NEWPORT BEACH, Calif., Nov. 21, 2003 (PRIMEZONE) -- PivX, a leader in Software Security Research, has released a free beta version of a tool called "Qwik-Fix(tm)" which works together with anti-virus and firewall technologies to provide more complete security protection for PC users.
PivX Solutions has released a beta version of Qwik-Fix(tm), a tool that protects personal computers from Web attacks, worms and desktop spam. Qwik-Fix(tm) works by blocking the entry points on Microsoft Windows-based personal computers that allow worms such as Slammer, LovSan/MS Blaster, Klez and Sobig.F to propagate at such an alarming rate.
"The recent spate of insidious attacks on computer systems worldwide calls for a `Qwik-Fix(tm)' that plugs the holes that worm writers have been able to exploit," said Rob Shively, Chairman and CEO of PivX. "Qwik-Fix(tm) is not a substitute for anti-virus and personal firewall technologies, but rather an important addition to the suite of technologies necessary to achieve real security for your PC."
"Qwik-Fix(tm) is an essential platform that allows end-users to apply our constantly released fixes, and acts as a mediator for all the threat mitigations we discover as part of our ongoing high-level vulnerability research," said Thor Larholm, PivX's Senior Security Researcher and chief architect of Qwik-Fix(tm). "Whenever we uncover new threats in Windows, or pathways that allow worm and virus writers to create exploits, we create a targeted counteraction and automatically distribute this small fix to all of our Qwik-Fix(tm) users so that they are safe from the threat. Further, we are releasing several fixes for Qwik-Fix(tm) that proactively secure end-users from future threats by disabling the specific features and/or obscurities in Windows that our security research has demonstrated are prone to threats."
- Qwik-Fix(tm) blocks the pathways that virus and worm writers use to exploit and compromise a user's PC. - Qwik-Fix(tm) protects users from a wide range of vulnerabilities (also called 'vulns') in Internet Explorer including all known command execution vulnerabilities. - Qwik-Fix(tm) protects users against several vulnerability pathways in Windows such as RPC and Messenger Service, to name a few. - Qwik-Fix(tm) is dynamic and updatable. Every time PivX finds new vulns and pathways Qwik-Fix(tm) is updated to protect users until MS develops a patch and until the user installs the patch.
"Microsoft has marshaled substantial internal resources to fight vulnerabilities that researchers such as PivX have found. However, the time that it now takes to develop exploit code such as the MSBlaster worm has decreased to a mere 25 days, as compared to over 250 days for the Code Red and Nimda worms two years ago. No company, Microsoft included, can develop and deploy patches that quickly. And many users have not been as diligent as they should in applying the patches. Taken together, this combination makes the situation very dangerous. It screams out for a simple but creative solution," said Shively.
"Our solution creates a new security category that we are calling Pro-Active Threat Mitigation (PTM). We believe PTM will allow Microsoft the time to create, test and deploy patches in accordance with their recently announced monthly patch release schedule. It will also allow users to be protected during that time period. So everyone wins with Qwik Fix(tm)."
According to CERT at Carnegie Mellon, there were 76,404 reported security attacks in the first two quarters of 2003. By comparison, there were 82,094 attacks in all of 2002. The latest virus (Sobig.f) hit the Internet Aug. 18 and spawned more than a million copies of itself in the first 24 hours alone.
"By applying our free `Qwik Fix(tm)' (which can be downloaded at http://www.pivx.com/QwikFix/ or http://www.Qwik-Fix.net), users can rest assured that their systems are much safer and more secure and they are now protected by an incremental layer of security," says Geoff Shively, CTO PivX.
He adds, "We strongly recommend that Windows users continue to apply the most recent patches from Microsoft once they become available, as Qwik Fix(tm) is not designed as a permanent solution. Because the features Qwik Fix(tm) disables are rarely used, most users will not lose any functionality due to the disabling of these features. And, access to the features is re-gained through the simple click of the mouse."
This is not the first time that PivX has released a free fix for PC users. In June of 2002 they released 'Gopher Smoker' (http://www.pivx.com/gopher_smoker.html), a Free Tool that plugged a hole in the Gopher Protocol. Independent sources indicated that over 2 million copies of `Gopher Smoker' were downloaded. And, in July of 2003, PivX created and released a free tool called 'Preparation V' (http://www.pivx.com/preparationv/) for a Buffer Overflow vulnerability in the world's largest First Person Shooter Game, Valve's Half-Life.
About PivX
PivX is a security research consultancy that conducts highly confidential, security-related work on behalf of some of the world's largest corporations.
PivX's Mission is: To assist clients in making networks and the Internet more secure through a combination of diligent security research and collaboration, in order to ensure that software in the wild is less susceptible to exploits, and that software and products are adequately tested for security reliability prior to and after their release.
PivX research has identified multiple vulnerabilities and ways to exploit many of the world's widely used operating systems and software including Apache Server, Microsoft Windows, Microsoft IIS, Unreal Engine, Microsoft's Internet Explorer, Valve Half Life, Cisco IOS, Savant, Turbo Tax, TaxCut Pro and Winamp.