公开(公告)号：US08006116B1

公开(公告)日：2011-08-23

申请号：US12058943

申请日：2008-03-31

申请人： William E. Sobel ,  Sourabh Satish

发明人： William E. Sobel ,  Sourabh Satish

IPC分类号： G06F11/00

CPC分类号： G06F11/3409 ,  G06F11/0706 ,  G06F11/076 ,  G06F11/1446

摘要： A computer-implemented method for storing information that identifies the state of health of a computing system at the time a backup of the computing system is created may comprise: 1) identifying a backup of the computing system, 2) performing an evaluation of the computing system's health, and then 3) storing health information that identifies the state of health of the computing system when the backup was created as metadata to the backup. Similarly, a method for determining whether to restore a backup of a computing system based on health information may comprise: 1) identifying a backup of the computing system, 2) identifying health information stored as metadata to the backup that identifies the state of health of the computing system when the backup was created, and 3) determining, based on the health information, whether to restore the backup. Corresponding systems and computer-readable media are also disclosed.

摘要翻译： 用于存储在创建计算系统的备份时识别计算系统的健康状态的计算机实现的方法可以包括：1）识别计算系统的备份，2）执行计算的评估 系统的健康状况，然后3）将创建备份时的计算机系统健康状况的健康信息存储到备份中。 类似地，用于基于健康信息来确定是否恢复计算系统的备份的方法可以包括：1）识别计算系统的备份; 2）识别存储为元数据的健康信息给备份，其识别健康状况的健康状况 创建备份时的计算系统，以及3）根据健康信息确定是否还原备份。 还公开了相应的系统和计算机可读介质。

公开(公告)号：US08694983B1

公开(公告)日：2014-04-08

申请号：US13473182

申请日：2012-05-16

申请人： William E. Sobel ,  Sourabh Satish

发明人： William E. Sobel ,  Sourabh Satish

IPC分类号： G06F9/44

CPC分类号： G06F8/60 ,  G06F11/3409 ,  G06F11/3428 ,  G06F2201/81

摘要： A computer-implemented method for determining the impact of a software change on the health of a computing system or an application installed on the computing system may comprise identifying the software change, performing a first health evaluation, allowing the software change to occur, performing a second health evaluation, and then determining the impact of the new application by comparing the results of the second health evaluation with the results of the first health evaluation. Exemplary methods for providing guidance on the potential impact of a software change and for determining the health impact of a software change based on information obtained from a plurality of computing systems are also disclosed. Corresponding systems and computer-readable media are also disclosed.

摘要翻译： 用于确定软件更改对安装在计算系统上的计算系统或应用程序的健康的影响的计算机实现的方法可以包括识别软件变化，执行第一健康评估，允许软件改变发生，执行 第二次健康评估，然后通过将第二次健康评估的结果与第一次健康评估的结果进行比较，确定新应用的影响。 还公开了基于从多个计算系统获得的信息来提供关于软件变化的潜在影响和用于确定软件变化的健康影响的指导的示范性方法。 还公开了相应的系统和计算机可读介质。

公开(公告)号：US08473924B1

公开(公告)日：2013-06-25

申请号：US12340559

申请日：2008-12-19

申请人： Sourabh Satish ,  William E. Sobel

发明人： Sourabh Satish ,  William E. Sobel

IPC分类号： G06F9/44 ,  G06F9/45

CPC分类号： G06F9/445

摘要： Application profiles for applications stored on the endpoint are defined. An application profile identifies components on the endpoint associated with an application with which the application profile is associated. Applications on the endpoint accessed by a user to perform a task are monitored. A task profile associated with the task is created and stored, the task profile associated with the application profiles for the applications accessed by the user to perform the task.

摘要翻译： 定义存储在端点上的应用程序的应用程序配置文件。 应用程序配置文件标识与应用程序配置文件与之相关联的应用程序相关联的端点上的组件。 监视由用户访问的端点上的应用程序来执行任务。 创建和存储与该任务相关联的任务简档，该任务简档与由用户访问的应用程序的应用程序配置文件相关联以执行任务。

公开(公告)号：US08434073B1

公开(公告)日：2013-04-30

申请号：US12263739

申请日：2008-11-03

申请人： Sourabh Satish ,  Bruce McCorkendale ,  William E. Sobel

发明人： Sourabh Satish ,  Bruce McCorkendale ,  William E. Sobel

IPC分类号： G06F9/44 ,  G06F9/45 ,  G06F9/445 ,  G06F12/00 ,  G06F12/14

CPC分类号： G06F21/54

摘要： An exemplary method for preventing exploitation of byte sequences that violate compiler-generated instruction alignment may comprise: 1) identifying instantiation of a process, 2) identifying an address space associated with the process, 3) identifying, within the address space associated with the process, at least one control-transfer instruction, 4) determining that at least one byte preceding the control-transfer instruction is capable of resulting in an out-of-alignment instruction, and then 5) preventing the control-transfer instruction from being executed. In one example, the system may prevent the control-transfer instruction from being executed by inserting a hook in place of the intended instruction that executes the intended instruction and then returns control flow back to the instantiated process. Corresponding systems and computer-readable media are also disclosed.

摘要翻译： 用于防止违反编译器生成的指令对准的字节序列的示例性方法可以包括：1）识别过程的实例化，2）识别与该过程相关联的地址空间，3）在与该过程相关联的地址空间内识别 ，至少一个控制传输指令，4）确定控制传输指令之前的至少一个字节能够导致不对齐指令，然后5）防止执行控制传输指令。 在一个示例中，系统可以通过插入钩来代替执行预期指令的预期指令来防止控制传输指令被执行，然后将控制流程返回到实例化的进程。 还公开了相应的系统和计算机可读介质。

公开(公告)号：US08365283B1

公开(公告)日：2013-01-29

申请号：US12198046

申请日：2008-08-25

申请人： Sourabh Satish ,  William E. Sobel

发明人： Sourabh Satish ,  William E. Sobel

IPC分类号： G06F11/00 ,  H04L29/06

CPC分类号： G06F21/564

摘要： A plurality of fingerprints are created for a file. Each fingerprint is created in response to an instance of activity involving the file. A malware signature associated with the mutating malware is compared to one or more of the plurality of fingerprints. In response to the malware signature matching one of the plurality of fingerprints, determining that the file is infected with mutating malware. Further, in response to determining that the file is infected with mutating malware, transmitting to a server multiple fingerprints of the plurality of fingerprints. The server analyzes the multiple fingerprints to determine a pattern of mutation by the mutating malware. The determined pattern of mutation is used by the server to create a signature for detecting mutations of the mutating malware.

摘要翻译： 为文件创建多个指纹。 每个指纹都是针对涉及该文件的活动实例而创建的。 将与突变恶意软件相关联的恶意软件签名与多个指纹中的一个或多个进行比较。 响应于匹配多个指纹之一的恶意软件签名，确定该文件被变异的恶意软件感染。 此外，响应于确定文件被变异恶意软件感染，向服务器发送多个指纹的多个指纹。 服务器分析多个指纹，以确定突变恶意软件的突变模式。 确定的突变模式由服务器用于创建用于检测突变恶意软件的突变的签名。

公开(公告)号：US08219983B1

公开(公告)日：2012-07-10

申请号：US12059003

申请日：2008-03-31

申请人： William E. Sobel ,  Sourabh Satish

发明人： William E. Sobel ,  Sourabh Satish

IPC分类号： G06F9/44

CPC分类号： G06F8/60 ,  G06F11/3409 ,  G06F11/3428 ,  G06F2201/81

摘要： A computer-implemented method for determining the impact of a software change on the health of a computing system or an application installed on the computing system may comprise identifying the software change, performing a first health evaluation, allowing the software change to occur, performing a second health evaluation, and then determining the impact of the new application by comparing the results of the second health evaluation with the results of the first health evaluation. Exemplary methods for providing guidance on the potential impact of a software change and for determining the health impact of a software change based on information obtained from a plurality of computing systems are also disclosed. Corresponding systems and computer-readable media are also disclosed.

摘要翻译： 用于确定软件更改对安装在计算系统上的计算系统或应用程序的健康的影响的计算机实现的方法可以包括识别软件变化，执行第一健康评估，允许软件改变发生，执行 第二次健康评估，然后通过将第二次健康评估的结果与第一次健康评估的结果进行比较，确定新应用的影响。 还公开了基于从多个计算系统获得的信息来提供关于软件变化的潜在影响和用于确定软件变化的健康影响的指导的示范性方法。 还公开了相应的系统和计算机可读介质。

公开(公告)号：US08171256B1

公开(公告)日：2012-05-01

申请号：US12340968

申请日：2008-12-22

申请人： Sourabh Satish ,  William E. Sobel ,  Bruce McCorkendale

发明人： Sourabh Satish ,  William E. Sobel ,  Bruce McCorkendale

IPC分类号： G06F12/00 ,  G06F11/00 ,  G06F12/14 ,  G06F12/16

CPC分类号： G06F21/52

摘要： A method for preventing subversion of address space layout randomization (ASLR) in a computing device is described. An unverified module attempting to load into an address space of memory of the computing device is intercepted. Attributes associated with the unverified module are analyzed. A determination is made, based on the analyzed attributes, whether a probability exists that the unverified module will be loaded into a number of address spaces that exceeds a threshold. The unverified module is prevented from loading into the address space if the probability exists that the unverified module will be loaded into a number of address spaces that exceeds the threshold.

摘要翻译： 描述了一种用于防止计算设备中的地址空间布局随机化（ASLR）的颠覆的方法。 试图加载到计算设备的存储器的地址空间中的未验证的模块被截取。 分析与未验证模块相关联的属性。 基于分析的属性确定是否存在将未验证的模块加载到超过阈值的多个地址空间的概率。 如果未验证的模块将被加载到超过阈值的多个地址空间的概率存在，则未经验证的模块被阻止加载到地址空间中。

公开(公告)号：US08150991B1

公开(公告)日：2012-04-03

申请号：US12045524

申请日：2008-03-10

申请人： William E. Sobel ,  Sourabh Satish

发明人： William E. Sobel ,  Sourabh Satish

IPC分类号： G06F15/16

CPC分类号： H04L67/30 ,  H04L65/4084 ,  H04L67/18 ,  H04L67/34

摘要： The disclosure is directed to systems, apparatus, and methods for geolocation-based application streaming. In one example, a system may include a geolocation service that determines the location of a client, and an application server that streams one or more applications to the client on request. The application server may use the location provided by the geolocation service to select an application streaming profile indicating application modules to be initially streamed to clients for that geolocation. After the initial program modules have been streamed to the client, the application server services requests from the client for additional application modules. The application server may log application module requests to create or modify application streaming profiles that specify the application modules to be initially streamed to clients at a particular geolocation. The client or a web server may also specify the application streaming profile to be used by the application server.

摘要翻译： 本公开涉及用于基于地理位置的应用流的系统，装置和方法。 在一个示例中，系统可以包括确定客户端的位置的地理位置服务以及根据请求将一个或多个应用流向客户端流出的应用服务器。 应用服务器可以使用由地理位置服务提供的位置来选择应用流传输配置文件，该应用流配置文件指示应用模块最初被流传输到该地理位置的客户端。 在将初始程序模块流式传输到客户端之后，应用程序服务器将向客户端提供服务请求以获得更多的应用程序模块。 应用程序服务器可以记录应用程序模块请求，以创建或修改应用程序流配置文件，该应用程序流配置文件指定要在特定地理位置初始流式传输到客户端的应用 客户机或Web服务器还可以指定要由应用服务器使用的应用流配置文件。

公开(公告)号：US07831412B1

公开(公告)日：2010-11-09

申请号：US12059769

申请日：2008-03-31

申请人： William E. Sobel ,  Sourabh Satish

发明人： William E. Sobel ,  Sourabh Satish

IPC分类号： G06F13/00 ,  G06F11/00

CPC分类号： G06F11/3409 ,  G06F8/61 ,  G06F11/3476

摘要： Embodiments of the instant disclosure may provide users with access to information that details, by application category, the potential impact an application may have on the health of a user's computing device. A method for determining the impact of a new application on the health of a computing system by category is also disclosed. Corresponding systems and computer-readable media are also disclosed.

摘要翻译： 本公开的实施例可以向用户提供对按照应用类别详细描述应用可能对用户的计算设备的健康状况产生的潜在影响的信息的访问。 还公开了一种用于根据类别确定新应用对计算系统的健康的影响的方法。 还公开了相应的系统和计算机可读介质。

公开(公告)号：US20090249313A1

公开(公告)日：2009-10-01

申请号：US12059084

申请日：2008-03-31

申请人： William E. Sobel ,  Sourabh Satish

发明人： William E. Sobel ,  Sourabh Satish

IPC分类号： G06F9/44

CPC分类号： G06F8/4441 ,  G06F8/61

摘要： A system and method for compiling part of the bytecode for a software application into native code at install time when the software application is installed on a particular computer are described. According to one embodiment of the method, usage information for the software application may be received. The usage information may indicate how frequently or commonly each of a plurality of features of the software application is used. The usage information may be analyzed to determine a rank ordering of the features. The method may further comprise installing the software application on the particular computer. Installing the software application may comprise compiling one or more bytecode modules of the software application into native code, where the one or more bytecode modules are selected from a plurality of bytecode modules depending upon the rank ordering of the features.

摘要翻译： 描述了在软件应用程序安装在特定计算机上的安装时将用于将软件应用程序的部分字节码编译成本机代码的系统和方法。 根据该方法的一个实施例，可以接收用于软件应用的使用信息。 使用信息可以指示使用软件应用的多个特征的频率或通常的每一个。 可以分析使用信息以确定特征的秩排序。 该方法还可以包括在特定计算机上安装软件应用程序。 安装软件应用程序可能包括将软件应用程序的一个或多个字节码模块编译为本地代码，其中根据特征的排序顺序从多个字节码模块中选择一个或多个字节码模块。