PivX creates software to deter security breaches in Windows

PivX Solutions has unveiled Qwik-Fix Pro, an intrusion prevention software product which disables or modifies features of...

PivX Solutions has unveiled Qwik-Fix Pro, an intrusion prevention software product which disables or modifies features of Microsoft Windows and the Internet Explorer web browser that are frequent targets of malicious computer hackers and virus writers.

Qwik-Fix Pro is the first product from PivX, which made a name for itself as a security research and consulting company with a knack for uncovering security vulnerabilities in Microsoft products.

Concerned about long delays in issuing patches for critical security holes, PivX researchers, including company founder and chief scientist Geoff Shively, senior security researcher Thor Larholm and chief software architect Oliver Lavery, created Qwik-Fix in 2003 to protect customers and internet users from exploitation using dozens of unpatched IE vulnerabilities.

The product makes temporary changes to the Windows operating system, such as changing Windows configuration settings to close holes that hackers and worms crawl through.

For example, one of the initial security fixes incorporated into the product changed Explorer's configuration to prevent hackers from exploiting the standard implementation of web surfing "zones", or sets of security settings and privileges used by Explorer.

A Qwik-Fix agent can be installed and managed on Windows machines directly or remotely using Microsoft's Active Directory, according to PivX. Once installed, Qwik-Fix Pro periodically checks an update server at PivX or in the customer datacentre for new "fixes".

By shutting down little-used Windows functionality that such threats often exploit, Qwik-Fix can stop internet worms such as Sasser, Bagle and the recent Download.ject attacks even before a virus profile or "definition" has been developed.

More than 250,000 people have already downloaded pre-release versions of the software from PivX's website since September 2003, when PivX first introduced it, said Rob Shively, PivX chairman and chief executive officer.

The company will be reaching out to individuals who downloaded trial versions of the software and encouraging them to buy the full version, he said.

The release of Qwik-Fix comes just a week after Microsoft announced the completion of Windows XP Service Pack 2 (SP2), a major update to the popular operating system that fixes a number of security holes in the product. Given the scope of changes XP SP2 makes to Windows, some IT suppliers and analyst firms have recommended delaying deployment of the patch until compatibility issues can be worked out.

While some of the security fixes used by Qwik-Fix are contained in the SP2 update, Qwik-Fix does not change the underlying Windows code, as does SP2, and can be turned on and off with a single mouse click, said chief software architect Lavery.

The product works with XP SP2 and older versions of Windows and is updated continuously, as PivX researchers identify and develop "quick fixes" for vulnerabilities in Microsoft products. That will be important, as security researchers and malicious hackers begin picking apart SP2 looking for vulnerabilities left untouched or even introduced by the patch, he said.

Qwik-Fix Pro is available immediately and costs $60 (£33) per computer desktop and $500 per server. Volume discounts are available, PivX said.

Paul Roberts writes for IDG News Service

Read more on IT strategy