Info on Windows' WMF Vulnerability

[iago]

I don't know how much of you know about the WMF vulnerability, but it's a file format vulnerability that allows very easy execution of arbitrary code when Windows renders it.  The vulnerbility was found and exploited over a week ago, and MS refuses to release a patch until their next patch cycle (which is probably today). 

So for over a week, all Windows users who are using the Internet were totally sitting ducks.  Metasploit has put out a module for it, there was at least an MSN worm spreading with it, and it had the potential to be one of the nastiest Email worms ever.  The only defense from Microsoft was by telling people to disable image viewers; the only good solution was a third party patch made by a man named Ilfak Guilfanov. 

In my opinion, this is one of Microsoft's bigger mistakes so far, waiting until the patch cycle to patch a vulnerability that's being actively exploited.  But that's just me

Quite a bit of confusing and a vast amount of information coming from all directions about the WMF 0day. Here are some URL's and generic facts to set us straight.

The "patch" by Ilfak Guilfanov works, but by disabling a DLL in Windows. So far no problems have been observed by anyone using this patch. You should naturally check it out for yourselves but I and many others recommend it until Microsoft bothers to show up with their own patch.

Ilfak is trusted and is in no way a Bad Guy.

You can find more information about it at his blog:
http://www.hexblog.com/2005/12/wmf_vuln.html

If you are still not sure about the patch by Ilfak, check out the discussion of it going on in the funsec list about the patch, with Ilfak participating:
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Occasional information of new WMF problems keep coming in over there.

In this URL you can find the best summary I have seen of the WMF issue:
http://isc.sans.org/diary.php?storyid=994
by the "SANS ISC diary" team.

In this URL you can find the best write-up I have seen on the WMF issue:
http://blogs.securiteam.com/index.php/archives/167
By Matthew Murphy at the "Securiteam Blogs".

Also, it should be noted at this time that since the first public discovery of this "problem", a new one has been coming in - every day. All the ones seen so far are variants of the original and in all ways the SAME problem. So, it would be best to acknowledge them as the same... or we will keep having a NEW 0day which really isn't for about 2 months when all these few dozen variations are exhausted.

A small BUT IMPORTANT correction for future generations:
The 0day was originally found and reported by Hubbard Dan from Websense on a closed vetted security mailing list, and later on at the Websense public page. All those who took credit for it took it wrongly.

Thanks, and a better new year to us all,

    Gadi.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Newby]

There should be a variant that erases all important system DLLs!

[Ergot]

mmm. I've read about and encountered it on Linux serveral times... I pointed, laughed, clicked cancel.

[Sidoh]

Wow, that's horrible!  Stupid Microsoft.

mmm. I've read about and encountered it on Linux serveral times... I pointed, laughed, clicked cancel.

Haha.  I'm going to buy a new hard drive to install Slackware on soon.

[iago]

Ah, update: Microsoft is planning on releasing the patch on January 10.  That's over 2 weeks with a vulnerability that's being actively exploited.. I'm still hoping for an email worm so I can laugh

[Sidoh]

Ah, update: Microsoft is planning on releasing the patch on January 10.  That's over 2 weeks with a vulnerability that's being actively exploited.. I'm still hoping for an email worm so I can laugh

ROFL.  That would be so great.

[Newby]

mmm. I've read about and encountered it on Linux serveral times... I pointed, laughed, clicked cancel.

You suck. I wish I had Linux right now.

* Newby cries.

[Ergot]

mmm. I've read about and encountered it on Linux serveral times... I pointed, laughed, clicked cancel.

You suck. I wish I had Linux right now.

* Newby cries.

putty FTW!

[Blaze]

If I didn't have putty at school... I don't know what I'd do.

[Chavo]

Meh, it isn't a problem for firefox users......

[Sidoh]

Meh, it isn't a problem for firefox users......

It is if you don't know what you're doing and click "yes" to the prompt.  This isn't exactly the sort of issue computer-illiterate (those who are conciously aware of the existance of these sorts of exploits) people are going to address as a potential problem.

[Ergot]

Even a computer-literate will sometimes wmf for wma/wmv when it's very late at night. Or might just guess it's a new file format ;P

[Sidoh]

Even a computer-literate will sometimes wmf for wma/wmv when it's very late at night. Or might just guess it's a new file format ;P

Haha, yeah.  I really wouldn't think too much of it if I hadn't read this article (at least until my computer started dying).

[iago]

An article called "0-day Holiday" was posted:

http://www.securityfocus.com/columnists/377

“ Hundreds of millions computers are vulnerable to the whims of just about any website owner, virus writer, or hacker with malicious intent. I can think of a thousand different ways to lure someone into full system compromise using this zero-day vulnerability - and I don’t think this is the vision Gates had ever dreamed of. ”

[Newby]

http://it.slashdot.org/it/06/01/05/2027259.shtml?tid=172&tid=128&tid=201&tid=218

Awesome. Ahead of schedule. It only ~100 or so variants of this vulnerability for them to go "oh, shit, maybe we are fuckbags."

[Sidoh]

http://it.slashdot.org/it/06/01/05/2027259.shtml?tid=172&tid=128&tid=201&tid=218

Awesome. Ahead of schedule. It only ~100 or so variants of this vulnerability for them to go "oh, shit, maybe we are fuckbags."

Yuck, what a bunch of dipshits.  At least they're patching it...

[Newby]

Oh, yeah, when this originally showed up on slashdot (the wmf vulnerability) I went to tell my dad and they already had a patch for employees out.

This is what I observed from the internal webpage for M$ slaves, seeing as how the word "test for public" and "download" were all over it.

[iago]

There's an MS patch that got released publicly.

It was posted to DSL Reports earlier. We obtained a copy of it to see if it was actually malware - turned out to be from Microsoft "for real" and contained "WindowsXP-KB912919-x86-ENU.exe" within a ZIP file. We fed it to a few lab rats and it wanted to write to a strange new folder on a D: drive. So we ran it on a couple of lab rats that HAD a D: drive.

 Setup began, wham! BSOD that would have made NT 3.5 proud. "kernel-in-page" error and the world latched. Hard reboot and the "you've been naughty" check of the D: drive every time.   

 I can see why they were a bit miffed at it escaping Redmond. Heh.

[Quik]

I still wanted to make a non-malicious PoC and post on a large image-sharing website such as deviantART.

[mynameistmp]

A guy from hexblog released an unofficial fix for this before MS did:

http://www.packetstormsecurity.org/Win/patches/WMFHotfix-1.4.msi

[iago]

A guy from hexblog released an unofficial fix for this before MS did:

http://www.packetstormsecurity.org/Win/patches/WMFHotfix-1.4.msi

Haha yeah, I think I mentioned Ilfak's patch somewhere.. that's awesome

But apparently, it interferes with some printer drivers, so it might not be as simple as originally though.

[iago]

Of course, Microsoft did the exact same thing as Ilfak, modified very slightly:
http://blogs.securiteam.com/index.php/archives/184

Good game! 

[Warrior]

Ilfak patched only his own build of Windows XP. Later, Steve Gibson had to help him add support for Windows 2000 SP4 and various others helped with mechanisms for repackaging and deploying on managed corporate networks.

Microsoft dealt with 9 versions and service pack levels of Windows (including 64-bit editions) in U.S. English PLUS 23 localized versions. Since Microsoft’s patch was built into gdi32 rather than “hooked” via AppInit_DLLs, there was much more regression testing required (more to check for build errors than for code/logic errors).

The resulting builds must be signed and packaged with CAT files required by Windows File Protection. Those hotfix packages also contain versioning and dependency checks so that a future hotfix for gdi32 will not be overwritten if this hotfix is accidentally reinstalled. (This sounds simple when you’re only dealing with one DLL but when a hotfix includes multiple DLLs with dependencies, it used to be a real problem in the 2000-2001 timeframe before Microsoft established the current mechanism.)

Additionally, there is automatic “migration” capability so that you can install the hotfix on XP SP1 and then apply SP2 without redownloading and reapplying the hotfix. (If you look under the hidden folder %SystemRoot%\$hf_mig$, that’s what those files are for.)

Conclusion of testing and packaging still left hundreds of files to be mirrored AND verified. There are servers supporting microsoft.com/downloads (direct download), Windows Update/Microsoft Update (the site known to end-users), MBSA (detection tool requiring metadata updates) and Windows Server Update Services (corporate tool). If you snoop through the filenames and XML metadata files used internally, you’ll see that these are separate infrastructures which obviously involve substantial work to stage around the world. Given how heavy the load on hexblog.com was, it still only represented a tiny fraction of technically inclined Windows users. When Microsoft releases a critical fix, the server hits are measured in the hundreds of millions.

Lastly, certain documentation (much of it in multiple languages) must be ready to publish at the same time as the hotfix itself. This always includes Security Bulletins (in simplified and technical versions) and KB articles. In a high-profile situation like this, key partners and enterprise accounts don’t like their “Support Flash” communications to trail the hotfix availability by much.

So when Microsoft says “testing,” you need to realize that there is also substantial “build” and “release” work implied as part of the process. Although grandma probably understands “testing,” it’s unlikely that she cares to hear about anything from the realm of makefiles or XML manifests so you wouldn’t hear about build/release aspects in the soundbite quotes given by Microsoft to mainstream media for laypeople.

Seems they did a bit of more work (By a bit I mean a shitload)

[iago]

But in the end, their patch looked almost the same. 

Most of the stuff in the article (like, 95% of it) should be automated.  I highly doubt they went to each of the localized versions and made the same code change, and I doubt they manually test everything.  They obviously don't package cab files or the migration files manually.  I don't really see what the big problem is, everything they're doing there ought to be automatic. 

[Warrior]

They have to ENSURE to thier customers that the patch will work with no strings attached, say that guy's patch hadn't worked, it wouldn't be a big deal. Microsoft deals with hundreds of millions of customers and they have thier reputation to lose along with thier credibility of being able to fix bugs in thier OS. I'd opt for more bug testing and a later release as opposed to less bug fixing and a earlier rushed release.

[Screenor]

They have to ENSURE to thier customers that the patch will work with no strings attached, say that guy's patch hadn't worked, it wouldn't be a big deal. Microsoft deals with hundreds of millions of customers and they have thier reputation to lose along with thier credibility of being able to fix bugs in thier OS. I'd opt for more bug testing and a later release as opposed to less bug fixing and a earlier rushed release.

And now I bring you to subject SP2.

[Sidoh]

They have to ENSURE to thier customers that the patch will work with no strings attached, say that guy's patch hadn't worked, it wouldn't be a big deal. Microsoft deals with hundreds of millions of customers and they have thier reputation to lose along with thier credibility of being able to fix bugs in thier OS. I'd opt for more bug testing and a later release as opposed to less bug fixing and a earlier rushed release.

The MSI install package for the fix is 86 Kb.  Ilfak was able to code a fix that at least "pseudo" worked in but a few hours.  To me, that says it's not that difficult of a process.

I do agree that patching an OS is a very delicate procedure and it should have thorough testing, but when you have an exploit that renders a computer as venerable as this one, it's pretty time-critical.

[Warrior]

I think they realized that and after thiers was leaked they had no choice but to release it and hope for the best. It's a hard decision to make I'd agree but atleast it's fixed now officially.

[Sidoh]

I think they realized that and after thiers was leaked they had no choice but to release it and hope for the best. It's a hard decision to make I'd agree but atleast it's fixed now officially.

Haha, yeah.  I still don't think they should have ever even considered releasing a patch to a vulnerability this serious that late, though...

Oh well, it's fixed!

[iago]

They have to ENSURE to thier customers that the patch will work with no strings attached, say that guy's patch hadn't worked, it wouldn't be a big deal. Microsoft deals with hundreds of millions of customers and they have thier reputation to lose along with thier credibility of being able to fix bugs in thier OS. I'd opt for more bug testing and a later release as opposed to less bug fixing and a earlier rushed release.

Why isn't it automated?  Can't they just upload the patch to a virtual test machine, and it tries it automatically on every conceivable system?  Don't tell me that's beyond Microsoft's abilities, I'm sure it's not.  Testing should take seconds!

[Warrior]

Well yea they but they take into account the other languages, other factors which may affect the result, best way to fix it, what the repercussions will be (What functionality will they lose), etc..

[iago]

And, why don't they test that?

If I was them, I'd have a test bed server that runs every imaginable variation, and tests them all, with the repercussions, all at once. 

[Sidoh]

Yeah, I really doubt testing takes that long if they make it top priority... just look at how many programmers they have!

[Warrior]

It isn't a matter of testing, it's a matter of analyzing what functionality they lose out of what they patch to restrict the exploit from happening. I'd want to compare that and if it isn't worth it find another way to fix the exploit. Things like that they need to consider.

[Sidoh]

It isn't a matter of testing, it's a matter of analyzing what functionality they lose out of what they patch to restrict the exploit from happening. I'd want to compare that and if it isn't worth it find another way to fix the exploit. Things like that they need to consider.

Seems like a perfectly valid definition and entailment of testing to me.

With something this potentially devastating, they need to get a patch out that prevents people from taking advantage of the exploit and THEN figure out what its negative affects are.

[iago]

It isn't a matter of testing, it's a matter of analyzing what functionality they lose out of what they patch to restrict the exploit from happening. I'd want to compare that and if it isn't worth it find another way to fix the exploit. Things like that they need to consider.

Yeah, and yet again, I'll say: why can't that be automated?

[igimo1]

Innumerable variables in the testing, of course!

[Warrior]

You want something to automate something as crucial as that? PCs make mistakes and when automated are assumed to be correct. User made mistakes may be found easily plus save them the embarassment of releasing a bad patch. The entire world isn't a bunch of Linux fanboys sitting around open source, Microsoft is a corperation which needs to satisfy all of it's customers and it makes the best decisions availible buisness wise. I doubt they are going to sacrafice the way they test for a few days (yes a few) of an earlier release. It's not like the patch times between the guy and Microsoft was that incredibly omg off the wall hold the phone long.

@Sidoh: Again, they think for ALL of thier customers and arn't going to potentially make software lose some functionality to again gain a few days of an earlier release.

Like I said it was patched in a timely manner and in an efficient manner. I downloaded and installed the patch and so did the entire hundred zillionjillion that uses Windows. Life goes on.

[iago]

You want something to automate something as crucial as that? PCs make mistakes and when automated are assumed to be correct. User made mistakes may be found easily plus save them the embarassment of releasing a bad patch. The entire world isn't a bunch of Linux fanboys sitting around open source, Microsoft is a corperation which needs to satisfy all of it's customers and it makes the best decisions availible buisness wise. I doubt they are going to sacrafice the way they test for a few days (yes a few) of an earlier release. It's not like the patch times between the guy and Microsoft was that incredibly omg off the wall hold the phone long.

I'd trust a computer to test every possibility much sooner than I'd trust a human.  You're right, the world ISN'T a bunch of Linux fanboys sitting around, and humans WON'T find every bug, which is why every path should be exercised, and the only way that's going to happen is with a computer doing it.  As you said, there are dozens of versions, and hundreds of paths involving that code, so do you really expect a human to be able to enumerate all of those better than a computer?  I doubt it. 

Like I said it was patched in a timely manner and in an efficient manner. I downloaded and installed the patch and so did the entire hundred zillionjillion that uses Windows. Life goes on.

Except for the people whose computers got screwed up in the 2 week gap because of Viruses.  And the companies that lost money because their computers were down due to this.  Except people who had information stolen or otherwise abused by malicious hackers with the exploit code.  In the 2 weeks while there was no patch, everybody in the world was a sitting duck.  While Microsoft was waiting for their patch cycle (Microsoft employees had a patch for it a week before they actually released it), people were being exploited and infected because Microsoft doesn't want to make it look like they release too many patches.  God forbid they keep their customers SAFE. 

[Warrior]

Since Humans won't find all bugs I would have a bug nested in the bug testing software which automates the testing. I'm sure however they did use some automation in some areas but leaving it to something to automate the testing is pretty silly.

The information about the patch was fully disclosed and Microsoft patched it within two weeks and ahead of schedule which is a lot to say for the severity of the exploit as explained before. Like with every exploit, people are going to get hurt by it there is nothing stopping that. That guy released a patch along with some other companies, I disagree with Microsoft discouraging the use of them. They work until Microsoft officially released thier patch in which case those applied patches should be uninstalled.

[Chavo]

I disagree with Microsoft discouraging the use of them.

I don't necessarily agree or disagree with whether they should have discouraged it, but its not like its MS being evil, just about any non company that is out for a profit will say the same thing for CYA.

[iago]

Since Humans won't find all bugs I would have a bug nested in the bug testing software which automates the testing. I'm sure however they did use some automation in some areas but leaving it to something to automate the testing is pretty silly.

The information about the patch was fully disclosed and Microsoft patched it within two weeks and ahead of schedule which is a lot to say for the severity of the exploit as explained before. Like with every exploit, people are going to get hurt by it there is nothing stopping that. That guy released a patch along with some other companies, I disagree with Microsoft discouraging the use of them. They work until Microsoft officially released thier patch in which case those applied patches should be uninstalled.

Because the testing software would probably be a few hundred lines, maybe a couple thousand, and Windows NT is 40,000,000 lines.  I think I'd trust the testing program to test 40 million lines before I'd trust a human to check 40 million. 

Microsoft left their users vulnerable for 2 weeks to test a 1-line patch.  I stand by the fact that there's no way it should have taken that long, unless they're trying each and every version of Windows individually, which would be dumb, as I already said. 

[Warrior]

It isn't checked all at once after it's done (Windows NT) it is tested component by component as it is written. Divide+Conquer type thing.

Now I think thier patch was a little bit more elaborate than one line since it was stated that there were differences between that guy's and Microsoft's which required the user to uninstall that and install the official one since they did some things differently. Of course they didn't test on all platforms one after the other, rather all at once using different teams. Once they saw the situation was getting out of hand and thier own patch leaked, they released it ahead of time.

Do you think Microsoft reads the security sites where information is disclosed? I doubt it the find the source of it themsevles THEN patch it which I would be able to see why there was a 2 week window in the development and release.

[iago]

It should be checked all at once, that's what I've been saying this whole thread.  If it's not, then they're dumb. 

Yes, of course they read security sites.  If they don't, they're dumb.

[Ergot]

They missed http://it.slashdot.org/article.pl?sid=06/01/10/2230212&from=rss

[Chavo]

They read security sites, not MS bashing sites 

[Joe]

I downloaded and installed the patch and so did the entire hundred zillionjillion that uses Windows.

Minus one. I've never installed a Microsoft patch on my box. That's why its working so well...

[iago]

I downloaded and installed the patch and so did the entire hundred zillionjillion that uses Windows.

Minus one. I've never installed a Microsoft patch on my box. That's why its working so well...

If you've never installed a Microsoft patch for Windows, then you're dumber than my parents. 

[Sidoh]

If you've never installed a Microsoft patch for Windows, then you're dumber than my parents. 

HAHAHAAHAHAH.

[Chavo]

I've never installed a Microsoft patch on my box. That's why its working so well...

* unTactical goes to find some "special" links for joe to click on

[Sidoh]

* unTactical goes to find some "special" links for joe to click on

LMFAOAH AHHAHAHA. AHAHAH.a. AHAHAHAHAHA...1!!!!hahahaha!.

Sorry, that was just hillarious!

[Ergot]

I downloaded and installed the patch and so did the entire hundred zillionjillion that uses Windows.

Minus one. I've never installed a Microsoft patch on my box. That's why its working so well...

If you've never installed a Microsoft patch for Windows, then you're dumber than my parents. 

Screw you

[deadly7]

I've only installed the Blaster patch.. I will get around to the WMF patch eventually.

[iago]

I strongly recommend the Sasser patch (MS04-011). 

And there are many, many others.  But it's really, really stupid to not install patches. 

[Sidoh]

But it's really, really stupid to not install patches. 

Completely agreed.

[Joe]

Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

[Sidoh]

Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

Fuck you're dumb.  You can't blame ignorance like other people -- you're fully aware of the dangers (hopefully) that are on the internet.

Blaster and sasser are not extinct.  They're kept circulating around the internet in hopes they'll find some dumbfuck who didn't install the patch.

[deadly7]

I strongly recommend the Sasser patch (MS04-011). 

And there are many, many others.  But it's really, really stupid to not install patches. 

I installed Sasser too. I knew I forgot to mention one.. heh, it's hard patching when you have an illegal version of Windoze!

[Warrior]

Not really, just update your serial. I do it everytime I install windows.

[Blaze]

I have 8 copies of Windows I own legally, and around 30 corporates with updateable cdkeys... legally of course.

[iago]

Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

They aren't even CLOSE to extinct!  They're still spreading as fast as ever, mostly because of dumb people who don't install patches. 

If you use Windows, shouldn't you buy it for real?  I mean, if you're going to use it, you probably want it to be better, so you should at least be giving Microsoft the $450 that they deserve. 

[deadly7]

Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

They aren't even CLOSE to extinct!  They're still spreading as fast as ever, mostly because of dumb people who don't install patches. 

If you use Windows, shouldn't you buy it for real?  I mean, if you're going to use it, you probably want it to be better, so you should at least be giving Microsoft the $450 that they deserve. 

The $450 that they deserve for having a broken operating system.  Right.

[Blaze]

I got all of mine at the Vancouver Microsoft Employee discount. ($ 30)

[iago]

Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

They aren't even CLOSE to extinct!  They're still spreading as fast as ever, mostly because of dumb people who don't install patches. 

If you use Windows, shouldn't you buy it for real?  I mean, if you're going to use it, you probably want it to be better, so you should at least be giving Microsoft the $450 that they deserve. 

The $450 that they deserve for having a broken operating system.  Right.

Yet, you're still using it.  Pretty hypocritical to complain about it when there are perfectly good alternatives, isn't it?

[deadly7]

Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

They aren't even CLOSE to extinct!  They're still spreading as fast as ever, mostly because of dumb people who don't install patches. 

If you use Windows, shouldn't you buy it for real?  I mean, if you're going to use it, you probably want it to be better, so you should at least be giving Microsoft the $450 that they deserve. 

The $450 that they deserve for having a broken operating system.  Right.

Yet, you're still using it.  Pretty hypocritical to complain about it when there are perfectly good alternatives, isn't it?

I use Linux on the side too.. I just can't.. change everything!  Linux takes time++ to get used to.  Plus, Starcraft won't work! :\  Not to mention, using Linux as your main operating system would blow if you run it on a box that takes ten years to process 1*6

[Sidoh]

I use Linux on the side too.. I just can't.. change everything!  Linux takes time++ to get used to.  Plus, Starcraft won't work! :\  Not to mention, using Linux as your main operating system would blow if you run it on a box that takes ten years to process 1*6

It'd be even worse to run Windows on such a horrid machine.

[iago]

Blaster and Sasser are extinct. Everyone else installed the patch, which means that nobody is there to send it to me! Not to mention I'm on 56k and would take days to download it I'm so slow =p

They aren't even CLOSE to extinct!  They're still spreading as fast as ever, mostly because of dumb people who don't install patches. 

If you use Windows, shouldn't you buy it for real?  I mean, if you're going to use it, you probably want it to be better, so you should at least be giving Microsoft the $450 that they deserve. 

The $450 that they deserve for having a broken operating system.  Right.

Yet, you're still using it.  Pretty hypocritical to complain about it when there are perfectly good alternatives, isn't it?

I use Linux on the side too.. I just can't.. change everything!  Linux takes time++ to get used to.  Plus, Starcraft won't work! :\  Not to mention, using Linux as your main operating system would blow if you run it on a box that takes ten years to process 1*6

Yes, and learning Linux is like learning French: you have to immerse yourself in it, and force yourself to use it all the time, and you'll learn it in no time. 

Also, I can design a digital circuit, with logic gates and everything, which can process 1*6 in a very short period.  Hell, I can start with the transistors if you want to be hardcore.  That's a way overexaggeration

[deadly7]

Also, I can design a digital circuit, with logic gates and everything, which can process 1*6 in a very short period.  Hell, I can start with the transistors if you want to be hardcore.  That's a way overexaggeration Tongue

I like my hyperbole, thanks!

I use Linux on the side too.. I just can't.. change everything!  Linux takes time++ to get used to.  Plus, Starcraft won't work! :\  Not to mention, using Linux as your main operating system would blow if you run it on a box that takes ten years to process 1*6

It'd be even worse to run Windows on such a horrid machine.

I don't run Windows on the other computer, my dad does. :|

[Joe]

Plus, Starcraft won't work! :\

yes it does, use wine. excuse my caps, i'm holding a napkin to my chin to stop bleeding

I like my hyperbole, thanks!

whats a hyper bowl?

[Sidoh]

Plus, Starcraft won't work! :\

yes it does, use wine. excuse my caps, i'm holding a napkin to my chin to stop bleeding

I like my hyperbole, thanks!

whats a hyper bowl?

Maybe he'd rather use Windows.

I'll assume the question was meant as a joke.

[Ergot]

Wow, it's been around since Windows 3.0. But at least this guy says Win9x poons XP
http://blogs.technet.com/msrc/archive/2006/01/13/417431.aspx