---------- Forwarded message ---------- Subject: The MSN is Hacker Heavan As most of us are aware, the commercial online services, such as AOL, Compuserve and Prodigy, represent certain risk to the unsophisticated user. Unfortunately, the Microsoft Network (MSN) raises the vulnerability of such users to unprecedented heights. Key to this vulnerability is the richness and complexity of the MSN/Windows 95 environment. What is most dangerous is the ability for the author of an e-mail or (certain) BBS documents to embed "objects" in that document. These objects can be readily disquised to appear totally benign to the casual user and be nothing more than MSN navigational aids. Once double-clicked by the recipient, these objects can readily infect the recipient's PC with a virus. Worse, what this object could do is only limited by one's imagination. It is worthwhile noting that MSN appears to be migrating to an open architecture, with the MSN user connecting through the Internet. If this is true, there is nothing which prevents an object, once activated, from transmitting information stored on the user's PC to any other location on the Internet. In theory, embedded objects can be interrogated to ensure their validity. Unfortunately, this interrogation process is not likely to be carried out by the average user. Even if it is, the user is not likely to understand what they are looking at. It is like warning automobile drivers to look under the hood of their car before starting it to make sure there is not a bomb inside. Most drivers would assume that the odds were with them. Those that did check would have no idea what they were looking at. (At least that's my feeling when I look under the hood of my car :-). Microsoft's position appears to be that the MSN user is no more vulnerable than one who uses a competing system. I would maintain that this position is just not true. With system complexity comes excessive vulnerability. MSN rates a 9 in complexity. The other services a 4. The bottom line: Users of MSN are placing themselves at significant risk. If one must use MSN, avoid at all cost activating (double-clicking) objects in e-mail messages and BBS posts. Sophisticated users may think they know what they are doing, but it probably won't be long before they are outwitted by someone who figures out how to totally disguise an object's true purpose.