended and authorized scope caused by illegal or harmful operation requests received from a distrusted environment. In an embodiment of the invention, a protective layer is implemented in between a trusted application and distrusted application operation requests. In operation, the protective layer identifies an application path of each operation request. Depending on the application path identified, one or more security pipes scrutinize the application contents of the operation request to determine if the operation request is illegal or harmful to the application or a surrounding environment.

Abstract: A method for protecting a client computer from dynamically generated malicious content, including receiving at a gateway computer content being sent to a client computer for processing, the content including a call to an original function, and the call including an input, modifying the content at the gateway computer, including replacing the call to the original function with a corresponding call to a substitute function, the substitute function being operational to send the input to a security computer for inspection, transmitting the modified content from the gateway computer to the client computer, processing the modified content at the client computer, transmitting the input to the security computer for inspection when the substitute function is invoked, determining at the security computer whether it is safe for the client computer to invoke the original function with the input, transmitting an indicator of whether it is safe for the client computer to invoke the original function with the input, from th

Abstract: A method for protecting a client computer from dynamically generated malicious content, including receiving at a gateway computer content being sent to a client computer for processing, the content including a call to an original function, and the call including an input, modifying the content at the gateway computer, including replacing the call to the original function with a corresponding call to a substitute function, the substitute function being operational to send the input to a security computer for inspection, transmitting the modified content from the gateway computer to the client computer, processing the modified content at the client computer, transmitting the input to the security computer for inspection when the substitute function is invoked, determining at the security computer whether it is safe for the client computer to invoke the original function with the input, transmitting an indicator of whether it is safe for the client computer to invoke the original function with the input, from th

Abstract: A system for secure communication, including a first security computer communicatively coupled with a client computer via an SSL connection, including a certificate creator, for receiving certificate attributes of a server computer certificate and for creating a signed certificate therefrom, and an SSL connector, for performing an SSL handshake with the client computer using the signed certificate created by said certificate creator, and a second security computer communicatively coupled with a server computer via an SSL connection, and communicatively coupled with the first security computer via a non-SSL connection, including an SSL connector, for performing an SSL handshake with the server computer using a signed certificate provided by the server computer, and a protocol appender, for appending attributes of the signed certificate provided by the server computer within a message communicated to the first security computer. A method is also described and claimed.

Abstract: A method for computer security, including receiving content including potentially malicious executable code (“CODE-A”), intended for downloading at a client computer, scanning CODE-A to derive a profile thereof, determining, based on the derived profile of CODE-A, an appropriate computer account from among a plurality of computer accounts, under which CODE-A may be processed by the client computer, wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable run under such account is processed, combining (i) information about the determined computer account name and (ii) CODE-A, with executable wrapper code (“CODE-B”) into combined code (“CODE-C”), and forwarding CODE-C to the client computer for processing. A system and a computer-readable storage medium are also described and claimed.

Abstract: The invention relates to a method for creating and/or updating a security policy within a computerized system protected by at least one security package, comprising: (a) Providing at least one trusted source within the system, capable of issuing a report detailing the structure and/or attributes of the system and/or security flaws within the system; (b) Periodically operating said at least one trusted source in order to periodically issue said report; (c) Importing each trusted source report into a security correcting unit, and forming one consolidated file containing the details from all said reports; (d) Importing into said security correcting unit the attributes files of all the security packages; (e) Separately comparing the content of said consolidated file with each of the imported attributes files, and updating each attributes file with the security information included within said consolidated file, information which is missing from the said attributes file, and is relevant to said attributes file; an

Abstract: A security system, including a receiver for receiving a downloadable, a scanner, coupled with the receiver, for scanning the downloadable to identify suspicious computer operations therein, a code modifier, coupled with the scanner, for overwriting the suspicious computer operations with substitute computer operations, if at least one suspicious computer operation is identified by the scanner, and for appending monitoring program code to the downloadable thereby generating a modified downloadable, if at least one suspicious computer operation is identified by the scanner, and a processor, coupled with the code modifier, for executing programmed instructions, wherein the monitoring program code includes program instructions for the processor to validate input parameters for the suspicious computer operations during run-time of the downloadable. A method is also described and claimed.

Abstract: A method for scanning files for security, including receiving an unfamiliar file for scanning, if the determining indicates that the mime type is suitable for analysis, then processing a buffer of file data from the unfamiliar file, including generating a histogram of frequencies of occurrence of bytes within a buffer of file data from the unfamiliar file, excluding a designated set of bytes, and if the generated histogram of frequencies of occurrence of the non-excluded bytes deviates substantially from a reference distribution, then signaling that the unfamiliar file is potentially malicious. A system and a computer-readable storage medium are also described and claimed.

Abstract: The present invention secures applications from executing illegal or harmful operation requests received from a distrusted environment, thereby, preventing an application from damaging itself, other applications, performance, files, buffers, databases, and confidentiality of information. An operation reverse engineering layer is positioned in front of an application in a trusted environment and between the application and the incoming application operation requests that are received from an unknown or distrusted environment. The operation reverse engineering layer checks the requests for either form, content, or both, to insure that only legal and harmless requests will pass to the given application. Hardware, software, or both, are employed to implement the operation reverse engineering layer.

Abstract: A method for computer security, including receiving content including potentially malicious executable code (“CODE-A”), intended for downloading at a client computer, scanning CODE-A to derive a profile thereof, determining, based on the derived profile of CODE-A, an appropriate computer account from among a plurality of computer accounts, under which CODE-A may be processed by the client computer, wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable run under such account is processed, combining (i) information about the determined computer account name and (ii) CODE-A, with executable wrapper code (“CODE-B”) into combined code (“CODE-C”), and forwarding CODE-C to the client computer for processing. A system and a computer-readable storage medium are also described and claimed.

Abstract: A method for protecting a client computer from dynamically generated malicious content, including receiving at a gateway computer content being sent to a client computer for processing, the content including a call to an original function, and the call including an input, modifying the content at the gateway computer, including replacing the call to the original function with a corresponding call to a substitute function, the substitute function being operational to send the input to a security computer for inspection, transmitting the modified content from the gateway computer to the client computer, processing the modified content at the client computer, transmitting the input to the security computer for inspection when the substitute function is invoked, determining at the security computer whether it is safe for the client computer to invoke the original function with the input, transmitting an indicator of whether it is safe for the client computer to invoke the original function with the input, from th

Abstract: Embodiments of a system for preventing unwanted calls are presented. In one embodiment, the system includes a transmitter, for transmitting an electronic message to a user, a receiver communicatively coupled with the transmitter, for receiving the electronic message intended for the user, and a message filter coupled with the receiver, including a message interceptor, for intercepting the electronic message, transmitted by the transmitter, prior to the electronic message being received by the receiver, a verification processor, for determining if the electronic message is unwanted, including a challenge originator, for issuing a challenge in the form of a query to the transmitter, and a validator, for receiving a response to the challenge from the transmitter and for determining the validity of the response, and a message manager, for passing the electronic message to the receiver, if the verification processor determines that the electronic message is not unwanted.

Abstract: The invention relates to a method for creating and/or updating a security policy within a computerized system protected by at least one security package, comprising: (a) Providing at least one trusted source within the system, capable of issuing a report detailing the structure and/or attributes of the system and/or security flaws within the system; (b) Periodically operating said at least one trusted source in order to periodically issue said report; (c) Importing each trusted source report into a security correcting unit, and forming one consolidated file containing the details from all said reports; (d) Importing into said security correcting unit the attributes files of all the security packages; (e) Separately comparing the content of said consolidated file with each of the imported attributes files, and updating each attributes file with the security information included within said consolidated file, information which is missing from the said attributes file, and is relevant to said attributes file; an

Abstract: The invention provides an application layer security method and system to secure trusted computer applications from executing out of their intended and authorized scope caused by illegal or harmful operation requests received from a distrusted environment. In an embodiment of the invention, a protective layer is implemented in between a trusted application and distrusted application operation requests. In operation, the protective layer identifies an application path of each operation request. Depending on the application path identified, one or more security pipes scrutinize the application contents of the operation request to determine if the operation request is illegal or harmful to the application or a surrounding environment.

Abstract: The present invention secures applications from executing illegal or harmful operation requests received from a distrusted environment, thereby, preventing an application from damaging itself, other applications, performance, files, buffers, databases, and confidentiality of information. An operation reverse engineering layer is positioned in front of an application in a trusted environment and between the application and the incoming application operation requests that are received from an unknown or distrusted environment. The operation reverse engineering layer checks the requests for either form, content, or both, to insure that only legal and harmless requests will pass to the given application. Hardware, software, or both, are employed to implement the operation reverse engineering layer.