PivX Security Heads Up – Millions of Windows Users Vulnerable

McAfee and other Security Products not performing, Many Vendors Liable For Faulty Code

World Class Security Researcher Oliver Lavery, in working in conjunction with iDefense is about to publish a paper that Mr. Lavery has written concerning security vulnerabilities in the way a component of Windows is implemented.

The shatter attack (http://www.net-security.org/article.php?id=162), a vulnerability supposedly due to an ‘architectural flaw’ in windows, is widely believed to have been fixed a year ago by Microsoft. The paper shows that this belief is incorrect and that systems with Microsoft’s solution applied remain vulnerable to shatter attacks.

“It also demonstrates how the vulnerability could be used by a hostile program to gain complete control of any system running one of several products that are intended to improve a system’s security, including popular anti-virus scanners and personal firewall software.” Oliver Lavery, Security Researcher

Microsoft patched the shatter vulnerability last year, but a new problem exists and researchers say its the software giant’s problem to fix this time. Are shatter attacks a fundamental flaw in the design of the worlds most popular operating system, or are they merely a programming error on the part of the vendor?

“It is the vendors faulty code that leaves millions vulnerable, not Microsoft’s.” explains Geoff Shively, CHO PivX Solutions

Mr. Lavery’s paper explores these questions, and attempts to make some sense of a security issue that has been deeply misunderstood and badly mishandled.

“Every company that sells a Microsoft Windows based piece of software should take this to heart, if they don’t, they will continue contributing to the problem” says Geoff Shively, CHO PivX Solutions

For more detailed information please contact Oliver Lavery at oliver.lavery@sympatico.ca. PivX’s Thor Larholm is also available for comments at tlarholm@pivx.com