FAILSAFE COMPUTER SUPPORT ASSISTANT
Granted: September 18, 2008
Application Number:
20080229159
A computer running a host operating system in a host virtual machine includes a support operating system running in a support virtual machine. A support module running in the support operating system identifies and remediates defects associated with the host operating system. A monitoring module running in the support operating system identifies a defect associated with the host operating system and notifies the support module responsive to identification of the defect. A user interface…
Metamorphic Computer Virus Detection
Granted: August 28, 2008
Application Number:
20080209562
The executions of computer viruses are analyzed to develop register signatures for the viruses. The register signatures specify the sets of outputs the viruses produce when executed with a given set of inputs. A virus detection system (VDS) (400) holds a database (430) of the register signatures. The VDS (400) selects (710) a file that might contain a computer virus and identifies potential entry points in the file. The VDS (400) uses a virtual machine (422) having an initial state to…
Method and apparatus for flexible access to storage facilities
Granted: August 21, 2008
Application Number:
20080201458
A method and apparatus for providing flexible access to storage resources in a storage area network is provided. One aspect of the invention relates to managing hosts and storage resources on a storage area network. At least one logical relationship among the storage resources is associated with each of a plurality of virtual identifiers. At least one of the plurality of virtual identifiers is then associated to an interface of each of the hosts.
Method and apparatus for transactional fault tolerance in a client-server system
Granted: August 21, 2008
Application Number:
20080201602
Method and apparatus for transactional fault tolerance in a client-server system is described. In one example, output data generated by execution of a service on a primary server during a current epoch between a first checkpoint and a second checkpoint is buffered. A copy of an execution context of the primary server is established on a secondary server in response to the second checkpoint. The output data as buffered is released from the primary server in response to establishment of…
RUNNING A VIRTUAL MACHINE DIRECTLY FROM A PHYSICAL MACHINE USING SNAPSHOTS
Granted: June 5, 2008
Application Number:
20080133208
Embodiments of the present invention are directed to the running of a virtual machine directly from a physical machine using snapshots of the physical machine. In one example, a computer system performs a method for running a virtual machine directly from a physical machine using snapshots of the physical machine. A snapshot component takes a snapshot of the physical system volume while the physical system volume is in an operational state. The virtual machine initializes using the…
SYSTEM AND METHOD FOR CONTROLLING DISTRIBUTION OF NETWORK COMMUNICATIONS
Granted: January 17, 2008
Application Number:
20080016172
A method for controlling distribution of network communications (messages). An incoming message either carries priority information, or is assigned priority information based on a shared characteristic with other messages. The priority information is used to determine how and/or when to deliver the message, e.g. by delaying the message for a fixed time. Preferences for receipt of messages by priority level may be communication to upstream hosts along a network path. Accordingly, an…
SYSTEM AND METHOD FOR CONTROLLING DISTRIBUTION OF NETWORK COMMUNICATIONS
Granted: January 17, 2008
Application Number:
20080016173
A method for controlling distribution of network communications (messages). An incoming message either carries priority information, or is assigned priority information based on a shared characteristic with other messages. The priority information is used to determine how and/or when to deliver the message, e.g. by delaying the message for a fixed time. Preferences for receipt of messages by priority level may be communication to upstream hosts along a network path. Accordingly, an…
SYSTEM AND METHOD FOR CONTROLLING DISTRIBUTION OF NETWORK COMMUNICATIONS
Granted: January 17, 2008
Application Number:
20080016174
A method for controlling distribution of network communications (messages). An incoming message either carries priority information, or is assigned priority information based on a shared characteristic with other messages. The priority information is used to determine how and/or when to deliver the message, e.g. by delaying the message for a fixed time. Preferences for receipt of messages by priority level may be communication to upstream hosts along a network path. Accordingly, an…
VIRTUAL OS COMPUTING ENVIRONMENT
Granted: January 17, 2008
Application Number:
20080016489
Multiple, semi-independent virtual operating system (OS) environments coexist within a single (OS) such that a change made in one environment does not affect the main OS or any other environment. In this way each virtual OS environment appears to be an independent OS for the applications running within it. The file system and registry information for each environment is independent of the base OS and other environments. Each of the environments can contain a group of installed…
Heuristic Detection and Termination of Fast Spreading Network Worm Attacks
Granted: April 12, 2007
Application Number:
20070083931
Methods, apparati, and computer program products for detecting and responding to fast-spreading network worm attacks include a network monitoring module, which observes failed network connection attempts from multiple sources. A logging module logs the failed connection attempts. An analysis module uses the logged data on the failed connection attempts to determine whether a sources is infected with a worm using a set of threshold criteria. The threshold criteria indicate whether a…
System and method for detecting malicious applications
Granted: October 14, 2004
Application Number:
20040205354
A system and method are disclosed for detecting malicious computer applications. According to an embodiment of the present invention, it is determined whether a communication is attempting to occur, wherein the communication is associated with a first application. It is also determined whether there is a second application associated with the first application; and also determined whether the second application is trusted.
Safe memory scanning
Granted: August 26, 2004
Application Number:
20040168070
A kernel mode memory scanning driver for use in safely scanning loaded drivers in the memory of computer systems utilizing Windows® NT based operating systems, such as Windows® 2000, Windows® XP, and other operating systems utilizing the Windows® NT kernel base, for viruses. Prior to scanning the loaded drivers for viruses, the kernel mode memory scanning driver hooks a driver unload function of the operating system, and stalls any calls to the driver unload function to…
System and method for an expert architecture
Granted: August 12, 2004
Application Number:
20040158545
A system and method are disclosed for providing an expert system. In an embodiment of the present invention, a selected goal is received and a first record obtained. The first record is used to produce a second record, wherein the second record has a record type associated with it. It is then determined whether the record type is directly associated with the selected goal, and the second record is outputted if the record type is directly associated with the selected goal.
Shell code blocking system and method
Granted: August 12, 2004
Application Number:
20040158729
A method includes hooking a critical operating system function, originating a call to the critical operating system function with a call module of a parent application, stalling the call, determining a location of the call module in memory, and determining whether the location is in an executable area of the memory. Upon a determination that the call module is not in the executable area, the method further includes terminating the call. By terminating the call, execution of a child…
Network risk analysis
Granted: July 22, 2004
Application Number:
20040143753
A system and method are disclosed for analyzing security risks in a computer network. The system constructs asset relationships among a plurality of objects in the computer network and receives an event associated with a selected object, where the event has an event risk level. The system also propagates the event to objects related to the selected object if the event risk level exceeds a propagation threshold.
Validation for behavior-blocking system
Granted: June 24, 2004
Application Number:
20040123117
A method includes detecting a potentially malicious action of a potentially unsafe application on a host computer system; sending an application characteristic of the potentially unsafe application to a server system; and receiving a response from the server system indicating whether the potentially unsafe application is a safe application, an unsafe application or an unknown application. If the potentially unsafe application in an unknown application, the potentially unsafe application…
Bubble-protected system for automatic decryption of file data on a per-use basis and automatic re-encryption
Granted: May 13, 2004
Application Number:
20040093506
A machine system includes bubble protection for protecting the information of certain classes of files from unauthorized access by way of unauthorized classes of programs at unauthorized periods of time. The machine system additionally may have OTF mechanisms for automatic decryption of confidential file data on a per-use basis and automatic later elimination of the decrypted data by scorching and/or re-encrypting is disclosed. The system can operate within a multi-threaded environment.…
Methods and apparatuses for file synchronization and updating using a signature list
Granted: October 23, 2003
Application Number:
20030200207
A server computer generates an update file for transmission to a client computer that permits the client computer to generate a copy of a current version of a subscription file from a copy of an earlier version of the subscription file. For each segment of the current version of the subscription file, the server computer searches an earlier version of a signature list for an old segment signature which matches a new segment signature corresponding to the segment. When a match is…
BUBBLE-PROTECTED SYSTEM FOR AUTOMATIC DECRYPTION OF FILE DATA ON A PER-USE BASIS AND AUTOMATIC RE-ENCRYPTION
Granted: November 22, 2001
Application Number:
20010044901
A machine system includes bubble protection for protecting the information of certain classes of files from unauthorized access by way of unauthorized classes of programs at unauthorized periods of time. The machine system additionally may have OTF mechanisms for automatic decryption of confidential file data on a per-use basis and automatic later elimination of the decrypted data by scorching and/or re-encrypting is disclosed. The system can operate within a multi-threaded environment.…
System for supporting secured log-in of multiple users into a plurality of computers using combined presentation of memorized password and transportable passport record
Granted: May 31, 2001
Application Number:
20010002487
A system is disclosed for controlling intelligible access to secured files by means of a user-memorized password in combination with a user-associated passport record. The passport record takes on two forms, one when it is physically secured within the workstation and a different second form when the passport record is in-transit. Log-in privileges are granted after a presented passport record passes a number of tests including digital signature authentication, and the ability to extract…
