The technology disclosed herein enables automatic obscuration of a portion of a view shared during a screen sharing session. In a particular embodiment, a method includes receiving a view displayed by a first user system to a first user. The method further includes identifying a portion of the view not to be shared and obscuring the portion of the view to generate a shared view. Also, the method includes transmitting the shared view to a second user system over a real-time screen sharing session, wherein the second user system displays the shared view to a second user.

Audio visual privacy controls can be provided. A privacy service can be configured to interface with multiple filter drivers that are loaded above components of an AV platform to enable the privacy service to selectively block a particular AV app's access to an AV device based on context. A privacy service may leverage a first filter driver to identify an AV app and may leverage a second filter driver to block the AV app's access. The privacy service may consider different types and combinations of context to determine when access to an AV device's stream should be blocked.

Using a computer system, an instruction is received to define or modify a permission constraint corresponding to one or more files. A permission-instruction data set representing the permission constraint is stored in a data store. Subsequent to storing the permission-instruction data, a user request to access a particular file is intercepted. The data store is queried to determine whether any pending permission-instruction data set corresponds to the particular file. In response to the query, it is determined that the permission-instruction data set corresponds to the particular file. A permission constraint of the particular file is added or modified based on the permission-instruction data set. Based on the modified or added permission constraint, it is determined whether and/or an extent to which the user request is authorized. A response to the user request based on the determination as to whether and/or an extent to which the user request is authorized.

Techniques and logic are presented for encrypting and decrypting applications and related data within a multi-processor system to prevent tampering. The decryption and encryption may be performed either between a system bus and a processor's individual L1 cache memory or between a processor's instruction and execution unit and their respective L1 caches. The logic may include one or more linear feedback shift registers (LFSRs) that may be used for generation of unique sequential address related codes to perform the decryption of instructions and transformation logic that may be used for generation of equivalent offset address related codes to perform decryption and encryption of data. The logic may also be programmable and may be used for test purposes.

A file system extension for an endpoint controls access to files by selectively decrypting files under certain conditions. Where a pattern of access to the files suggests malicious and/or automated file access activity, the file system extension may limit the rate of file access by regulating the rate at which decryption is provided to requesting processes.

A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.

Techniques for automation of browsing mode switching are described. According to various implementations, a web browser is operable in multiple different browsing modes, including a normal browsing mode and a private browsing mode. Techniques described herein enable automatic switching between browsing modes based on different mode triggers, and enable user configuration of various mode change behaviors.

A computer-implemented method for generating a secured software application, involves receiving a source software application which has instructions for processing by a process virtual machine. The method involves generating a secured software application comprising a first set of bytecode instructions derived from the source software application, a second set of the bytecode instructions derived from the source software application, and a security component. The first set of bytecode instructions are for processing on a first process virtual machine, in a first process, on a target processing system. The security component comprises instructions which, when executed on the target processing system, will cause the target processing system to provide a second process virtual machine in a second process where it will process instructions from the second set of bytecode instructions.

Sharing context between web frames increases consistent application of security policies, without requiring changes to a document object model. A proxy receives a first request implicating a first web frame and its URL, potentially issues a sub-request and gets a sub-response, and creates a first response to the first request, including a context in frame creation or frame navigation code. Thus, context such as a domain identification is made available for sharing between the first web frame and a second web frame without altering a document object model of a web page of the first web frame, and without imposing a same-origin policy workaround. Sharing the context allows the proxy to ascertain a policy based on the context, so it can apply the policy in reactions to subsequent requests. Context sharing allows window frames to be associated together in the proxy, and informs browser rendering.

A proxy system is installed on a computing device that is in the network path between the device and the Internet. The proxy system, residing on the computing device, decrypts and inspects all traffic going in and out of the computing device.