All The Claims

1. A system for collecting falling mortar, said system comprising a masonry wall and one or more mortar stoppers, wherein:
said wall comprises a front side, a backside, and a plurality of mortar spaces between components forming said wall;
said mortar stopper comprises a longitudinally extending surface comprising an indicator defining an inserting portion and a mortar collecting portion of said mortar stopper;
said inserting and mortar collecting portions are integral to said mortar stopper;
said inserting portion is inserted into said mortar spaces along said backside of said wall;
said mortar collecting portion extends from said backside of said wall such that said mortar collecting portion collects said mortar as said mortar falls from said mortar spaces of said backside of said wall; and
said indicator is positioned along said longitudinally extending surface such that said indicator indicates an appropriate length of insertion of said inserting portion into said wall sufficient for said mortar stopper to support said mortar collecting portion and said falling mortar collected by said mortar collecting portion.
2. The system of claim 1, wherein said longitudinally extending surface of said mortar stopper is a substantially flat surface such that said inserting and mortar collecting portions and said indicator are co-planar.
3. The system of claim 2, wherein said indicator is a score line or other visual indicator.
4. The system of claim 1, wherein said longitudinally extending surface of said mortar stopper is a curved surface.
5. The system of claim 1, wherein said longitudinally extending surface of said mortar stopper is an angular surface such that said inserting and mortar collecting portions are in different planes of said angular surface.
6. The system of claim 5, wherein said indicator is an apex of an angle in said angular surface of said mortar stopper.
7. The system of claim 1, wherein said mortar stopper is configured such that said mortar stopper is interchangeably positionable along said backside of said wall.
8. The system of claim 1, wherein said inserting and mortar collecting portions comprise a plurality of apertures.
9. The system of claim 1, wherein said indicator is positioned along said longitudinally extending surface such that said indicator indicates an appropriate length of extension of said mortar collecting portion from said wall sufficient for said mortar stopper to collect said falling mortar.
10. The system of claim 1, wherein said indicator comprises one or more projections that project from said longitudinally extending surface of said mortar stopper.
11. The system of claim 10, wherein said projections of said indicator obstruct said mortar stopper from inserting into said wall beyond said indicator defining said inserting portion and said mortar collecting portion.
12. The system of claim 10, wherein said projections of said indicator span said mortar space such that said projections obstruct said mortar from falling from said mortar space where said mortar stopper is installed.
13. The system of claim 1, wherein said inserting portion is inserted into said mortar spaces any length sufficient for said inserting portion to adhere to said wall as said mortar in said mortar spaces cures and for said mortar stopper to support said mortar collecting portion and said falling mortar collected by said mortar collecting portion.
14. The system of claim 1, wherein said inserting portion adheres to said wall as said mortar in said mortar spaces cures.
15. The system of claim 1, wherein said longitudinally extending surface of said mortar stopper further comprises a plurality of grooves.
16. The system of claim 1, wherein:
said inserting portion of said mortar stopper further comprises one or more extensions; and
said extensions define a height of said mortar space, wherein said height of said mortar space defines amount of said mortar to be placed in said mortar space.
17. The system of claim 16, wherein said extensions are configured to anchor said inserting portion in said mortar in said mortar spaces.
18. The system of claim 1, wherein:
said mortar collecting portion comprises one or more extensions; and
said extensions confine at least a portion of said mortar collected by said mortar collecting portion to said mortar collecting portion.
19. The system of claim 1, wherein said mortar stoppers are staggered along said backside of said wall above a ground surface such that said mortar stoppers collect said falling mortar and drain moisture to said ground surface from various areas of said backside of said wall.
20. A system for collecting falling mortar, said system comprising a cinder block wall and one or more mortar stoppers, wherein:
said wall comprises a plurality of cinder blocks and a plurality of mortar spaces between said cinder blocks forming said wall, wherein each of said cinder blocks comprise a top side, a bottom side, and an interior portion, said interior portion comprising one or more openings through said top and bottom sides of said cinder block;
said mortar stopper is installed on said top side of said cinder block such that said mortar stopper is positioned in said mortar space between said cinder blocks;
said mortar stopper comprises a substantially planar surface comprising a plurality of apertures and one or more vertically oriented spacing ribs;
said mortar stopper collects mortar as said mortar falls within said interior portions of said cinder blocks of said wall; and
said mortar stopper adheres to said wall as said mortar cures.
21. The system of claim 20, wherein:
said spacing ribs guide said formation of said wall by defining a height of said mortar space, wherein said height of said mortar space defines amount of said mortar to be placed in said mortar space during said formation of said wall;
said spacing ribs further anchor said mortar stopper in said mortar in said mortar spaces; and
said spacing ribs extend from said substantially planar surface a sufficient amount to provide a substantial amount of structural rigidity to said mortar stopper sufficient for said mortar stopper to support said falling mortar collected by said mortar stopper without substantial deformation to said planar surface.
22. A method comprising:
providing a system for collecting falling mortar, said system comprising a masonry wall and one or more mortar stoppers, wherein:
said wall comprises a front side, a backside, and a plurality of mortar spaces between components forming said wall;
said mortar stopper comprises a longitudinally extending surface comprising an indicator defining an inserting portion and a mortar collecting portion of said mortar stopper;
said inserting and mortar collecting portions are integral to said mortar stopper; and
said indicator is positioned along said longitudinally extending surface such that said indicator indicates an appropriate length of insertion of said inserting portion into said wall sufficient for said mortar stopper to support said
mortar collecting portion and said falling mortar collected by said mortar collecting portion;

inserting said inserting portion into said mortar spaces along said backside of said wall;
collecting with said mortar collecting portion that extends from said backside of said wall said mortar as said mortar falls from said mortar spaces; and
draining moisture from said backside of said wall and said mortar stoppers to a ground surface substantially free of said mortar.

The claims below are in addition to those above.
All refrences to claim(s) which appear below refer to the numbering after this setence.

1. A method for managing hierarchically structured information, the method comprising:
creating a plurality of hash tables based on a composite key, wherein key values associated with the composite key are hierarchically related based on multiple levels;
wherein each hash table corresponds to a particular level of the multiple levels; and
storing, within each of the plurality of hash tables, entries that are associated with key values that have as many levels as the particular level that corresponds to the respective hash table.
2. The method of claim 1 comprising:
storing within each entry a reference to a descendant entry, if any, that is in a respective hash table of the plurality of hash tables.
3. The method of claim 1 comprising:
storing the plurality of hash tables in a cache.
4. The method of claim 3 comprising:
maintaining a counter, for each entry, of a number of times that the respective entry is accessed;
determining which entry is least frequently accessed based on the counters for the entries;
deleting the entry that is least frequently accessed.
5. The method of claim 1 comprising:
creating a hash table index for identifying the location of each of the plurality of hash tables.
6. The method of claim 1, comprising:
creating a hash table array for storing the plurality of hash tables;
creating a hash table array index for the hash table array, and
using the hash table array index to identify the location of a hash table of the plurality of hash tables in the hash table array.
7. The method of claim 1 comprising:
dynamically allocating memory for a hash table of the plurality of hash tables upon meeting a specified condition associated with the hash table.
8. The method of claim 1 comprising:
dynamically deallocating memory for a hash table of the plurality of hash tables upon meeting a specified condition associated with the hash table.
9. The method of claim 1, wherein the key values are names associated with respective name-value pairs and the managed information are values associated with the respective name-value pairs, and wherein the steps of creating and storing are based on the name-value pairs.
10. The method of claim 9, wherein the value of at least one of the name-value pairs is null, and wherein the steps of creating and storing are based on the name-value pairs.
11. The method of claim 9, wherein the names of the name-value pairs are Universal Resource locators and the values of the name-value pairs are content associated with a respective Universal Resource Locator.
12. The method of claim 1 comprising:
storing the plurality of hash tables in a cluster repository.
13. A method for managing hierarchically structured information, the method comprising:
determining how many levels exist in a particular key name;
creating a respective hash table for each level of the particular key name for which a hash table has not yet been created;
computing a hash key for each key component of the particular key name; and
storing entries in the hash tables that correspond to key components that correspond to each level of the particular key name, wherein the location of each entry in a respective hash table is identified by a respective hash key.
14. A method for locating hierarchically structured information, the method comprising:
determining how many levels exist in a particular key name of a key domain;
locating a particular hash table from a plurality of hash tables, wherein each of the plurality of hash tables corresponds to a particular level of a hierarchy of the key domain, wherein the Particular hash table corresponds to the number of levels that exist in the particular key name;
computing a hash key for the particular key name; and
locating in the particular hash table, based on the hash key, an entry associated with the particular key name.
15. A method for deleting hierarchically structured information, the method comprising:
determining how many levels exist in a particular key name of a key domain;
locating a particular hash table from a plurality of hash tables, wherein each of the plurality of hash tables corresponds to a particular level of a hierarchy of the key domain, wherein the particular hash table corresponds to the number of levels that exist in the particular key name;
computing a hash key for the particular key name;
locating in the particular hash table, based on the hash key, an entry associated with the particular key name; and
deleting the entry associated with the particular key name.
16. A method for recursively deleting hierarchically structured information, the method comprising:
determining how many levels exist in a particular key name of a key domain;
locating a first hash table from a plurality of hash tables, wherein each of the plurality of hash tables corresponds to a particular level of a hierarchy of the key domain, wherein the particular hash table corresponds to the number of levels that exist in the particular key name;
computing a hash key for the particular key name;
locating in the first hash table, based on the hash key, a first entry associated with the particular key name;
using one or more references from the first entry to locate descendant entries of the particular key name in respective hash tables of the plurality of hash tables; and
deleting the first entry and the descendant entries.
17. A method for locating information associated with a second key name that is a child of a first key name in a hierarchy, the method comprising:
locating, based on the first key name, a first entry in a first hash table, wherein the first entry is associated with the first key name;
reading, from the first entry, information that identifies a location of a second entry associated with the second key name, wherein the location is in a second hash table different from the first hash table; and
locating the second entry in the second hash table based on the information that identifies the location of the second entry.
18. A computer-readable medium carrying one or more sequences of instructions for managing hierarchically structured information, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
creating a plurality of hash tables based on a composite key, wherein key values associated with the composite key are hierarchically related based on multiple levels;
wherein each hash table corresponds to a particular level of the multiple levels; and
storing, within each of the plurality of hash tables, entries that are associated with key values that have as many levels as the particular level that corresponds to the respective hash table.
19. The computer-readable medium of claim 18 wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the step of:
storing within each entry a reference to a descendant entry, if any, that is in a respective hash table of the plurality of hash tables.
20. The computer-readable medium of claim 18 wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the step of:
storing the plurality of hash tables in a cache.
21. The computer-readable medium of claim 20 wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the step of:
maintaining a counter, for each entry, of a number of times that the respective entry is accessed;
determining which entry is least frequently accessed based on the counters for the entries;
deleting the entry that is least frequently accessed.
22. The computer-readable medium of claim 18 wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the step of:
creating a hash table index for identifying the location of each of the plurality of hash tables.
23. The computer-readable medium of claim 18 wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the step of:
creating a hash table array for storing the plurality of hash tables;
creating a hash table array index for the hash table array, and
using the hash table array index to identify the location of a hash table of the plurality of hash tables in the hash table array.
24. The computer-readable medium of claim 18 wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the step of:
dynamically allocating more memory for a hash table of the plurality of hash tables upon meeting a specified condition associated with the hash table.
25. The computer-readable medium of claim 18, wherein the key values are names associated with respective name-value pairs and the managed information are values associated with the respective name-value pairs, and wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of creating and storing based on the name-value pairs.
26. The computer-readable medium of claim 25, wherein at least one value of the name-value pairs is null, and wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of creating and storing based on the name-value pairs.
27. The computer-readable medium of claim 25, wherein the names of the name-value pairs are Universal Resource Locators and the values of the name-value pairs are content associated with a respective Universal Resource Locator, and wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of creating and storing based on the name-value pairs.
28. The computer-readable medium of claim 18 wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the step of:
storing the plurality of hash tables in a cluster repository.
29. A computer-readable medium carrying one or more sequences of instructions for managing hierarchically structured information, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
determining how many levels exist in a particular key name;
creating a respective hash table for each level of the particular key name for which a hash table has not yet been created;
computing a hash key for each key component of the particular key name; and
storing entries in the hash tables that correspond to each level of the particular key name, wherein the location of each entry in a respective hash table is identified by a respective hash key.
30. A computer-readable medium carrying one or more sequences of instructions for locating hierarchically structured information, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
determining how many levels exist in a particular key name of a key domain;
locating a particular hash table from a plurality of hash tables, wherein each of the plurality of hash tables corresponds to a particular level of a hierarchy of the key domain, wherein the particular hash table corresponds to the number of levels that exist in the particular key name;
computing a hash key for the particular key name; and
locating in the particular hash table, based on the hash key, an entry associated with the particular key name.
31. A computer-readable medium carrying one or more sequences of instructions for deleting hierarchically structured information, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
determining how many levels exist in a particular key name of a key domain;
locating a particular hash table from a plurality of hash tables, wherein each of the plurality of hash tables corresponds to a particular level of a hierarchy of the key domain, wherein the particular hash table corresponds to the number of levels that exist in the particular key name;
computing a hash key for the particular key name;
locating in the particular hash table, based on the hash key, an entry associated with the particular key name; and
deleting the entry associated with the particular key name.
32. A computer-readable medium carrying one or more sequences of instructions for recursively deleting hierarchically structured information, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
determining how many levels exist in a particular key name of a key domain;
locating a first hash table from a plurality of hash tables, wherein each of the plurality of hash tables corresponds to a particular level of a hierarchy of the key domain, wherein the particular hash table corresponds to the number of levels that exist in the particular key name;
computing a hash key for the particular key name;
locating in the first hash table, based on the hash key, a first entry associated with the particular key name;
using one or more references from the first entry to locate descendant entries of the particular key name in respective hash tables of the plurality of hash tables; and
deleting the first entry and the descendant entries.
33. A computer-readable medium carrying one or more sequences of instructions for locating information associated with a second key name that is a child of a first key name in a hierarchy, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
locating, based on the first key name, a first entry in a first hash table, wherein the first entry is associated with the first key name;
reading, from the first entry, information that identifies a location of a second entry associated with the second key name, wherein the location is in a second hash table different from the first hash table; and
locating the second entry in the second hash table based on the information that identifies the location of the second entry.
34. The method of claim 1, wherein each hash table corresponds to only one particular level of the multiple levels and no two hash tables correspond to the same particular level of the multiple levels.

1. A method for achieving synchronization to a wireless communication system transmitting data in a plurality of data packets employing a plurality of known frequencies determined using at least two characteristics alternating in accordance with a known method, wherein at least one of said two characteristics is contained in at least one transmitted data packet, said method comprising the steps of:
recording a time of occurrence for each of a plurality of occurrences of a selected one of said plurality of frequencies;
determining a first characteristic from said at least one transmitted data packet received on said selected frequency;
determining a second characteristic wherein said first characteristic, said determined second characteristic and each of said recorded times of occurrences generate said selected frequency at each of said recorded occurrences of said selected frequency;
determining a time period for determining said first and second characteristic; and
adjusting said second characteristic by said time period.
2. The method as recited in claim 1 wherein said time of occurrence is representative of a measure relative to a time of a first occurrence of said selected frequency.
3. The method as recited in claim 1 wherein said time of occurrence is representative of an absolute measure of time.
4. The method as recited in claim 1 wherein the step of determining said first characteristic comprises:
isolating a known number of information items at a known position within said data packet.
5. The method as recited in claim 1 wherein the step of determining said second characteristic further comprises the steps of:
hypothesizing said second characteristic;
determining a resultant frequency value based on said determined first characteristic and said hypothesized second characteristic; and
storing said hypothesized second characteristic when said resultant frequency value equals said selected frequency.
6. The method as recited in claim 1 wherein said at least one first characteristic is encoded using a known encoding value and process.
7. The method as recited in claim 6 wherein said first characteristic is decoded by reversing said encoding process.
8. The method as recited in claim 7 wherein said decoding processing further comprises the step of;
hypothesizing a decoding value; and
altering said hypothesized decoding value until said encoding value is determined.
9. The method as recited in claim 1 wherein said wireless communication system is a BLUETOOTH system.
10. A system for achieving synchronization to a wireless communication system transmitting data in a plurality of data packets employing a plurality of known frequencies determined in accordance with at least two characteristics alternating using a known method, wherein at least one of said two characteristics is contained in at least one transmitted data packet, said system comprising:
a receiving unit in communication with a processor and memory wherein said processor is operable to execute code to:
tune said receiver to a select one of said plurality of frequencies;
record a time of occurrence for each of a plurality of occurrences of said selected frequency;
determine said first characteristic from said at least one transmitted data packet received on said selected frequency;
determine said second characteristic wherein said determined first characteristic, said determined second characteristic and each of said recorded times of occurrences generate said selected frequency at each of said recorded occurrences of said selected frequency;
determine a time period for determining said first and second characteristic; and
adjust said second characteristic by said time period.
11. The system as recited in claim 10 wherein said time of occurrence is representative of a measure relative to a time of a first occurrence of said selected frequency.
12. The system as recited in claim 10 wherein said time of occurrence is representative of an absolute measure of time.
13. The system as recited in claim 10 wherein said processor is further operable to execute code to:
isolate a known number of bits at a known position within said data packet.
14. The system as recited in claim 10 wherein said processor is further operable to execute code to:
hypothesize said second characteristic;
determine a resultant frequency value based on said determined first characteristic and said hypothesized second characteristic; and
store said hypothesized second characteristic when said resultant frequency value equals said selected frequency.
15. The system as recited in claim 10 wherein said processor is further operable to execute code to:
extract a known number of information items from a known position within said data packets.
16. The system as recited in claim 10 wherein said first characteristic is encoded using a known encoding value and process.
17. The system as recited in claim 16 wherein said processor is further operable to execute code to:
determine said first characteristic is decoded by reversing said encoding process.
18. The system as recited in claim 17 wherein said processor is further operable to execute code to:
hypothesize a decoding value; and
alter said hypothesized decoding value until said encoding value is determined.
19. The system as recited in claim 10 wherein said code is contained in said memory.
20. The system as recited in claim 10 wherein said wireless communication system is a BLUETOOTH system.
21. A method for blindly determining characteristics used for the generation of a plurality of frequencies in a frequency hopping wireless communication system transmitting data in a plurality of data packets, wherein a first one of said characteristics is contained in at least one of said transmitted data packets, said method comprising the steps of:
recording a time of occurrence for each of a plurality of occurrences of a selected one of said plurality of frequencies;
determining said first characteristic from said at least one transmitted data packet received on said selected frequency; and
determining at least one second characteristic wherein said first characteristic, said determined at least one second characteristic and each of said recorded times of occurrences generate said selected frequency at each of said recorded occurrences of said selected frequency wherein said first characteristic comprises a lower address part (LAP) of a BLUETOOTH message.
22. The method as recited in claim 21 wherein said time of occurrence is representative of a measure relative to a time of a first occurrence of said selected frequency.
23. The method as recited in claim 21 wherein said time of occurrence is representative of an absolute measure of time.
24. The method as recited in claim 21 wherein the step of determining first characteristic comprises:
isolating a known number of information items at a known position within said data packet.
25. The method as recited in claim 21 wherein the step of determining said at least one second characteristic further comprises the steps of:
hypothesizing said at least one second characteristic;
determining a resultant frequency value based on said determined first characteristic and said hypothesized at least one second characteristic; and
storing said hypothesized at least one second characteristic when said resultant frequency value equals said selected frequency.
26. The method as recited in claim 21 wherein said first characteristic is encoded using a known encoding value and process.
27. The method as recited in claim 26 wherein said first characteristic is decoded by reversing said encoding process.
28. The method as recited in claim 27 wherein said decoding processing further comprises the step of;
hypothesizing a decoding value; and
altering said hypothesized decoding value until said encoding value is determined.
29. The method as recited in claim 21 wherein said wireless communication system is a BLUETOOTH system.
30. The method as recited in claim 21 wherein said at least one second characteristic is a clock value.
31. The method as recited in claim 1 wherein said first characteristic comprises a lower address part (LAP) of a BLUETOOTH message.
32. The method as recited in claim 1 wherein said second characteristic comprises a master clock value.
33. The system as recited in claim 10 wherein said first characteristic comprises a lower address part (LAP) of a BLUETOOTH message.
34. The system as recited in claim 10 wherein said second characteristic comprises a master clock value.

The claims below are in addition to those above.
All refrences to claim(s) which appear below refer to the numbering after this setence.

1. A computer-implemented method for detecting unknown security threats, the method comprising:
receiving from an antivirus application deployed on a user’s computer information about an unknown security event associated with a software object executing on said computer, and a user’s verdict indicating that the software object is harmful or harmless to the security of said computer;
identifying the user of said computer and a role of said user, wherein the user’s role indicates user’s level of expertise in the field of computer security;
if the role of said user indicates that the user has a high level of expertise in the field of computer security, accepting the user’s verdict that the software object is harmful or harmless;
if the role of said user indicates that the user has a low level of expertise in the field of computer security, analyzing the information about the security event received from the antivirus application to verify that the user’s verdict is correct; and
if the user’s verdict was accepted or verified to be correct, updating an antivirus database, which is associated with the antivirus application and contains information about known harmful and harmless software objects, with said information about the security event and indication that associated software object is harmful or harmless.
2. The method of claim 1 further comprising:
if the user’s verdict was verified to be correct, increasing the user’s level of expertise;
if the user’s level of expertise reached a predefined threshold, increasing user’s role.
3. The method of claim 1, wherein the user’s level of expertise in the field of computer security is based on one or more of:
a total number of computer threats detected by said user;
a number of unique computer threats detected by said user;
a level of user proficiency with the antivirus software;
a frequency of infections of the computer of said user; and
information about programs installed on the user’s computer and the user’s usage of said programs.
4. The method of claim 1 further comprising:
detecting an anomaly in the information received from the antivirus application by comparing the received information with a historical record of threats detected by the user;
decreasing the user’s role based on detection of one or more anomalies.
5. The method of claim 1, wherein different roles have different associated weight coefficients, and wherein the user’s verdict is given a higher or lower weight during verification of said user’s verdict according to the weight coefficient associated with the role of said user.
6. The method of claim 1, wherein, if the information about the security event received from the antivirus application is not sufficient to verify that the user’s verdict is correct or not, the processor is further configured to collect additional information about the security event and the associated software from the computer, wherein the additional information includes one or more of:
information about the security event generated by one or more different security modules of the antivirus application, each module performing a different antivirus analysis;
information about computer’s software and hardware state at the time of occurrence of the security event; and
the date, time and repeat frequency of the security event.
7. The method of claim 1, wherein the software object includes one of an executable file, a data file and a link.
8. A computer-based system for detecting unknown security threats, the system comprising:
a processor configured to:
receive from an antivirus application deployed on a user’s computer information about an unknown security event associated with a software object executing on said computer, and a user’s verdict indicating that the software object is harmful or harmless to the security of the computer;
identify the user of said computer and a role of said user, wherein the user’s role indicates user’s level of expertise in the field of computer security;
if the role of said user indicates that the user has a high level of expertise in the field of computer security, accept the user’s verdict that the software object is harmful or harmless;

if the role of said user indicates that the user has a low level of expertise in the field of computer security, analyze the information about the security event received from the antivirus application to verify that the user’s verdict is correct; and
if the user’s verdict was accepted or verified to be correct, update an antivirus database, which is associated with the antivirus application and contains information about known harmful and harmless software object, with said information about the security event and indication that associated software object is harmful or harmless.
9. The system of claim 8, wherein the processor is further configured to:
if the user’s verdict was verified to be correct, increase the user’s level of expertise;
if the user’s level of expertise reached a predefined threshold, increase user’s role.
10. The system of claim 8, wherein the user’s level of expertise in the field of computer security is based on one or more of:
a total number of computer threats detected by said user;
a number of unique computer threats detected by said user;
a level of user proficiency with the antivirus software;
a frequency of infections of the computer of said user; and
information about programs installed on the user’s computer and the user’s usage of said programs.
11. The system of claim 8, wherein the processor is further configured to:
detect an anomaly in the information received from the antivirus application by comparing the received information with a historical record of threats detected by the user;
decreasing the user’s role based on detection of one or more anomalies.
12. The system of claim 8, wherein different roles have different associated weight coefficients, and wherein the user’s verdict is given a higher or lower weight during verification of said user’s verdict according to the weight coefficient associated with the role of said user.
13. The system of claim 8, wherein, if the information about the security event received from the antivirus application is not sufficient to verify that the user’s verdict is correct or not, collecting additional information about the security event and the associated software from the computer, wherein the additional information includes one or more of:
information about the security event generated by one or more different security modules of the antivirus application, each module performing a different antivirus analysis;
information about computer’s software and hardware state at the time of occurrence of the security event; and
the date, time and repeat frequency of the security event.
14. The system of claim 8, wherein the software object includes one of an executable file, a data file and a link.
15. A computer program product embedded in a non-transitory computer-readable storage medium, the computer-readable storage medium comprising computer-executable instructions for detecting unknown security threats, the medium comprises instructions for:
receiving from an antivirus application deployed on a user’s computer information about an unknown security event associated with a software object executing on said computer, and a user’s verdict indicating that the software object is harmful or harmless to the security of the computer;
identifying the user of said computer and a role of said user, wherein the user’s role indicates user’s level of expertise in the field of computer security;
if the role of said user indicates that the user has a high level of expertise in the field of computer security, accepting the user’s verdict that the software object is harmful or harmless;
if the role of said user indicates that the user has a low level of expertise in the field of computer security, analyzing the information about the security event received from the antivirus application to verify that the user’s verdict is correct; and
if the user’s verdict was accepted or verified to be correct, updating an antivirus database, which is associated with the antivirus application and contains information about known harmful and harmless software object, with said information about the security event and indication that associated software object is harmful or harmless.
16. The product of claim 15 further comprises instructions for:
if the user’s verdict was verified to be correct, increasing the user’s level of expertise;
if the user’s level of expertise reached a predefined threshold, increasing user’s role.
17. The product of claim 15, wherein the user’s level of expertise in the field of computer security is based on one or more of:
a total number of computer threats detected by said user;
a number of unique computer threats detected by said user;
a level of user proficiency with the antivirus software;
a frequency of infections of the computer of said user; and
information about programs installed on the user’s computer and the user’s usage of said programs.
18. The product of claim 15 further comprises instructions for:
detecting an anomaly in the information received from the antivirus application by comparing the received information with a historical record of threats detected by the user;
decreasing the user’s role based on detection of one or more anomalies.
19. The product of claim 15, wherein different roles have different associated weight coefficients, and wherein the user’s verdict is given a higher or lower weight during verification of said user’s verdict according to the weight coefficient associated with the role of said user.
20. The product of claim 15, wherein, if the information about the security event received from the antivirus application is not sufficient to verify that the user’s verdict is correct or not, collecting additional information about the security event and the associated software from the computer, wherein the additional information includes one or more of:
information about the security event generated by one or more different security modules of the antivirus application, each module performing a different antivirus analysis;
information about computer’s software and hardware state at the time of occurrence of the security event; and
the date, time and repeat frequency of the security event.