摘要:
If a service detects that a state of a computer system deviates from an acceptable state, the computer system can be prevented from accessing network resources or locations, except for those network resources or locations that would bring the state into compliance. Monitored states can include whether applications or the operating system have been properly purchased, whether they have been properly updated, and whether they are being properly used given the environment of their usage. Network restrictions can be implemented through a parental control mechanism, a domain name service mechanism, or other like mechanisms, and can include redirection to appropriate network resources or locations.
摘要:
A method and system for selectively excluding a program from a security policy is provided. The security system receives from a user an indication of a program with a problem that is to be excluded from the security policy. When the program executes and a security enforcement event occurs, the security system does not apply the security policy. If the problem appears to be resolved as a result of excluding the program from the security policy, then the user may assume that the security policy is the cause of the problem.
摘要:
Systems and methods for creating a secure process on a web server can include creating an application manager process, and creating an application host process, the application host process being created under control of the application manager process. Example methods can also include restricting attributes of the application host process, and assigning a unique logon identifier to the application host process so that the application host process can only communicate with the application manager process.
摘要:
Techniques are described herein for securely prompting a user to confirm sensitive operations, input sensitive information or the like. The techniques include receiving or intercepting calls from applications to prompting routines. When a call to a prompting routine is received or intercepted a hint may be provided to the user to switch to a secure desktop. When the user switches from the user desktop to the secure desktop the particular prompt is displayed. The input to the prompt is received on the secure desktop and verified to have been provided by the user. The user input or a representation of the input is then returned to the application running on the user desktop. Using these techniques, interception of prompting messages by malware does not result in sensitive information being revealed. Furthermore, spoofing of new messages by malware does not lead to the dismissal of critical prompting.
摘要:
Remote administrative privileges in a distributed system are disabled by default. To administer a remote system, express action is taken to elevate a user status to obtain remote administrative privileges. When local and remote systems communicate, information pertaining to the status of the logged on user is included in the communications. If the user wishes to legitimately administer a remote system, the user provides an explicit request. The request is processed. If the user is configured as an administrator of the remote system and the request contains an indication that the user's administrative status has been elevated, an authorization token is generated. The authorization token is utilized by the remote system to allow the user to administer the remote system.
摘要:
Systems and methods for creating a secure process on a web server can include creating an application manager process, and creating an application host process, the application host process being created under control of the application manager process. Example methods can also include restricting attributes of the application host process, and assigning a unique logon identifier to the application host process so that the application host process can only communicate with the application manager process.
摘要:
Systems, methods, and computer-readable media for identifying executable scenario solutions relevant to a user query and returning such executable scenario solutions as search results in response to the user query are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a series of steps which may be implemented to address a particular issue relevant to the received user query. Often, a series of steps or scenario includes a number of sub-scenarios, each of which is to be executed sequentially to achieve the desired result. Accordingly, upon selection of a particular search result, the user may be guided through a series of sub-scenario result options until an item having direct association to a series of steps is selected. Once selected, the executable scenario solution is presented to the user for execution.
摘要:
Mechanisms for directing advertising in search result presentation and/or scenario solution execution based upon a user's locality are provided. Locality refers to a collection of metadata created based upon scenario solutions executed by a user and/or enablers acquired by a user during scenario solution execution. For instance, embodiments of the present invention provide a mechanism by which scenario solutions or enablers related to commonly executed scenario solutions or enablers stored in association with the user's locality can be advertised to the user in conjunction with presentation of scenario solution-related search results. Additionally, embodiments of the present invention provide a mechanism by which more highly rated scenario solutions and/or enablers than those associated with the user's locality may be advertised during presentation of an executed scenario solution.
摘要:
A system and method for facilitating BIOS integrated encryption is provided. An interface is defined between the operating system and the BIOS. The operating system employs this interface to provide BIOS code information to facilitate decryption of data that is encrypted on the system. In the pre-operating system boot phase, the BIOS employs the decryption information provided from this interface in order to decrypt the data. The decrypted information can be employed to facilitate secure rebooting of a computer system from hibernate mode and/or secure access to device(s).
摘要:
This disclosure describes methods, systems, and application programming interfaces for creating a credential managed account. This disclosure describes creating a new password managed account, defining the password managed account, wherein the password managed account is to access a service on a managed computing device, identifying the password managed account for a lifecycle, and automatically managing the password managed account by updating and changing a password for the password managed account on a periodic basis.