公开(公告)号：US09734037B1

公开(公告)日：2017-08-15

申请号：US12560328

申请日：2009-09-15

申请人： Bruce McCorkendale ,  John P. Kelly ,  Brian Hernacki

发明人： Bruce McCorkendale ,  John P. Kelly ,  Brian Hernacki

IPC分类号： G06F9/44 ,  G06F11/34

CPC分类号： G06F11/3466 ,  G06F11/3409 ,  G06F11/3476

摘要： Applications on a mobile device are sampled for detecting applications causing performance problems on the device. The method includes periodically logging performance information for a mobile device suspected to be having performance problems. The method further includes periodically logging identifying information about multiple applications on the mobile device. The method also includes periodically providing to a security server the logged performance information for the mobile device and the logged identifying information about the applications. In addition, the method includes, in response to a request from the security server for more information about one of the applications, providing a copy of the application to the security server for analysis of the impact by the application on performance of the mobile device. The method can further include receiving from the security server an indication that the application for which the copy was provided is causing a performance problem on the mobile device.

公开(公告)号：US09450960B1

公开(公告)日：2016-09-20

申请号：US12265157

申请日：2008-11-05

申请人： Bruce McCorkendale ,  William E. Sobel

发明人： Bruce McCorkendale ,  William E. Sobel

IPC分类号： H04L29/06

CPC分类号： H04L63/10 ,  G06F21/53 ,  G06F21/568 ,  G06F21/6218 ,  H04L63/102 ,  H04L63/1416

摘要： A method includes creating a virtual machine including a remote file system, a file system service, and a security application. Access to the remote file system is restricted with the security application upon an unknown malicious code outbreak. The more that is known about the threat, the more precise are the restrictions placed upon the file system thus reducing the impact on users of the file system to an absolute minimum.

摘要翻译： 一种方法包括创建包括远程文件系统，文件系统服务和安全应用程序的虚拟机。 在未知的恶意代码爆发时，访问远程文件系统受到安全应用程序的限制。 对威胁的了解越多，对文件系统的限制越准确，从而将对文件系统的用户的影响降到绝对最小。

公开(公告)号：US08849922B1

公开(公告)日：2014-09-30

申请号：US11864873

申请日：2007-09-28

申请人： Bruce McCorkendale ,  Shaun Cooley

发明人： Bruce McCorkendale ,  Shaun Cooley

IPC分类号： G06F15/16

CPC分类号： H04L12/1895 ,  H04L51/16

摘要： A method and apparatus for aggregating notices and alerts (alerts) into an aggregate machine readable feed wherein the alerts are retrieved from various information sources. One embodiment of the invention is a method and apparatus providing an alert via an aggregate machine readable feed, comprising receiving an alert from various information sources, converting the retrieved alert into an aggregate machine readable format, and placing the aggregate machine readable formatted alert into an aggregate machine readable feed.

摘要翻译： 一种用于将通知和警报（警报）聚合到聚合机器可读进给中的方法和装置，其中从各种信息源检索警报。 本发明的一个实施例是一种通过聚合机器可读进给提供警报的方法和装置，包括从各种信息源接收警报，将所检索到的警报转换为聚合机器可读格式，以及将集合机器可读格式化警报放入 聚合机器可读进给。

公开(公告)号：US08806644B1

公开(公告)日：2014-08-12

申请号：US13481715

申请日：2012-05-25

申请人： Bruce McCorkendale ,  Jun Mao

发明人： Bruce McCorkendale ,  Jun Mao

IPC分类号： G06F21/00 ,  H04L29/06

CPC分类号： H04L63/1416

摘要： An application is analyzed, thereby detecting behaviors of the application. Data indicative of the functionality of the application is mined from a plurality of sources. The application is categorized based on the mined data. The categorization of the application indicates expected application behaviors. Multiple categories can be assigned to the application, wherein each assigned category correlates with at least one expected application behavior. Measures of consistency between the detected behaviors of the application and the expected behaviors of the application are determined. Determining the measures of consistency comprises quantifying differences between detected behaviors of the application and expected behaviors of the application. Responsive to the determined measures of consistency, it is adjudicated whether the application is suspect of being malicious.

摘要翻译： 分析应用程序，从而检测应用程序的行为。 表示应用程序的功能的数据是从多个来源开采的。 应用程序根据开采的数据进行分类。 应用程序的分类表明预期的应用行为。 可以将多个类别分配给应用，其中每个分配的类别与至少一个预期的应用行为相关。 确定应用程序检测到的行为与应用程序的预期行为之间的一致性度量。 确定一致性的措施包括量化应用程序的检测行为与应用程序的预期行为之间的差异。 针对确定的一致性措施，判定应用程序是否被怀疑是恶意的。

公开(公告)号：US08762229B1

公开(公告)日：2014-06-24

申请号：US11959439

申请日：2007-12-18

申请人： Brian Hernacki ,  Bruce McCorkendale ,  Shaun Cooley

发明人： Brian Hernacki ,  Bruce McCorkendale ,  Shaun Cooley

IPC分类号： G06Q30/00

CPC分类号： G06Q30/0633

摘要： A parental policy is enforced for online purchases. A parent enters a parental policy indicating items that are prohibited for a child. When the child attempts to add an item to a wish list, it is determined whether the item is permitted according to the policy. If so, the addition of the item to the wish list is allowed to proceed. If the policy prohibits the item, the addition of the item to the wish list is blocked. Additionally, the parent can be informed (via email, telephone, etc.) of the attempt to add the item to the wish list. The same logic can be applied to attempts to purchase items for children, or attempts to purchase items by children.

摘要翻译： 强制执行家长政策进行网上购物。 父母输入父母政策，指示禁止孩子使用的项目。 当孩子尝试将项目添加到愿望清单中时，根据策略确定项目是否被允许。 如果是这样，则允许将项目添加到愿望清单中。 如果该政策禁止该项目，该项目添加到愿望清单将被阻止。 此外，父母可以通过（通过电子邮件，电话等）通知尝试将项目添加到愿望清单。 相同的逻辑可以应用于为儿童购买物品的尝试，或尝试购买儿童的物品。

公开(公告)号：US08706745B1

公开(公告)日：2014-04-22

申请号：US12130839

申请日：2008-05-30

申请人： Shaun Cooley ,  William E. Sobel ,  Bruce McCorkendale

发明人： Shaun Cooley ,  William E. Sobel ,  Bruce McCorkendale

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F21/564

摘要： A computer-implemented method for determining a file set may include identifying a file set and identifying a key file for the file set. The method may also include transmitting a key-file identifier to a second computing system. A first computing system may receive first and second file identifiers from a second computing system. The first computing system may determine whether the file set comprises a file identified by the first file identifier, and whether the file set comprises a file identified by the second file identifier. The method also includes transmitting a result of the determination to the second computing system. A method for determining a file set on a second computing device is also disclosed. Corresponding systems and computer-readable media are also disclosed.

摘要翻译： 用于确定文件集的计算机实现的方法可以包括识别文件集并且识别文件集的密钥文件。 该方法还可以包括将密钥文件标识符发送到第二计算系统。 第一计算系统可以从第二计算系统接收第一和第二文件标识符。 第一计算系统可以确定文件集是否包括由第一文件标识符标识的文件，以及文件集是否包括由第二文件标识符标识的文件。 该方法还包括将确定的结果发送给第二计算系统。 还公开了一种用于确定在第二计算设备上的文件集的方法。 还公开了相应的系统和计算机可读介质。

公开(公告)号：US08578006B2

公开(公告)日：2013-11-05

申请号：US13074850

申请日：2011-03-29

申请人： William E. Sobel ,  Bruce McCorkendale

发明人： William E. Sobel ,  Bruce McCorkendale

IPC分类号： G06F15/173

CPC分类号： G06F9/44505

摘要： Configuration elements are selectively propagated between a host and multiple guests, based on a policy. Configuration elements of the host and guests are monitored. Changes made to monitored configuration elements are detected. It is determined whether to propagate changed configuration elements between operating system environments based on the policy. It can be determined to propagate changed configuration element(s) from a source to one or more destinations in response to factors such as the identity and/or classification of the source, or the type, attribute(s), content and/or identity of the changed configuration element(s). The creation of new guests is detected. In response, at least one configuration element from at least one source is automatically propagated to a newly created guest.

摘要翻译： 基于策略，配置元素在主机和多个客户端之间选择性地传播。 监控主机和客户端的配置元素。 检测到对受监视的配置元素进行的更改。 根据策略确定是否在操作系统环境之间传播已更改的配置元素。 响应于诸如源的身份和/或分类或类型，属性，内容和/或身份的因素，可以确定将更改的配置元素从源传播到一个或多个目的地 的更改的配置元素。 检测到新客人的创建。 作为响应，来自至少一个源的至少一个配置元素被自动传播到新创建的访客。

公开(公告)号：US08434073B1

公开(公告)日：2013-04-30

申请号：US12263739

申请日：2008-11-03

申请人： Sourabh Satish ,  Bruce McCorkendale ,  William E. Sobel

发明人： Sourabh Satish ,  Bruce McCorkendale ,  William E. Sobel

IPC分类号： G06F9/44 ,  G06F9/45 ,  G06F9/445 ,  G06F12/00 ,  G06F12/14

CPC分类号： G06F21/54

摘要： An exemplary method for preventing exploitation of byte sequences that violate compiler-generated instruction alignment may comprise: 1) identifying instantiation of a process, 2) identifying an address space associated with the process, 3) identifying, within the address space associated with the process, at least one control-transfer instruction, 4) determining that at least one byte preceding the control-transfer instruction is capable of resulting in an out-of-alignment instruction, and then 5) preventing the control-transfer instruction from being executed. In one example, the system may prevent the control-transfer instruction from being executed by inserting a hook in place of the intended instruction that executes the intended instruction and then returns control flow back to the instantiated process. Corresponding systems and computer-readable media are also disclosed.

摘要翻译： 用于防止违反编译器生成的指令对准的字节序列的示例性方法可以包括：1）识别过程的实例化，2）识别与该过程相关联的地址空间，3）在与该过程相关联的地址空间内识别 ，至少一个控制传输指令，4）确定控制传输指令之前的至少一个字节能够导致不对齐指令，然后5）防止执行控制传输指令。 在一个示例中，系统可以通过插入钩来代替执行预期指令的预期指令来防止控制传输指令被执行，然后将控制流程返回到实例化的进程。 还公开了相应的系统和计算机可读介质。

公开(公告)号：US08281363B1

公开(公告)日：2012-10-02

申请号：US12059725

申请日：2008-03-31

申请人： Brian Hernacki ,  Bruce McCorkendale ,  William E. Sobel

发明人： Brian Hernacki ,  Bruce McCorkendale ,  William E. Sobel

IPC分类号： H04L29/06

CPC分类号： H04L29/08846 ,  G06F2009/45595 ,  H04L61/2038

摘要： A computer-implemented method may include receiving a request to access a network. The request may be sent from a virtual machine. The method may also include proxying the request to a network-access-control module, receiving a response from the network-access-control module, and transmitting the response to the virtual machine. Proxying the request to the network-access-control module may include assigning the virtual machine a virtual identifier. Proxying the request may also include creating a temporary interface. The temporary interface may be programmed to receive the response from the network-access-control module and transmit the response to the virtual machine. Various other methods, systems, and computer-readable media are also disclosed herein.

摘要翻译： 计算机实现的方法可以包括接收访问网络的请求。 请求可以从虚拟机发送。 该方法还可以包括向网络访问控制模块代理请求，从网络访问控制模块接收响应，以及将响应发送到虚拟机。 向网络访问控制模块代理请求可以包括为虚拟机分配虚拟标识符。 代理请求还可以包括创建临时接口。 临时接口可以被编程为从网络访问控制模块接收响应并将响应发送到虚拟机。 本文还公开了各种其它方法，系统和计算机可读介质。

公开(公告)号：US08180761B1

公开(公告)日：2012-05-15

申请号：US11965526

申请日：2007-12-27

申请人： Shaun Cooley ,  Bruce McCorkendale

发明人： Shaun Cooley ,  Bruce McCorkendale

IPC分类号： G06F17/00

CPC分类号： G06F17/30864

摘要： A computer, computer program product, and method prioritize a web crawler target link queue using referrer context information associated with a remote object link. An access statistics collection module detects links to remote objects and retrieves referrer context information for the links. An access statistics back end module receives and stores the referrer context information from the access statistics collection module. The referrer context information is analyzed by a target list prioritization module that uses the results of the analysis to prioritize a target queue of a web crawler. The referrer context information is an important resource in identifying information about how a link spreads, e.g., for threat detection or identification of popular links for indexing to produce more relevant search results.

摘要翻译： 计算机，计算机程序产品和方法使用与远程对象链接相关联的引用者上下文信息来优先考虑网络爬网程序目标链接队列。 访问统计信息收集模块检测到远程对象的链接并检索链接的引用者上下文信息。 访问统计后端模块从访问统计信息收集模块接收并存储引用者上下文信息。 引用者上下文信息由目标列表优先级模块分析，该模块使用分析结果来优化网络爬虫的目标队列。 引用者上下文信息是识别关于链路如何传播的信息的重要资源，例如用于威胁检测或识别用于索引的流行链接以产生更相关的搜索结果。