What is claimed is:
1. An attachment apparatus for a handheld portable computer having a display comprising:
an attachment portion for receiving and securing the handheld computer,
a camera assembly mounting to the attachment portion for providing image data from the camera assembly to the handheld computer; and
means for coupling the handheld computer to the camera assembly for transferring image data to be displayed on the display of the handheld computer.
2. The attachment apparatus as recited in claim 1, wherein the attachment portion is adjustable to receive handheld computers of different sizes.
3. The attachment apparatus as recited in claim 1, wherein the means for coupling includes a connector mounted on the attachment portion for engaging an interface on the handheld computer.
4. The attachment apparatus as recited in claim 1, wherein the handheld computer is a personal digital assistant.
5. The attachment apparatus as recited in claim 1, wherein the attachment portion includes a stand for supporting the attachment portion.
6. The attachment apparatus as recited in claim 1, further comprises a rotating lens portion of the camera assembly for rotating a lens to provide versatility for capturing images.
7. An image capture system for use with handheld computing devices having a display comprising:
a cradle for detachably receiving and securing the handheld computing device, the cradle having a camera assembly for providing image data to the handheld computing device; and
a data link coupling the handheld computing device to a computer for processing image data received by the camera assembly in the handheld computing device and transmitting the image data to the computer.
8. The system as recited in claim 7, wherein the cradle is adjustable to receive handheld computing devices of different sizes.
9. The system as recited in claim 7, wherein the data link includes a cable.
10. The system as recited in claim 9, wherein the cable provides a data transfer rate of about at least 12 Mbitssec.
11. The system as recited in claim 7, wherein the hand held computing device is a personal digital assistant.
12. The system as recited in claim 7, wherein the cradle includes a stand for supporting the cradle and the computing device.
13. The system as recited in claim 7, wherein the data link includes a wireless data link.
14. The system as recited in claim 7, further comprises a rotating lens portion of the camera assembly for rotating a lens about the camera assembly for capturing images.
15. The system as recited in claim 7, wherein the computing device performs image compression and processing.
16. The system as recited in claim 7, wherein the cradle includes a power connection for providing power to the camera assembly and the computing device.
17. The system as recited in claim 7, wherein the computer is linked to a communications network for transmitting and receiving images over the network.
18. The system as recited in claim 7, wherein the cradle includes a power source for providing power to the camera assembly.
19. The system as recited in claim 7, wherein the cradle includes a power source for providing power to the computing device.
20. A video conferencing and still image capture system comprising:
a personal digital assistant (PDA);
a cradle for detachably receiving and securing the PDA for interfacing with a computer;
a camera assembly adjustably attached to the cradle, the camera assembly including an imager for providing video and still image data to the PDA for image processing; and
a data cable coupling the cradle to the computer for connecting the PDA to the computer for transmitting and receiving the video and still image data over a communications network.
21. The system as recited in claim 20, wherein the cradle is adjustable to receive handheld computing devices of different sizes.
22. The system as recited in claim 20, wherein the data cable provides data transfer at a rate of at least about 12 Mbitssec.
23. The system as recited in claim 20, wherein the cradle includes a stand for supporting the cradle and the computing device.
24. The system as recited in claim 20, further comprises a rotating lens portion of the camera assembly for rotating a lens thereabout for capturing images.
25. The system as recited in claim 20, wherein the PDA performs image compression and processing.
26. The system as recited in claim 20, wherein the cradle includes a power connection for providing power to the camera assembly and the PDA.
27. The system as recited in claim 20, wherein the cradle includes a power source for providing power to the camera assembly.
28. The system as recited in claim 20, wherein the cradle includes a power source for providing power to the computing device.
The claims below are in addition to those above.
All refrences to claim(s) which appear below refer to the numbering after this setence.
1. A computer-implemented method for reevaluating apparently benign behavior on computing devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
receiving a plurality of reports from a plurality of computing systems that indicate that an attack that targeted each of the plurality of computing systems reached a specific stage on each of the plurality of computing systems;
identifying behavioral data that comprises, for each computing system within the plurality of computing systems, a plurality of activities that the computing system observed before the attack reached the specific stage on the computing system, wherein the plurality of activities are of a type of activity that is relevant to detecting a prior stage of the attack that precedes the specific stage of the attack;
analyzing the behavioral data to correlate the attack with at least one activity observed before the attack reached the specific stage on at least one of the plurality of computing systems;
determining that the activity is suspect based at least in part on correlating the attack with the activity.
2. The computer-implemented method of claim 1, wherein a security system on at least one targeted computing system within the plurality of computing systems observed the activity but failed to detect the attack at the prior stage and an additional security system on the targeted computing system detected the attack at the specific stage.
3. The computer-implemented method of claim 1, wherein the plurality of activities comprises activities previously determined to be benign.
4. The computer-implemented method of claim 1, wherein the specific stage of the attack comprises the attack causing network activity.
5. The computer-implemented method of claim 4, wherein the prior stage of the attack comprises the attack injecting a known legitimate process with a malicious process.
6. The computer-implemented method of claim 4, wherein the prior stage of the attack comprises the attack downloading a malicious file.
7. The computer-implemented method of claim 4, wherein the prior stage of the attack comprises a browser exploit.
8. The computer-implemented method of claim 4, wherein the prior stage of the attack comprises a client system accessing a malicious Internet resource.
9. The computer-implemented method of claim 1, wherein the specific stage of the attack comprises the attack injecting a known legitimate process with a malicious process.
10. The computer-implemented method of claim 9, wherein the prior stage of the attack comprises the attack downloading a malicious file that includes the malicious process.
11. The computer-implemented method of claim 1, wherein the specific stage of the attack comprises the attack downloading a malicious file.
12. The computer-implemented method of claim 11, wherein the prior stage of the attack comprises a browser exploit.
13. The computer-implemented method of claim 1, wherein the specific stage of the attack comprises a browser exploit.
14. The computer-implemented method of claim 13, wherein the prior stage of the attack comprises a client system accessing a malicious Internet resource.
15. The computer-implemented method of claim 1, further comprising creating, based on the activity, a signature that is useable by a security system to detect the attack at the prior stage.
16. The computer-implemented method of claim 1, further comprising sending information that can be used to recognize the prior stage of the attack to at least one of the plurality of computing systems.
17. The computer-implemented method of claim 1, wherein analyzing the behavioral data further comprises filtering out known legitimate activity that is not connected to the attack from the plurality of activities.
18. The computer-implemented method of claim 1, wherein identifying the plurality of activities comprises identifying, for each computing system within the plurality of computing systems, activities that occurred on the computing system within a predetermined time span before the attack was detected on the computing system.
19. A system for reevaluating apparently benign behavior on computing devices, the system comprising:
a receiving module that receives a plurality of reports from a plurality of computing systems that indicate that an attack that targeted each of the plurality of computing systems reached a specific stage on each of the plurality of computing systems;
an identification module that identifies behavioral data that comprises, for each computing system within the plurality of computing systems, a plurality of activities that the computing system observed before the attack reached the specific stage on the computing system, wherein the plurality of activities are of a type of activity that is relevant to detecting a prior stage of the attack that precedes the specific stage of the attack;
an analysis module that analyzes the behavioral data to correlate the attack with at least one activity observed before the attack reached the specific stage on at least one of the plurality of computing systems;
a determination module that determines that the activity is suspect based at least in part on correlating the attack with the activity;
at least one processor configured to execute the receiving module, the identification module, the analysis module, and the determination module.
20. A non-transitory computer-readable-storage medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
receive a plurality of reports from a plurality of computing systems that indicate that an attack that targeted each of the plurality of computing systems reached a specific stage on each of the plurality of computing systems;
identify behavioral data that comprises, for each computing system within the plurality of computing systems, a plurality of activities that the computing system observed before the attack reached the specific stage on the computing system, wherein the plurality of activities are of a type of activity that is relevant to detecting a prior stage of the attack that precedes the specific stage of the attack;
analyze the behavioral data to correlate the attack with at least one activity observed before the attack reached the specific stage on at least one of the plurality of computing systems;
determine that the activity is suspect based at least in part on correlating the attack with the activity.