Forgot your password?
typodupeerror
Security Internet Explorer Microsoft The Internet Technology

Microsoft Warns of New Video ActiveX Vulnerability 146

Posted by Soulskill
from the like-one-of-those-pothole-signs dept.
ucanlookitup writes "Microsoft has warned of a 'privately reported' vulnerability affecting IE users on XP or Windows Server 2003. The vulnerability allows remote users to execute arbitrary code with the same privileges as the users. The vulnerability is triggered when users visit a web site with malicious code. 'Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability.' The advisory can be found at TechNet. Until Microsoft develops a patch, a workaround is available."
This discussion has been archived. No new comments can be posted.

Microsoft Warns of New Video ActiveX Vulnerability

Comments Filter:
  • Isolate! (Score:4, Interesting)

    by sopssa (1498795) * <sopssa@email.com> on Tuesday July 07, 2009 @08:34AM (#28607013) Journal

    Once again the problem here is too tight integration with other part's of the OS. Yeah, IE is the most used browser and as such a major target for exploits, but some separation from other parts of OS wouldn't do any harm. Or atleast make it optional to use such; You won't be automatically affected by Flash or PDF exploits if you choosed not to install those. Just another reason to use alternate browsers like Opera [opera.com] or Firefox [mozilla.com], seeing it only affects IE users.

    That being said, you dont need admin priviledges for some malware to do its job, botnets and such easily run within user priviledges aswell. Funnily, this issue is exactly the same in Linux and Mac OS too, which their users always seem to forget and go about how malware couldn't get the admin rights. They dont need it.

    The fun thing is, there always seem to come exploits for IE and Firefox. Very rarely for Opera. That makes me think they've made some good fundamental decisions on design and programming and know how to secure code from exploits, specially because they have major marketshare (better than IE actually) in CIS countries like Russia and Ukraine [opera.com] and you would be thinking the local hackers would be trying to break it apart and exploit every possible thing on it. Hats off to them, really.

    With these ages, isolating browser from the OS and even virtualizing it in its own environment that's cleaned when browser is closed starts to be a must, and I dont really see why they aren't doing it already. It would save people from so many trouble, and wouldn't affect performance at all.

    • Re:Isolate! (Score:5, Interesting)

      by Anonymous Coward on Tuesday July 07, 2009 @08:45AM (#28607181)

      Internet Explorer 7.0 and 8.0 already do this in Vista. By default it runs in a double sandbox where even if the current user has admin privileges the process runs as a standard user that is further constrained to only be able to read certain parts of the file system but not write. Anything beyond that requires negotiation via a specific broker process just to attain a level of security equal to that of a standard constrained user.

      These types of vulnerabilities affect all browsers. ActiveX in Internet Explorer in this case is really no different than NSAPI in Firefox or Opera. It is simply an object model for loading native plug-ins into the process. That plug-in runs in-process with the same rights and privileges as the hosting process. If there is a vulnerability in a PDF plug-in on Linux then it can be exploited through Firefox and there is nothing Firefox or Opera can do to prevent it and it would likely affect all browsers equally.

      I agree that the answer appears to be to isolate and constrain. That is what Microsoft has done and Google is following suit. That is why this vulnerability does not affect Vista or Windows Server 2008, or rather an exploit for the vulnerability is neutered by the fact that once it has broken in it cannot do anything malicious.

      • by ITJC68 (1370229)
        Another good reason to consider moving to Vista. Everyone slams it but at least this exploit doesn't work on it. I am not sure about Opera. Does it handle Active X differently? If so may have to try it on any XP systems I have.
        • by paganizer (566360)

          There is NO good reason to use Vista, unless you have a tablet PC.
          I still use Windows 2000 on my Surfing/Gaming system; so far, I've only had to use my dual boot to XP for 2 games, everything else works perfect.

          Really want to be safe, and have all the bells and whistles? Windows Server 2008. It Rocks.

      • Re: (Score:2, Troll)

        by vertinox (846076)

        These types of vulnerabilities affect all browsers.

        Except those which do not run on operating systems that do not have Active X?

        • Mod parent down, and read grandparent quote context:

          >> These types of vulnerabilities affect all browsers. ActiveX in Internet Explorer in this case is really no different than NSAPI in Firefox or Opera. It is simply an object model for loading native plug-ins into the process.

          Therefore the parent's argument becomes:

          >> Except those which do not run on operating systems that do not have Active X OR A NSAPI STYLE PLUG-IN LOADER?

          Or more simply:

          This type of exploit could only affect browsers other t

      • by WD (96061) on Tuesday July 07, 2009 @10:04AM (#28608425)

        It is true that an ActiveX and NSAPI plug-ins are both native code and can have the same risks. But the big difference is attack surface. Code needs to very explicitly be written as a NSAPI plug-in. However, most Windows components are by default a COM object, and perhaps controlable by Internet Explorer if the developer so chooses (traditionally referred to as an ActiveX control).

        So a typical Firefox installation may have a half dozen or so plugins available, and they may have vulnerabilities. But a typical IE installation has literally thousands of COM objects at its disposal (A bare Windows XP installation has over 2500 COM objects). And those objects may have vulnerabilities as well.

        So play the numbers. IE's close integration with the OS means that it has a larger attack surface. While isolation and privilege separation is a good idea, the actual reason that Vista and 2008 are unaffected are *not* because of low-rights IE. IE on those platforms treats the ActiveX interaction required by the exploit as "unsafe" and is blocked. (Rather than allowing the exploit to occur but "neutering" it by giving it low rights).

        • Re: (Score:3, Informative)

          An "ActiveX control" is a COM object with a certain group of interfaces... all COM objects are not ActiveX controls.

          The vulnerability here comes from, NOT necessarily the oodles of known COM libraries on every Windows system. It isn't REALLY about the fact that you can CreateObject("COMObject.OfMyChoice") on these already known objects... it's all that wrapped together with a COM object that has a .ExecuteMyCode() type method.
        • by Anonymous Coward

          Wrong on two counts:

          1. Every ActiveX object is a COM object, but not every COM object is an ActiveX object. This is not a pedantic distinction.

          2. IE is no more integrated with the OS than Webkit is in KDE: the rendering libraries are considered part of the OS, and the plugin mechanism previously discussed operates there as well.

          Please know more about the technology before making unfounded assertions.

        • by Malc (1751)

          Not all of those objects are marked safe for scripting and/or safe for initialisation (or implement IObjectSafety), and do you think they're all signed? Thus most of them will not load and run automatically. I'm not being cavalier, but it's not as bad as you're trying to paint it.

          • by WD (96061)

            You are correct. My original post was a bit over-simplified. Out of the COM objects that comes with Windows XP, about 350 of them are marked Safe for Scripting, and almost 250 of them are marked Safe for Initialization with a pretty large, but not complete amount of overlap between the two properties. That's still orders of magnitude larger than the plug-in attack surface of a browser like Firefox.

            And even the objects that are not Safe for Scripting or Init cannot be discounted. Some objects cause IE t

            • by Malc (1751)

              I go to a web site and it crashes my browser. I go there again and it crashes a second time. Ok, I won't go there. Probably good as the site is either compromised or actively attacking me. Probably better that my browser crashes than shows a web page that allows me to enter my credit card details as part of a purchase. /playing devil's advocate

              • by Alex Belits (437) *

                How do you know that the browser crashed and not, say, launched a keylogger in its place?

      • by Alex Belits (437) *

        ActiveX in Internet Explorer in this case is really no different than NSAPI in Firefox or Opera.

        ActiveX can load remote applications. Its primary purpose is to run someone else's code on your computer.
        NSAPI can not do that. It's an internal interface in a library.

        Now, shut up, moron.

    • Re:Isolate! (Score:4, Insightful)

      by lorenlal (164133) on Tuesday July 07, 2009 @08:52AM (#28607295)

      You have to take a look at your market to distribute your virus too. Sure, Opera might have more market share in Russia and the Ukraine, but it's still tiny [wikipedia.org] overall.

      By attacking IE only, you get 65%, include Firefox, and you're staring at 87% of the browsers in total use. You could target certain countries if you wanted to, but for most malware writers it's pure numbers, and it doesn't matter where they come from. I don't know if Opera is designed/written any better... but I can reasonably assume that it's not being targeted as intensely as IE/FF. I'm not taking my hat off to them until they lock down enough worldwide market share to become worthy of being targeted.

      I totally agree that the browser shouldn't be so integrated with the operating system. As a rule, we all know that you don't put yourself out on the public internet... Why have a utility that's part of the OS reach out and grab stuff from there? But don't get me started on virtualization. If we want all the flash and trash we ask for, then virtualization isn't going to deliver it yet... unless you're planning on including all the funny gadgets in a virtual OS. We don't do it already because the products (that I've evaluated) don't do this sort of thing well at all yet.

      • by sopssa (1498795) *

        But don't get me started on virtualization. If we want all the flash and trash we ask for, then virtualization isn't going to deliver it yet... unless you're planning on including all the funny gadgets in a virtual OS. We don't do it already because the products (that I've evaluated) don't do this sort of thing well at all yet.

        However, why is this such a problem? Its not so hard to create some level of virtualization for so specific target as a simple webbrowser, and when done good the extra CPU usage and such is just minor. Even when you run stuff like Flash and so on it. Instead of installed all over the OS, Flash and other plugins could be installed on that virtualized and separated space that would be cleaned and restored to original "last good known state" when browser quits. Then there would be another isolated space to sav

        • Re: (Score:3, Insightful)

          by lorenlal (164133)

          However, why is this such a problem? Its not so hard to create some level of virtualization for so specific target as a simple webbrowser...

          Have you spent a lot of time managing virtual applications? If so, you already know that managing the virtualized application is not trivial. Especially if you have plugins. Adding a plugin (currently) requires reworking the virtual application's package. This has been due to change for years, but I haven't witnessed this in practice yet.

          Even when you run stuff like Flash and so on it. Instead of installed all over the OS, Flash and other plugins could be installed on that virtualized and separated space that would be cleaned and restored to original "last good known state" when browser quits. Then there would be another isolated space to save all the temp data, cookies and such which would be even more restricted and hence could be sustained thru different browser sessions too.

          Of course, as it stands right now, we have a few browsers that support private browsing. That does prevent much of the data picked up from getting saved. I don't know

      • totally agree that the browser shouldn't be so integrated with the operating system. As a rule, we all know that you don't put yourself out on the public internet...

        This is why IE was severed from the OS in Vista and Win7. In Vista, it plays no role in anyting but browsing or being called by 3rd party applications and still it remains a protected process with reduced security access.

        It no longer runs in conjunction with Explorer or has any OS level ties as it did in XP. (This is why Web Destkop was also

    • by Rogerborg (306625)
      Who is it that you imagine would benefit from reporting vulnerabilities in Opera?
      • Re: (Score:3, Funny)

        by lxs (131946)

        I don't know, but I bet that the Phantom wouldn't like it.

    • Re: (Score:3, Informative)

      by abigsmurf (919188)
      I'm getting as many virus alerts through Firefox now as I used to get through IE before I switched, most of them seem to be flash and pdf exploits but I've had a few occur that don't appear to be either. Yes you could potentially make Firefox safer with noscript etc. but frankly that makes for an incredibly sucky web experience (and you could turn of scripting, flash and activeX in IE too with similar results). The rise in Firefox targeted (or partially targeted) exploits, in my personal experience, has r
      • by maxume (22995)

        Flashblock will go a long way towards mitigating the flash attacks, and it generally improves the browsing experience (people way into YouTube or such may have to do a little whitelisting).

        PDF is a problem, but I actually prefer setting it to launch an external app and turning off javascript mitigates most of the threats there (as does being up to date). Running Foxit or Sumatra should cut off even more attacks.

        • Depends on your browsing habits, too... I run Firefox with Adblock and NoScript, I use avast! antivirus and have Ad-Aware and Spybot on my PC.
          I've never had any problems with viruses, and very, very little malware.
          • I should amend that--not malware, only spyware really. Nothing has actually damaged my system or taken sensitive information.
        • Flashblock will go a long way towards mitigating the flash attacks, and it generally improves the browsing experience (people way into YouTube or such may have to do a little whitelisting).

          I use it solely to prevent videos from downloading immediately.

      • Except the exploits actually get patched in a reasonable timeframe
      • but frankly that makes for an incredibly sucky web experience

        It is actually not so bad all things considered. Most of us tend to visit the same groups of sites most of the time so once the whitelist script permissions are dialed in one very rarely needs to touch NoScript again and even then the interface with FireFox is easy to use with the notification and task bars available for right click permission tweaking. Other plugins can also be combined with NoScript for even more fine grained control. For example I like to use Adblock Plus, NoScript, and Flashblock in com

    • Re:Isolate! (Score:4, Insightful)

      by Opportunist (166417) on Tuesday July 07, 2009 @09:02AM (#28607455)

      Isolation only helps so much. Given that a lot of interesting malware targets (online banking, paypal, amazon, ebay...) are used exactly with the same browsers that would execute the malware, containing it to the browser doesn't really help a lot. You'd have to disallow the browser to make changes to itself. And, while sensible, this would not be very popular with a lot of people who want to "click and install".

      • You can create multiple user accounts. With Windows XP you can use Tweak UI to control what accounts show in the default XP login screen.

        Then log in as your main (non-admin) user, and use browsers running as the different users for different things. For example, you have different browsers for bank stuff, shopping, normal browsing (google, slashdot etc), and less trusted browsing (which is set to be the "default browser" - what launches when you click on a link in an email etc).

        Let the main user have access
        • by mlts (1038732) *

          What I have done sometimes is using VirtualPC and a generic XP VM for Web browsing. VirtualPC may not have the advanced features of heavy snapshotting or clustering, but the functionality it has for storing a change log, and dumping all changes immediately when the VM closes is good enough. Add to this running the Web browser under a limited user in the VM, and this narrows down the attack surface quite a bit. Should malware get on the VM, all it will see on the VM's local network segment is the VirtualP

          • by TheLink (130905)
            > Or, when the user does a bank transaction, act as a MITM and when a user does a small transfer,

            Like I said, use different browsers for different things. Stick to doing bank stuff with a browser that's dedicated for $$$ stuff.

            You don't have to run everything in one browser whether it's sandboxed or not.

            You can launch multiple instances of IE running as different users.
            • by mlts (1038732) *

              The thing is, how are the browser instances connected? If two use the same chunk of the filesystem, a compromised instance can sit watching what is downloaded, and as soon as an executable is copied, and add a payload.

              There are a number of race conditions an infected instance can do, from adding a redirect site to bookmarks stored to grabbing session authorization cookies, to altering cached files so when a clean browser instance hits a cache, it picks up an infected object which would compromise the new i

              • There is already this security mode, it's called running stuff as a different user. The browsers would be running as different (limited/restricted) users.

                The operating system enforces the separation. If you find a problem with the separation, then that's a huge bug in the OS. Ever since the 1960/70s users in proper multi-user O/Ses cannot access each others files, data and processes, unless the permissions are explicitly granted.

                The browser executables are only writable by the admin/system. So they won't be

        • If you're tech savvy enough for this solution, you probably don't need it because you're also tech savvy enough to either not click on dancing pigs or use Linux altogether.

          • by TheLink (130905)

            I do that anyway.

            Because:
            1) I don't trust either IE or Firefox to be secure enough.
            2) I don't use AV software for my machines - AV software is getting crappier nowadays, it's getting harder to tell whether a machine is infected by malware or crappy AV software.

            e.g. Lots of things running slower? System instability? Weird/dubious shit happening[1]? Hard to uninstall the crap? All of the previous?

            BTW both Symantec and McAfee recently agreed to settle charges that they automatically charged customers software

            • From a technical viewpoint, a Windows machine with a halfway decent administrator is 100 times more secure than a Linux box with someone who has no idea of security (or Linux, for that matter) at the helm. But that's a technicality, no pun intended.

              What matters is that there is simply no market for Linux mass malware. Conficker and its cousins don't exist on Linux. Why? Same reason why there is more commercial non-malware software for Windows than for Linux: No market share. Should Linux ever make it into t

  • Oh well. (Score:4, Funny)

    by A. B3ttik (1344591) on Tuesday July 07, 2009 @08:37AM (#28607051)

    affecting IE users on XP

    Good thing none of them read Slashdot.

  • Luckily Microsoft reports there is a fix for this, Windows 7 is nearly here.

    • Re: (Score:2, Informative)

      by dwieeb (1573153)
      Yeah, but only in Europe will IE not be bundled with Windows 7.
    • Re: (Score:3, Informative)

      by mcgrew (92797)

      here [microsoft.com] is the fix and no, it isn't "downgrading to Vista." It disables the vulnerable parts of the OS/IE.

  • by DanWS6 (1248650) on Tuesday July 07, 2009 @08:52AM (#28607299)
  • by Anonymous Coward on Tuesday July 07, 2009 @08:56AM (#28607359)

    Securityfocus [securityfocus.com] has more details, including the secret identity of the 'private reporter'

    • Re: (Score:3, Interesting)

      by Otto (17870)

      And exploit code: http://downloads.securityfocus.com/vulnerabilities/exploits/35558.rb [securityfocus.com]

      Basically, it's exploiting a buffer overflow in the MSVidCtl ActiveX control. It has it load a malformed GIF which causes a buffer overflow somewhere, which then loads in shellcode.

      Not much to it, really. You could make this into a static exploit if you so desired and pop it on any webpage you liked.

  • Considering how much of a security problem ActiveX is, I consider the workaround (i.e. disabling ActiveX) a very good final fix for the problem.

    • by stevied (169) *
      I'm pretty sure MS's workaround here only prevents that one ActiveX control being instantiated.

      Arguably, the Netscape / Mozilla plug-in API is just as vulnerable, though at least there the user has to do something to install it. It briefly looked like MS were going to be forced to do the same thing due to a patent issue, but sadly that didn't happen:

      http://blogs.msdn.com/ie/archive/2007/11/08/ie-automatic-component-activation-changes-to-ie-activex-update.aspx
  • But... (Score:2, Funny)

    by goobermaster (1263770)
    But BonziBuddy told me that ActiveX was working perfectly! How can a purple monkey that helps me to remember all my credit card numbers lie???
    • You need to pick a better place to store your credit card numbers. Twitter is easy and accessible world-wide.
  • by Em Emalb (452530)

    I have nothing further to say, I just wanna stand here in my black turtle-neck with my cup of coffee looking smug. /typed on my MBP, so simma-down now fan boys... ;-P

    Seriously, this exploit sucks. I've gotta patch a butt-load of computers today now. Thanks a lot MS. Anyone know if the MSI file has a silent install option? Or can it be done via GPO?

    I just walked in, this smacked me right in the face this am. Damnit.

    • by Ilgaz (86384)

      It would be hard to explain the real concept and danger to a Mac user and be sure the Mac users (ones not coming from win) will be member of of the "I don`t care` profile.

      I speak about Virtual Machine and Boot Camp running Mac users. They have never lived the disasters like Blaster and mostly they think "I don`t pirate or porn, I should be safe". Run Windows Update on one of boot camp users machine and see yourself. Of course, I am part of "run a free AV inside virtual machine" since I had very nice (!) me

  • Mac might not have as many problems, but they're a lot slower to muck around to fixing their holes. Not that I'm trying to start a war, just that I think you all ought to be less harsh.
  • just warn us when they have found no exploits at all?

    meanwhile, we would just assume the default status is that everything is exploitable

    it would cut down on the announcements by an order of magnitude

    • Re: (Score:3, Insightful)

      by VGPowerlord (621254)

      couldn't microsoft just warn us when they have found no exploits at all?

      In theory, they already do this on the second Tuesday of every month.

      However... has there ever been a Microsoft patch Tuesday that hasn't had any patches? I'm going to tentatively say "No"...

      • by MadKeithV (102058)

        However... has there ever been a Microsoft patch Tuesday that hasn't had any patches? I'm going to tentatively say "No"...

        And even if it happened, wouldn't the safe assumption be that the patch system had a bug or was exploited?

    • This is modded "funny"... it should probably be "insightful" or "informative".
      Pity there's no +1 Amen, Brotha.
  • Media Player will try to download codecs for certain wmv files. I stick with VLC and never use wmv's. But someone I know used the wmv and downloaded the codec and got a rootkit instead. I'd not previously heard of this method of attack but it doesn't surprise me a jot.

    • Or you can just go into Tools->Options and turn off the automatic downloading of codecs. And according to the help, the user is always prompted before downloading third party codecs.

  • Hmm... (Score:3, Interesting)

    by that IT girl (864406) on Tuesday July 07, 2009 @09:49AM (#28608175) Journal
    Does bring one question to my mind, though. In our office we have been told not to upgrade to IE7, though a few people "accidentally" did anyway. On their machines, even if they use Firefox, the security/Internet settings that IE7 made carry over to Firefox and affect it. One example is a certain java applet we have to access here that wouldn't even work in FF after my coworker upgraded. I had to go in and change settings in IE for it to work in either browser. I didn't upgrade and I'll admit my knowledge is a bit fuzzy in this area, so I haven't really looked into this too much, but... If a vulnerability can use IE to get into the OS, couldn't it do so even if you haven't opened IE yourself?
    • Re: (Score:3, Insightful)

      by magamiako1 (1026318)
      No. There would have to be some sort of vulnerability existing in the system to launch code, to then launch IE, to then exploit IE.......yeah....you can see the logic in that.

      No, if IE is not running or being used, the exploit would not affect the system.

      That said, this vulnerability does not affect Vista or Windows 7, or IE7/8 on those systems.

      Really--people should upgrade. And furthermore, people should not disable UAC.
      • We are running XP in this office, and as far as I know, will be doing so for at least a few more years. =/
        And I sincerely hope they skip Vista and go right to Win7.
      • by stevied (169) *
        Usually, anything that uses IE's rendering engine to display untrusted content is also vulnerable. MS's advisory mentions that Outlook Express isn't vulnerable by default in this situation because of the it's use of the zoning stuff, which implies that it, and other apps, might be vulnerable otherwise.
    • by stevied (169) *
      If IE and Firefox were both using Sun's JVM (which I imagine they were), perhaps it was the JVM's security settings that got changed? That's my best guess for that one.

      Because IE is almost always shipped with Windows, other apps often use its rendering engine to display HTML - they might be also be vulnerable if they use it to display untrusted content. The advisory mentioned the Outlook Express isn't vulnerable in its default configuration because of its use of IE's "zones" feature, but that does rather im
    • Why do people in your office have admin privileges to the computers there?
      • They don't exactly. This was back when Microsoft was pushing the upgrade as a "high priority update" and before our IT had a chance to catch it and keep it from going down to people's PCs. This office is full of people who don't know what they're doing, they just click the little yellow shield and install whatever updates are allowed to come down to it. (I usually check on them before installing, natch.) They sent out an email saying "DON'T UPGRADE" but for some folks it was too late.
        • This office is full of people who don't know what they're doing, they just click the little yellow shield and install whatever updates are allowed to come down to it.

          You lie. No $GENERIC_SLIGHTLY_DEROGATORY_TERM_REFERRING_TO_TECHNICALLY_ILLITERATE_USERS has ever pain any attention to a warning or notification that carries even the slightest bit of importance. It's the useless drivel that freezes them like deer in the headlights.

          • Haha... Nah, they've been trained to do that much, and most of them do it (some lazy-asses they wait until it automatically installs and forces them to reboot). But if they aren't checking the updates before they install them, it could cause MORE problems. However, that's what our IT group (of which I'm a member) is for.
  • Active X... (Score:2, Funny)

    by TriZz (941893)
    ...will soon be added to the Thesaurus as a synonym of "Vulnerability".
    • Active X ...will soon be added to the Thesaurus as a synonym of "Vulnerability".

      Right alone with Firefox Plugins, and any other technology that allows native code to run inside a browser.

  • by DarKnyht (671407)

    It makes me wonder why any financial institution would still design their websites to require Internet Explorer and/or Active X. Seems sort of like putting up guide rails at a bowling alley and then expecting everyone to bowl gutter balls.

    • by lamapper (1343009)

      Because they (banks) are as lazy and even cheaper than many corporations today. If they can hire cheaper labor they will (and they do); expecting this cheaper labor to know about exploits; have time to learn about exploits; or to use their free time to learn about exploits in order to thwart and prevent them is a bit much.

      Do not assume because you care and take the time to look at the code of every patch you download and install on your PC that others do. (Besides by definition, only open source users h

  • Here is how to fix a security threat from MS:
    Then click Run in the File Download dialog box, and follow the steps in this wizard.

    Oh yes, keep teaching your users how to press "run" from web browser, even on a concept/method which was created in 2009. Let them "run" everything, for easiness. This thing happens while Apple, vendor of OS X warns user about .exe files, under Safari for OS X!

    I know how their simple mind works. Now that couple of people who doesn't ignore them warned about how stupid to suggest u

As the trials of life continue to take their toll, remember that there is always a future in Computer Maintenance. -- National Lampoon, "Deteriorata"

Working...