A method can include identifying fixed instructions of the instructions and relocatable instructions of the instructions, the fixed instructions reference another instruction of the instructions and the relocatable instructions do not reference another instruction of the instructions, altering the location of the relocatable instructions relative to one another in the memory and add respective reference instructions to the fixed instructions and relocatable instructions that cause the instructions to be executed in a same order as they would be if the location was not altered, and executing the fixed instructions and the relocatable instructions from their altered locations in the medium.

Variety of approaches to control file hydration behavior are described. A filter driver initiates operations to control file hydration behavior upon receiving a process identifier (PID) registration from a synchronization engine. Upon receiving a file operation request associated with a placeholder file, a PID and a process name associated with the file operation is identified. A hydration behavior is detected based on the PID or the process name. A decision associated with the file operation request is rendered based on the hydration behavior.

The disclosed computer-implemented method for altering time data may include (i) identifying an untrusted executable that is capable of making queries to an operating system of the computing device, (ii) intercepting a request by the untrusted executable to query a system clock of the operating system of the computing device for a current time, (iii) calculating an offset value for the current time that is within a predetermined margin of the current time, and (iv) providing, in response to the request, the untrusted executable with the offset value for the current time instead of the current time. Various other methods, systems, and computer-readable media are also disclosed.

A real time, on-the-fly data encryption system is operable to encrypt and decrypt data flow between a secure processor and an unsecure external memory systen. Multiple memory segments are supported, each with its own separate encryption capability, or no encryption at all. Data integrity is ensured by hardware protection from code attempting to access data across memory segment boundaries. Protection is also provided against dictionary attacks by monitoring multiple access attempts to the same memory location.

A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The method includes steps of: providing a security device that is a separate unit from components necessary to operate the computer; storing a symmetric private key on the security device; using the device symmetric private key to produce an encrypted application program upon first installation; thereafter decrypting that part of the encrypted application program needed implement a command to run the application program; and, decrypting, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.

A protector server located in the Web traffic between an end-user computer and a Web site intercepts requests for Web pages from the Web site. The server inserts protection code into a Web page returned to the user computer which executes within the user browser. The code disables malware executing within the user browser by establishing itself as an event handler, finding likely malware in the stack, and disabling it. The code thwarts host-based malware by establishing itself as an event handler, and encrypting data fields of forms before the form is submitting to the operating system of the user computer. The code detects a Web inject attack by calculating a fingerprint for a form on the Web page and sending that fingerprint to the server. The server compares that fingerprint with one previously calculated for the form and generates an alert if different. The code detects a phishing attack by sending a notification to the server indicating within which domain it is executing. The server generates an alert if the received domain is different from an expected domain. The server provides a Web application firewall.

A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code.

A file system extension for an endpoint controls access to files by selectively decrypting files under certain conditions. Where a pattern of access to the files suggests malicious and/or automated file access activity, the file system extension may limit the rate of file access by regulating the rate at which decryption is provided to requesting processes.

Techniques for automation of browsing mode switching are described. According to various implementations, a web browser is operable in multiple different browsing modes, including a normal browsing mode and a private browsing mode. Techniques described herein enable automatic switching between browsing modes based on different mode triggers, and enable user configuration of various mode change behaviors.

The present invention relates to a storage device for secure authentication, comprising a mass data memory and a security element which enables the secure authentication of a storage device in the presence of further hardware components without the need for a large amount of technical expenditure. The present invention further relates to a corresponding method for providing or producing the proposed storage device and to a computer program product comprising control commands which implement the proposed method.