Frequently Asked Questions

  1. How does preEmpt work?

    preEmpt works by shutting down the mechanisms that malicious hackers use to exploit vulnerabilities. For example, one vulnerable system component could possibly be exploited by dozens of worms or viruses. PivX Labs, uses a rigorous method of operating system analysis similar to that used by malicious code writers themselves. This allows PivX to preemptively identify and mitigate the threat via our preEmpt client, virtually eliminating the Window of Exposure seen with traditional security solutions.

  2. Each 'Fix' is a targeted counteraction that PivX Solutions has produced as a result of its extensive security research and domain knowledge. Each fix is designed to mitigate the impact of a vulnerability or class of vulnerabilities by targeting its attack, spread and infection vectors. See the PivX white paper, 'Reducing the Window of Exposure' for details on specific Fixes. preEmpt 'hardens' the operating system and key applications against attacks by applying multiple 'Fixes.'

  3. Does preEmpt replace my anti-virus software?

    No, preEmpt and anti-virus solutions are completely compatible since the two utilize different methods to provide protection. Anti-virus solutions look for vulnerability signatures of specific threats as they appear on the system. preEmpt blocks the underlying vulnerabilities exploited by worms and viruses protecting systems from specific threats before anti-virus vendors have had a chance to analyze a new worm or virus and develop a signature file to recognize and block that threat. This is known as the 'Window of Exposure'.

  4. I have other security tools installed that address Windows and IE vulnerabilities. Why do I still need preEmpt?

    preEmpt uses PivX's unique Windows security knowledge to block not only the common attack vectors but all of the attack vectors for each Threat protected against. This approach creates a 'Hardened' system that repels not only known threats, but variants of known and unknown threats. This approach assures that your Windows Operating System is protected at the root level. Other security products may block some of the same threats equally as well. However, since our researchers were the publisher of many of these security 'fixes' we are confident that preEmpt will provide you complete protection against listed threats from common and obscure attack vectors. For example, the Secure IE My Computer Zone fix alters more than 1700 system entries alone to completely harden your Windows system against threats that use those attack vectors. With the click of a mouse these fixes can be deployed on your system. And with the click of a mouse they can be disabled for fine tune control.

  5. Does preEmpt work with Windows XP SP2 and do I still need preEmpt after installing SP2?

    Yes, preEmpt is completely compatible with Windows XP SP2 and provides significant security benefits beyond the changes included in SP2. First and foremost, Windows XP SP2 is a one-time event, coming almost a full year after the last significant service pack, SP1. Windows XP SP2 contains a number of important security fixes, including some that were originally identified and published by PivX Labs security researchers complete with mitigation steps to block exploits of those vulnerabilities. preEmpt users have been protected since September 2003 against many of the security holes that are closed in SP2. In addition, preEmpt blocks many more vulnerabilities today that SP2 does not address. Perhaps most importantly, PivX continues to perform industry-leading research into the root cause of additional exploitable vulnerabilities. preEmpt users receive the benefits of that research in the form of new Fixes on a regular basis that block additional classes of vulnerabilities that have yet to be exploited.

  6. Does preEmpt continually scan my computer for new viruses?

    No, preEmpt does not rely on signatures as antivirus software does. Instead it modifies the system configuration and running process to 'harden' the system against entire classes of vulnerabilities and exploits. As such, it does not need to continually scan your computer.

  7. Does preEmpt introduce any permanent code changes?

    No. Unlike patches, preEmpt does not permanently change code within an application or operating system. preEmpt makes temporary changes to the system which can be selectively disabled as required by your environment. For example, you may have a development group who require the use of a potentially vulnerable function of the Windows operating system. With preEmpt, a user may disable protection for that vulnerable function individually.

  8. How much memory or system resources does preEmpt use/consume?

    The preEmpt agent runs as a service with minimal overhead of a few megabytes of memory. CPU usage is restricted to a small application launch at system startup and a periodic update check.

  9. Is preEmpt always running?

    Yes it is always running and protecting your system, but is not always active. preEmpt is active when it is downloading, applying or reverting a preEmpt. Apart from those times, the preEmpt agent does not need to actively monitor your system since preEmpt is not signature-based.

  10. How does preEmpt get Fix updates?

    The preEmpt client receives updates from the preEmpt Update Servers over cryptographically secure Internet sessions. Updates are delivered using HTTPS (port 443) for delivery eliminating the need for custom firewall configurations. If the client machine can browse the Internet it can receive updates from the preEmpt Update Server.

    In the case where these vulnerable mechanisms are needed for legitimate uses, the system administrator or user has the ability to selectively enable specific functions as required.

Enterprise Customers
  1. How is preEmpt deployed to the desktop?

    There are two parts to preEmpt distribution, the initial installation and the subsequent updates:

    1. Client Install: The PivX Management Console Group Policy for Microsoft Active Directory allows for remote installation of the preEmpt MSI installer. The client can also be downloaded from an HTTP server as a standalone installer application.
    2. Updates: After the initial installation, preEmpt will periodically poll an update server to determine whether new fixes are available. This update server can be located at the PivX Data Center.

  2. Does preEmpt sit at the kernel level or application level?

    preEmpt blocks threats at the kernel, service, application and network level based on the continuous security research performed by PivX Solutions. It consists of a windows service application and several optional user-interface components.

  3. Is preEmpt agent-based?

    Yes. preEmpt is an agent based solution that periodically checks for new updates.

  4. How does preEmpt differ from traditional Host Intrusion Prevention software solutions such as Cisco CSA?

    Traditional Host Intrusion Prevention (HIP) systems intercept and inspect all system calls to enforce pre-defined security policies. The systems attempt to limit applications to known acceptable behaviors. While properly administered HIP software can protect a host from many types of attacks, defining and maintaining the list of codified 'security policies' is an administrative challenge that requires a large and ongoing investment.

    preEmpt does not rely on behavioral policies. preEmpt is the next-generation Host Intrusion Prevention software that proactively blocks the root cause of worms and viruses.

  5. Does preEmpt support fine-grained configuration as well as a high-level configuration control?

    Yes, there is a high-level configuration as well as a low level granular configuration.

  6. How scalable is preEmpt?

    preEmpt utilizes a minimal amount of system and network resources. Most users receive periodic preEmpt updates directly from the PivX Update Servers. The PivX Update Servers, deployed in a carrier class data center, are designed to support millions of individual users. Large enterprises have the option of deploying a local preEmpt Update Server within their own network to reduce the amount traffic that leaves their internal network infrastructure.

  7. How do I manage preEmpt?

    preEmpt has been designed to be easy to deploy and manage. The preEmpt Management Console enables an IT administrator to define group policies, manage installation of new Fixes, view reports of client usage and availability, and diagnose communication or other problems.

    The default options for preEmpt enable it to seamlessly integrate with your existing systems, although the management interfaces are sufficiently open and modularized to be customized to your specific management needs.

    The preEmpt installation comes as a standard Windows Installer package that can be manually installed or silently deployed across your entire network through Active Directory or other similar management platforms. The preEmpt agent periodically polls the Update Server for new Fixes that can continuously improve the security of your Windows system.

  8. Does preEmpt require training to configure?

    No, preEmpt is easy to configure and manage.

  9. What's the Enterprise pricing model for preEmpt?

    preEmpt pricing is based on the number of Windows desktop computers and servers you want to protect. Home users can purchase the software for individual desktops.


Contact Us    ©2006 PivX Solutions, Inc. All rights reserved