摘要:
Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.
摘要:
Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.
摘要:
An exemplary method for protecting web browsers from spam includes providing a multi-layer model that includes a doorway layer, a redirection domain layer, an aggregator layer, a syndicator layer and an advertiser layer; identifying domains as being associated with at least one of the layers; and, based at least in part on the identifying, taking one or more corrective actions to protect web browsers from search spam. An exemplary method for identifying a bottleneck layer in a multi-layer spam model includes providing a multi-layer spam model, collecting spam advertisements, associating a block of IP addresses with the collected spam advertisements and identifying a bottleneck layer based on the block of IP addresses. Other methods, systems, etc., are also disclosed.
摘要:
Search relevance failures are diagnosed automatically. Users presented with unsatisfactory search results can report their dissatisfaction through various mechanisms. Dissatisfaction reports can trigger automatic investigation into the root cause of such dissatisfaction. Based on the identified root cause, a search engine can be modified to resolve the issue creating dissatisfaction thereby improving search engine quality.
摘要:
In an embodiment of isolation environment-based information access, programs—including operating systems and applications—running on a computing-based device can be isolated in an environment such as a virtual machine. Information including commands and/or data transmitted between the computing-based device and the program(s) being run, as well as information associated with the program(s) and the computing-based device, is accessed without being detected by the program(s). In one implementation, the information includes state information as well as commands and/or data—including sensitive information, such as usernames and passwords. In another implementation, the information can be used to secretly access the program(s).
摘要:
A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.
摘要:
Techniques are described for generating a statistical model from observed click chains. The model can be used to compute a probability that a document is relevant to a given search query. With the model, a probability of a user examining a given document in a given search result conditionally depends on: a probability that a preceding document in the given search result is examined by a user viewing the given search result; a probability that the preceding document is clicked on by a user viewing the given search result, which conditionally depends directly on the probability that the preceding document is examined and on a probability of relevance of the preceding document.
摘要:
Systems and methods for implementing system management which are based on reviewing of the interactions between one or more programs and the persistent state they tend to represent. The system provides for detection of modifications that occur within a system, verifying whether the modifications are approved or not and generating notifications on detecting unknown modifications.
摘要:
A method and system for retrieving data from devices in a way that seeks to preserve privacy and ensure the integrity of the retrieved data is provided. A retrieval system is implemented on a network of devices that communicate with each other via a secure communications link. Each device is directly connected to one or more “friend” devices that it trusts. The retrieval system operates by forwarding a request for data from one friend device to another friend device. Each friend device may optionally add data to the request until all the requested data is added. The request with the retrieved data is returned to the device that initiated the request.
摘要:
Systems and methods for implementing system management which are based on reviewing of the interactions between one or more programs and the persistent state they tend to represent. The system provides for detection of modifications that occur within a system, verifying whether the modifications are approved or not and generating notifications on detecting unknown modifications.