Though the Internet has forced us to find cross-platform standards, most of us don't abide by those same limitations at work. You're more likely to use documents in their native format on an intranet than on a public Internet site. Since HTML links any type of file to your page, there's no barrier to using non-HTML documents. For example, you can link a Microsoft Word document to your intranet as easily as a GIF.

Remember that the same file associations used for your intranet Web will also be used when you point the browser towards the World Wide Web. That can be bad news if the application's document format includes a macro language, as Microsoft Word does.

Is there any company that hasn't yet been hit by some form of a Word macro virus? WINDOWS Magazine has experienced multiple epidemics. One was triggered by a document sent as an e-mail attachment from our parent company's support staff, and two incidents involved CD-ROM files sent to us by Microsoft itself.

You can avoid such viruses by installing the Word and Excel file viewers to view documents, instead of opening your files with the full-fledged applications. These viewers don't run macros, so they're much safer than the application if you only need to read the file.

Browsers such as Netscape Navigator and Microsoft Internet Explorer support the same core technologies, whether your platform is the Internet or a corporate intranet. But while they share the same software and protocols, the Internet and intranet are two very different neighborhoods. You're more likely to trust the data and applications from your own intranet, for example, than some unknown Java application downloaded from a never-before-visited site. Newer innovations such as JavaScript, VBScript, Java and ActiveX are equally useful in both settings, but they can be hazardous as well. Although malicious Java or ActiveX applications haven't become as commonplace as Word macro viruses, the potential is there.

In their current state of development, browsers can't help in separating the good guys from the bad. For example, you may want to use JavaScript, VBScript, Java and ActiveX controls in your intranet pages because they offer so much flexibility for developing custom applications. On the other hand, you may not want to run scripts or controls on pages you receive from the Internet for security reasons.

No browser currently offers a convenient way to selectively run scripts or controls. Although Netscape Navigator has an option to disable running Java applications entirely (in the Options/Security/General dialog), it can't disable or enable Java based on the page's source domain, and it can't disable JavaScript at all.

The next-generation browsers, Netscape Navigator 3.0 and Microsoft Internet Explorer 3.0, incorporate technology that will help you safely run on the intranet and Internet with the same browser. Java and ActiveX applications can be created with a security certificate that identifies the creator and ensures that the file hasn't been modified. The browser can be set to automatically accept and run applications from specific creators. For your own intranet application, you can use a security certificate to identify your company, and have the browser accept only those applications.

Neither Internet Explorer nor Netscape Navigator includes any way to selectively run JavaScript or VBScript that you might encounter in Web pages. Although the security risks in these scripting languages are lower than in Java or ActiveX, there are still subversive or malicious things that a knowledgeable person could do with scripts. If this becomes a problem, browser developers will probably add selective-screening features for scripts as well.