This is a variation on Brad's forward of the MSN security hole: Information Week, August 28, 1995, p. 24. Risk Looms On Microsoft Network. E-mail icons can hide viruses. A feature designed to make electronic mail easy to use on the Microsoft Network online service may also make it easier for hackers to trick users into running destructive software programs on their PCs. When a Microsoft Network user sends a binary file embedded in an E-mail message, the file appears as an icon on the recipient's screen. The recipient can double-click on the icon to automatically download the embedded file and execute it. To download the file without executing it, the recipient must use the mouse's right button, which has been rarely needed until now. Though other online services offer automatic downloading of files, Microsoft's goes one step further in allowing the file's automatic execution. That file could be a virus or other malicious program that could erase files or reformat a hard disk, according to Mike Wyman, VP and chief technical offficer of Interactive Data Corp., an investment information firm in Lexington, Mass., and a Microsoft Network beta user. "On the Microsoft Network, I can disguise an icon so that it looks innocuous," says Wyman. "The analogy I like to use is the Unabomber. If you get a package in the mail that's wrapped in duct tape and brown paper, you'd regard it as suspicious. But if it's a plain white envelope with Ed McMahon's picture on it, you wouldn't think twice about opening it." Microsoft says the feature is a convenience, not a security hole. "There are risks of getting [data] off the network in any form," says George Meng, group product manager for the Microsoft Network in Redmond, Wash. "People have to be aware of what the source of information is." Winn Schwartau, president of Interpact Inc., a computer security consulting firm in Seminole, Fla., disagrees. "If the ability to execute programs bypasses conventional filtering and virus controls, then you certainly have a security hole," he says "Potential 'Trojan horse' programs could be sent by anyone." By Mitch Wagner and Clinton Wilder [End]