公开(公告)号：US20070168550A1

公开(公告)日：2007-07-19

申请号：US11702856

申请日：2007-02-06

申请人： Yi-Min Wang ,  Lili Qiu ,  Chad Verbowski ,  Demetrios Achlioptas ,  Gautam Das ,  Per-Ake Larson

发明人： Yi-Min Wang ,  Lili Qiu ,  Chad Verbowski ,  Demetrios Achlioptas ,  Gautam Das ,  Per-Ake Larson

IPC分类号： G06F15/173

CPC分类号： H04L29/06 ,  H04L12/1859 ,  H04L67/327 ,  H04L69/329

摘要： A system arid method for enabling highly scalable multi-node event distribution networks through the use of summary-based routing, particularly event distribution networks using a content-based publish/subscribe model to distribute information. By allowing event routers to use imprecise summaries of the subscriptions hosted by matcher nodes, an event router can eliminate itself as a bottleneck thus improving overall event distribution network throughput even though the use of imprecise summaries results in some false positive event traffic. False positive event traffic is reduced by using a filter set partitioning that provides for good subscription set locality at each matcher node, while at the same time avoiding overloading any one matcher node. Good subscription set locality is maintained by routing new subscriptions to a matcher node with a subscription summary that best covers the new subscription. Where event space partitioning is desirable, an over-partitioning scheme is described that enables load balancing without repartitioning.

摘要翻译： 一种用于通过使用基于摘要的路由，特别是使用基于内容的发布/订阅模型来分发信息的事件分发网络来实现高度可扩展的多节点事件分发网络的系统和方法。 通过允许事件路由器使用由匹配器节点托管的订阅的不精确的摘要，事件路由器可以将自身消除为瓶颈，从而改善整体事件分发网络吞吐量，即使使用不精确的摘要导致一些假阳性事件流量。 通过使用在每个匹配器节点处提供良好订阅集位置的过滤器集分割来减少假正事件流量，同时避免任何一个匹配器节点的过载。 通过将新的订阅路由到具有最佳覆盖新订阅的订阅摘要的匹配器节点来维护良好的订阅集位置。 在需要事件空间分区的情况下，描述了能够进行负载均衡而不进行重新分区的过分配方案。

公开(公告)号：US20050155031A1

公开(公告)日：2005-07-14

申请号：US10830334

申请日：2004-04-22

申请人： Yi-Min Wang ,  Aaron Johnson ,  David Ladd ,  Roussi Roussev ,  Chad Verbowski

发明人： Yi-Min Wang ,  Aaron Johnson ,  David Ladd ,  Roussi Roussev ,  Chad Verbowski

IPC分类号： G06F9/445 ,  G06F9/44

CPC分类号： G06F9/44505 ,  G06F8/65

摘要： As computer programs grow more complex, extensible, and connected, it becomes increasingly difficult for users to understand what has changed on their machines and what impact those changes have. An embodiment of the invention is described via a software tool, called AskStrider, that answers those questions by correlating volatile process information with persistent-state context information and change history. AskStrider scans a system for active components, matches them against a change log to identify recently updated and hence more interesting state, and searches for context information to help users understand the changes. Several real-world cases are provided to demonstrate the effectiveness of using AskStrider to quickly identify the presence of unwanted software, to determine if a software patch is potentially breaking an application, and to detect lingering components left over from an unclean uninstallation.

摘要翻译： 随着计算机程序变得越来越复杂，可扩展和连接，用户越来越难以了解机器上发生了什么变化，以及这些更改有什么影响。 通过称为AskStrider的软件工具来描述本发明的实施例，其通过将易失性进程信息与持久状态上下文信息和变化历史相关联来回答这些问题。 AskStrider扫描系统中的活动组件，将其与更改日志进行匹配，以识别最近更新并因此更有趣的状态，并搜索上下文信息以帮助用户了解更改。 提供了几个真实案例来证明使用AskStrider快速识别不需要的软件的存在，确定软件补丁是否潜在地破坏应用程序，以及检测从不洁净卸载中遗留的剩余部件的有效性。

公开(公告)号：US08024815B2

公开(公告)日：2011-09-20

申请号：US11532127

申请日：2006-09-15

申请人： Jacob R. Lorch ,  Yi-Min Wang ,  Chad Verbowski ,  Helen J. Wang ,  Samuel King

发明人： Jacob R. Lorch ,  Yi-Min Wang ,  Chad Verbowski ,  Helen J. Wang ,  Samuel King

IPC分类号： G06F7/04 ,  G06F17/30

CPC分类号： H04N21/818 ,  H04N21/4435 ,  H04N21/4437

摘要： In an embodiment of isolation environment-based information access, programs—including operating systems and applications—running on a computing-based device can be isolated in an environment such as a virtual machine. Information including commands and/or data transmitted between the computing-based device and the program(s) being run, as well as information associated with the program(s) and the computing-based device, is accessed without being detected by the program(s). In one implementation, the information includes state information as well as commands and/or data—including sensitive information, such as usernames and passwords. In another implementation, the information can be used to secretly access the program(s).

摘要翻译： 在基于隔离环境的信息访问的实施例中，可以在诸如虚拟机的环境中隔离在基于计算的设备上运行的程序（包括操作系统和应用）。 访问包括在基于计算的设备和正在运行的程序之间传送的命令和/或数据的信息以及与程序和基于计算的设备相关联的信息，而不被程序检测到 s）。 在一个实现中，信息包括状态信息以及诸如用户名和密码的敏感信息的命令和/或数据。 在另一实现中，该信息可用于秘密地访问该程序。

公开(公告)号：US07698305B2

公开(公告)日：2010-04-13

申请号：US11566170

申请日：2006-12-01

申请人： Chad Verbowski ,  Juhan Lee ,  Xiaogang Liu ,  Roussi Roussev ,  Yi-Min Wang

发明人： Chad Verbowski ,  Juhan Lee ,  Xiaogang Liu ,  Roussi Roussev ,  Yi-Min Wang

IPC分类号： G06F17/30

CPC分类号： G06F21/552 ,  G06F11/3644 ,  G06F21/57 ,  G06F2221/2101

摘要： Systems and methods for implementing system management which are based on reviewing of the interactions between one or more programs and the persistent state they tend to represent. The system provides for detection of modifications that occur within a system, verifying whether the modifications are approved or not and generating notifications on detecting unknown modifications.

摘要翻译： 基于对一个或多个程序之间的相互作用的审查以及他们倾向于表示的持续状态来实现系统管理的系统和方法。 该系统提供对系统内发生的修改的检测，验证修改是否被批准，并且在检测未知修改时产生通知。

公开(公告)号：US20080133972A1

公开(公告)日：2008-06-05

申请号：US11566170

申请日：2006-12-01

申请人： Chad Verbowski ,  Juhan Lee ,  Xiaogang Liu ,  Roussi Roussev ,  Yi-Min Wang

发明人： Chad Verbowski ,  Juhan Lee ,  Xiaogang Liu ,  Roussi Roussev ,  Yi-Min Wang

IPC分类号： G06F11/30 ,  G06F12/16

CPC分类号： G06F21/552 ,  G06F11/3644 ,  G06F21/57 ,  G06F2221/2101

摘要： Systems and methods for implementing system management which are based on reviewing of the interactions between one or more programs and the persistent state they tend to represent. The system provides for detection of modifications that occur within a system, verifying whether the modifications are approved or not and generating notifications on detecting unknown modifications.

摘要翻译： 基于对一个或多个程序之间的相互作用的审查以及他们倾向于表示的持续状态来实现系统管理的系统和方法。 该系统提供对系统内发生的修改的检测，验证修改是否被批准，并且在检测未知修改时产生通知。

公开(公告)号：US20070006323A1

公开(公告)日：2007-01-04

申请号：US11214131

申请日：2005-08-29

申请人： Chad Verbowski ,  John Dunagan ,  Shuo Chen ,  Yi-Min Wang

发明人： Chad Verbowski ,  John Dunagan ,  Shuo Chen ,  Yi-Min Wang

IPC分类号： H04L9/32 ,  H04N7/16 ,  G06F17/30 ,  H04L9/00 ,  G06F7/04 ,  G06K9/00 ,  H03M1/68 ,  H04K1/00

CPC分类号： G06F21/6218 ,  G06F2221/2101

摘要： A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.

公开(公告)号：US20060031673A1

公开(公告)日：2006-02-09

申请号：US10997768

申请日：2004-11-23

申请人： Douglas Beck ,  Aaron Johnson ,  Roussi Roussev ,  Chad Verbowski ,  Binh Vo ,  Yi-Min Wang

发明人： Douglas Beck ,  Aaron Johnson ,  Roussi Roussev ,  Chad Verbowski ,  Binh Vo ,  Yi-Min Wang

IPC分类号： H04L9/00

CPC分类号： G06F21/565

摘要： A method and system for detecting that a software system has been infected by software that attempts to hide properties related to the software system is provided. A detection system identifies that a suspect operating system has been infected by malware by comparing properties related to the suspect operating system as reported by the suspect operating system to properties as reported by another operating system that is assumed to be clean. The detection system compares the reported properties to the actual properties to identify any significant differences. A significant difference, such as the presence of an actual file not reported by the suspect operating system, may indicate that the suspect storage device is infected.

公开(公告)号：US20050268112A1

公开(公告)日：2005-12-01

申请号：US10952336

申请日：2004-09-28

申请人： Yi-Min Wang ,  Chad Verbowski ,  Aaron Johnson ,  Roussi Roussev

发明人： Yi-Min Wang ,  Chad Verbowski ,  Aaron Johnson ,  Roussi Roussev

IPC分类号： G06F21/22 ,  G06F1/00 ,  G06F9/445 ,  G06F11/00 ,  G06F11/30 ,  G06F12/14 ,  G06F21/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： G06F21/51 ,  G06F21/554

摘要： A monitoring service is provided that detects spyware or other unwanted software at the time it is installed and/or allows for the spyware's removal. The service monitors “Auto-Start Extensibility Points” (“ASEPs”) to detect spyware installations. ASEPs refer to the configuration points that can be “hooked” to allow programs to be auto-started without explicit user invocation. Such a service is particularly effective because an overwhelming majority of spyware programs infect systems in such a way that they are automatically started upon reboot and the launch of many commonly used applications. The monitoring service can thus lead to the subsequent complete removal of the spyware installation, and does not require a frequent signature-based cleaning. Spyware that is bundled with other software such as freeware or shareware can also be removed.

摘要翻译： 提供了一种监视服务，用于在安装时检测间谍软件或其他不需要的软件和/或允许间谍软件的删除。 该服务监视“自动启动扩展点”（“ASEP”）以检测间谍软件安装。 ASEP是指可以“挂钩”以允许程序在没有显式用户调用的情况下自动启动的配置点。 这样的服务是特别有效的，因为绝大多数间谍软件程序以这样的方式感染系统，使得它们在重新启动时自动启动并启动许多常用的应用程序。 因此，监视服务可以导致间谍软件安装的后续完全删除，并且不需要频繁的基于签名的清理。 与其他软件（如免费软件或共享软件）捆绑在一起的间谍软件也可以被删除。

公开(公告)号：US07756987B2

公开(公告)日：2010-07-13

申请号：US11696580

申请日：2007-04-04

申请人： Yi-Min Wang ,  Douglas Beck ,  Chad Verbowski ,  Bradford Daniels ,  Ming Ma

发明人： Yi-Min Wang ,  Douglas Beck ,  Chad Verbowski ,  Bradford Daniels ,  Ming Ma

IPC分类号： G06F15/173

CPC分类号： G06F21/6218 ,  G06F2221/2149 ,  H04L29/12594 ,  H04L61/3015 ,  H04L61/303

摘要： An exemplary method includes providing a typographically erroneous domain name, tracing the domain name where tracing includes entering the domain name as part of a URL and recording one or more subsequent URLs, identifying a domain parking service for the domain name based at least in part on information in one of the recorded URLs, determining client identification information in at least one of the recorded URLs where the client identification information identifies a customer of the domain parking service and blocking one or more domain names based at least in part on the client identification information. Other exemplary technologies are also disclosed.

摘要翻译： 一种示例性方法包括提供排版错误的域名，跟踪域名，其中跟踪包括作为URL的一部分输入域名并记录一个或多个后续URL，至少部分地基于域名来标识域名停放服务 在记录的URL之一中的信息，确定至少一个记录的URL中的客户端标识信息，其中客户识别信息识别域停车服务的客户并且至少部分地基于客户端标识信息来阻止一个或多个域名 。 还公开了其它示例性技术。

公开(公告)号：US20080250159A1

公开(公告)日：2008-10-09

申请号：US11696580

申请日：2007-04-04

申请人： Yi-Min Wang ,  Douglas Beck ,  Chad Verbowski ,  Bradford Daniels ,  Ming Ma

发明人： Yi-Min Wang ,  Douglas Beck ,  Chad Verbowski ,  Bradford Daniels ,  Ming Ma

IPC分类号： G06F15/173

CPC分类号： G06F21/6218 ,  G06F2221/2149 ,  H04L29/12594 ,  H04L61/3015 ,  H04L61/303

摘要： An exemplary method includes providing a typographically erroneous domain name, tracing the domain name where tracing includes entering the domain name as part of a URL and recording one or more subsequent URLs, identifying a domain parking service for the domain name based at least in part on information in one of the recorded URLs, determining client identification information in at least one of the recorded URLs where the client identification information identifies a customer of the domain parking service and blocking one or more domain names based at least in part on the client identification information. Other exemplary technologies are also disclosed.

摘要翻译： 一种示例性方法包括提供排版错误的域名，跟踪域名，其中跟踪包括作为URL的一部分输入域名并记录一个或多个后续URL，至少部分地基于域名来标识域名停放服务 在记录的URL之一中的信息，确定至少一个记录的URL中的客户端标识信息，其中客户识别信息识别域停车服务的客户并且至少部分地基于客户端标识信息来阻止一个或多个域名 。 还公开了其他示例性技术。