A new intrusion prevention utility launched this week by PivX Solutions halts unwelcome intruders banging at the gates of Windows systems. Qwik-Fix Pro disables or modifies features of Microsoft's Windows and Internet Explorer that are frequent targets of malicious computer hackers and virus writers.
Qwik-Fix Pro is the first product from PivX, which made a name for itself as a security research and consulting company with a knack for uncovering security vulnerabilities in Microsoft products.
Concerned about long delays in issuing patches for critical security holes, PivX researchers created Qwik-Fix in 2003 to protect customers and Internet users from exploitation using dozens of unpatched IE vulnerabilities.
The £33 utility (£274 per server) makes temporary changes to the Windows operating system, such as changing Windows configuration settings to close holes that hackers and worms crawl through.
For example: It can change IE's configuration to prevent hackers from exploiting the standard implementation of web surfing "zones", or sets of security settings and privileges used by IE.
A Qwik-Fix agent can be installed and managed on Windows machines directly or remotely using Microsoft's Active Directory, according to PivX. Once installed, Qwik-Fix Pro periodically checks an update server at PivX or in the customer data center for new "fixes".
By shutting down little-used Windows functionality that such threats often exploit, Qwik-Fix can stop Internet worms like Sasser, Bagle, and the recent Download.ject attacks even before a virus profile or "definition" has been developed, PivX says.
More than 250,000 people have already downloaded pre-release versions of the software from PivX's website since September 2003, when PivX first introduced it, says Rob Shively, PivX chairman and chief executive officer.
The company will be reaching out to individuals who downloaded trial versions of the software and encouraging them to buy the full version, he says.
The final release of Qwik-Fix comes just a week after Microsoft announced the completion of Windows XP Service Pack 2, a major update to the popular operating system that fixes a number of security holes in the product.
Given the scope of changes SP2 makes to Windows, some IT vendors and analyst firms have recommended delaying deployment of the patch until compatibility issues can be worked out.
While some of the security fixes used by Qwik-Fix are contained in the SP2 update, Qwik-Fix does not change the underlying Windows code, as does SP2, and can be turned on and off with a single mouse click, says Chief Software Architect Lavery.
The product works with SP2 and older versions of Windows and is updated continuously, as researchers identify and develop "quick fixes" for vulnerabilities in Microsoft products.
That will be important, as security researchers and malicious hackers begin picking apart SP2 looking for vulnerabilities left untouched or even introduced by the patch.