|And, now with all the power the Mr. Gates has built into the Office |tools, you can build a virus that travels in a data file (ex: Excel's |Laroux virus is an Excel spreadsheet that contains a macro that prol- |iferates itself into your Excel startup, and further into every spread- |sheet you open). That's why the new versions of Excel warn you about |auto-run macros, and offer an opportunity to disable macros before the |virus has a chance to infect your PC. Course, it also has a "disable |this warning" check box. If Microsoft supported Java or another "sandbox"ed P-code system, it would be possible to include automation macros within documents without any risk to system security. Unfortunately, they've instead allowed document macros, ActiveX, etc. to have full unimpeded system access; in addition, their e-mail software can be configured to automatically open certain types of documents which may contain such things. Perhaps the most dangerous of these "features" is the automatic opening of .html documents using Internet Explorer which then will automatically go fetch and execute any code requested by the .html docu- ment. Although Internet Explorer uses "Authenticode" technology to protect ActiveX components from tampering, there is no protection from rogue programmers other than the fact that any viruses/trojans/whatever will be traceable to the (likely stolen) credit card the programmer used to obtain the Authenticode valid - ation key. Returning to the embedded systems front, some of these issues can become a bit interesting when the ability is provided (intentionally or not) to change an embedded system's behavior by sending it suitably formatted code. On the PIC 16Cxx and other embedded-ROM micros, most of these issues don't come up but on the 68HC05 it's possible to run code from RAM; since the processor stack is also stored in data RAM, it may be possible to sneak code into RAM and cause it to execute (I actually did this while trying to work around a bug in a particular embedded system which took data from a multi-drop network. Unfortunately, since the client's tax year was ending, they decided to scrap the hardware and take th e tax write-off immediately rather than spending the time trying to salvage the $50K in programmed and potted devices. Oh well.) ObPICquestion: Does anyone know if there's a source for either ROMless 17Cxx's (either ROMles s by design or by virtue of having a useless program in OTP?) For applications which use external program memory it would seem like it might be useful to save the $$$ vs EEPROM/OTP parts. ObTrivialQuestion: I've heard that the Timex Databank watches use a 6805 derivative and that it i s in fact possible to feed code into those watches and execute it. Anyone know an y- thing about that? Attachment converted: wonderland:WINMAIL.DAT (????/----) (0001CED2)