Rob Clyde

Detecting malware by linking Background Intelligent Transfer Service (BITS) and Scheduled Task Service (STS) activities to a source program. Using send Advanced Local Procedure Call (ALPC) messages and receive ALPC messages, source programs that initiate the creation of temporary files and perform defined operations may be identified. If the source programs responsible for the temporary files and defined operations are determined to be malware programs, a security action may be performed on the… Show more

Detecting malware by linking Background Intelligent Transfer Service (BITS) and Scheduled Task Service (STS) activities to a source program. Using send Advanced Local Procedure Call (ALPC) messages and receive ALPC messages, source programs that initiate the creation of temporary files and perform defined operations may be identified. If the source programs responsible for the temporary files and defined operations are determined to be malware programs, a security action may be performed on the source programs. Show less

A method for controlling access to a computing device includes detecting one or more wireless devices configured as wireless access points. A handshake operation involving the computing device and a key device may then be per-formed. The method further includes receiving, at the computing device and during a calibration phase, wireless sig-nals transmitted by the key device wherein during the calibration phase the computing device determines an approximate signal strength corresponding to a… Show more

A method for controlling access to a computing device includes detecting one or more wireless devices configured as wireless access points. A handshake operation involving the computing device and a key device may then be per-formed. The method further includes receiving, at the computing device and during a calibration phase, wireless sig-nals transmitted by the key device wherein during the calibration phase the computing device determines an approximate signal strength corresponding to a desired distance between the computing device and the key device. Subsequent to the calibration phase, other wireless signals transmitted by the key device are received at the computing device. The method further includes detecting, based upon a received signal strength of the other wireless signals, that the computing device and the key device are separated by at least the desired distance and, in response, electronically locking or otherwise inhibiting user access to the computing device. Show less

A method for controlling access to a computing device which involves detecting, at a key device, one or more wireless devices configured as wireless access points. A handshake operation involving the key device and the computing device is performed wherein the computing device is included among the one or more wireless devices. Wireless signals transmitted by the computing device are received, during a calibration phase, at the key device. During the calibration phase the key device determines… Show more

A method for controlling access to a computing device which involves detecting, at a key device, one or more wireless devices configured as wireless access points. A handshake operation involving the key device and the computing device is performed wherein the computing device is included among the one or more wireless devices. Wireless signals transmitted by the computing device are received, during a calibration phase, at the key device. During the calibration phase the key device determines an approximate signal strength corresponding to a desired distance between the key device and the computing device. Based upon a received signal strength of other wireless signals transmitted by the computing device, it may be detected that the key device and the computing device are separated by at least the desired distance. If so, the computing device may be electronically locked or user access to it otherwise inhibited. Show less

A method of allocating computer resources in a computer system including a multicore processor having a plurality of cores. The method includes monitoring usage of the com­puter resources by processes executing on the computer system and determining, based upon the monitoring, that one of the processes is a high-utilization process consuming greater than a predefined threshold of the computer resources and corresponds to an application in an interactive state. One or more of the plurality of… Show more

A method of allocating computer resources in a computer system including a multicore processor having a plurality of cores. The method includes monitoring usage of the com­puter resources by processes executing on the computer system and determining, based upon the monitoring, that one of the processes is a high-utilization process consuming greater than a predefined threshold of the computer resources and corresponds to an application in an interactive state. One or more of the plurality of cores are allocated to the high-utilization process and other of the plurality of cores are allocated to remaining processes, thereby improv­ing performance of the high-utilization process. Upon detecting the application has transitioned from the interac­tive state, one or more of the cores are previously allocated to the high-utilization process are enabled to be allocated to other than the high-utilization process. Show less

A server includes a scanning module for determining whether an application is free of malware, a module for packaging the application into blocks for delivery via application streaming, a module for providing the blocks to a client on request, and a module for adding to each block an indication of whether the associated application has already been determined to be free of malware. A client includes a module for requesting blocks of a streamed application from the server. When the client… Show more

A server includes a scanning module for determining whether an application is free of malware, a module for packaging the application into blocks for delivery via application streaming, a module for providing the blocks to a client on request, and a module for adding to each block an indication of whether the associated application has already been determined to be free of malware. A client includes a module for requesting blocks of a streamed application from the server. When the client receives a block, it employs a module for verifying that the associated applications have been determined to be free of malware by examining the indication provided by the server. If verification is successful, then the block's code is executed without first receiving and scanning any additional blocks from the server. Show less

When an executable file cannot be run on a client computer until the digital signature has been verified, the streaming server performs the verification if the entire file is not present on the client. More specifically, the client detects requests to verify digital signatures on executable files before allowing them to run. The client determines whether the entire execut­able file is present, and whether the server is trusted to verify digital signatures. If the entire file is not present… Show more

When an executable file cannot be run on a client computer until the digital signature has been verified, the streaming server performs the verification if the entire file is not present on the client. More specifically, the client detects requests to verify digital signatures on executable files before allowing them to run. The client determines whether the entire execut­able file is present, and whether the server is trusted to verify digital signatures. If the entire file is not present locally and the server is trusted, the request to verify the digital signature is passed to the server. The server verifies the digital signature on its complete copy of the executable file, and returns the result to the client. Show less

A computer-implemented method for determining the trustworthiness of a server may comprise: 1) identifying a streaming application that originates from a server, 2) determining a trust level for the server, and then 3) determining, based on the trust level, whether to stream the streaming application from the server. The trust level for the server may be determined by comparing current streams (or portions of current streams) received from the server with prior streams to detect change, by… Show more

A computer-implemented method for determining the trustworthiness of a server may comprise: 1) identifying a streaming application that originates from a server, 2) determining a trust level for the server, and then 3) determining, based on the trust level, whether to stream the streaming application from the server. The trust level for the server may be determined by comparing current streams (or portions of current streams) received from the server with prior streams to detect change, by communicating with peer computing systems or reputation services, and/or by analyzing locally stored information. Corresponding systems and computer-readable media are also disclosed. Show less

In a digital computing system such as the Digital Equip­ment Corporation's VAX computer system which uses the VMS operating system in which terminal devices are connected to the system through terminal depen­dent device drivers coupled to terminal independent device drivers so that the operating system of the com­puter system need not be modified each time a terminal device is added or subtracted, a system and method is provided for effectively paralleling an auxiliary termi­nal with a selected… Show more

In a digital computing system such as the Digital Equip­ment Corporation's VAX computer system which uses the VMS operating system in which terminal devices are connected to the system through terminal depen­dent device drivers coupled to terminal independent device drivers so that the operating system of the com­puter system need not be modified each time a terminal device is added or subtracted, a system and method is provided for effectively paralleling an auxiliary termi­nal with a selected terminal of the system so that the selected terminal can be monitored for instruction, secu­rity, audit, or other purposes, by creating a user control­ling driver and a user controlling device coupled thereto, and coupling the user controlling driver and user controlling device combination between the termi­nal independent device driver and the terminal depen­dent device driver associated with the terminal device to be paralleled so that the output of the terminal inde­pendent device driver intended for the terminal depen­dent device driver passes through the user controlling driver and user controlling device before arriving at the terminal dependent device driver and the output of the terminal dependent device driver intended for the ter­minal independent device driver passes through the user controlling driver and user controlling device be­fore arriving at the terminal independent device driver and making the information passing through the user controlling driver available to the auxiliary terminal device. Show less