Glenn (and others with OL98)

[snip]

> something that's too wacky for words.  In essence, they say that
> a "hacker" can cause an email attachment (say, an executable) to
> be placed in the startup group.  (Why not other places as well?)
>
> Is it just that the *user* can set up auto-routing, so that certain
> files can be placed anywhere the *user* chooses?  And thus, if the
> user is crazy enough to automatically route an email attachment to
> their startup group, they are literally begging for trouble?

There are API calls in both Win95 and Win98 that can cause files to be moved
and groups created off the Start Menu, as well as adding code to the Startup
group off the Start Menu.  This has always existed.

The case cited here, was a very rare case, and was a test run by a MS Beta
Tester and member of ClubWin.  This problem was found and reported, but was
also leaked to the press (which is a NoNo!)

Since the Consumer Preview of Win98 is out (and has been for about a month -
of Beta 3, not of subsequent "Release Candidates" - which constitutes more
bug fixes) - this alert may have been made for this reason...

Basically, no executable attachment to an e-mail can be "automatically"
run - one has to open the executable for it to run - so the word is, and has
always been, that if an executable file is sent with a message, scan it with
a virus scanner prior to running it, and never run it from the message - but
right click/Save As - then scan it... and treat all executables as suspect.
This is nothing new --- executable attachments have been around for years.

Best,
Joe