After some delay, I'm finally getting to grips with Tiny's Trojan Trap. The program is so powerful that many, including myself, have found it too daunting to implement...but last night I saw the light! With the Administration Tool, I created a new Application Group called "IE Straitjacket". I made this RESTRICTED. I promptly moved Internet Explorer from its predefined group into the straitjacket. I clicked File Security, and promptly set ALL drives to "No Access". I did the same to System Security and Registry Security. Then the sneaky part...I went back into File Security and clicked "ask user" and double-clicked ALL. I did the same for System Security (for all its headings) and Registry Security (again, for all headings). Then I started IE. Through trial and error, I learned which prompts to set to "permanently allow" and which to set to "permanently deny". Result: when it set IE's address bar to my C drive, all I see is a read-only version of AUTOEXEC.BAT! No other files, no other folders! Nada! Zilch! Nothing! I also set scripts to run in their own sandboxes. Now I've got the happy situation where if any malware scripts try to run on my browser, they've got nothing to find, nothing to change, nothing to do! Plus, I've got BOClean running, and AVG, and Script Sentry, and all the other usual suspects. Boy, am I feeling smugly secure this morning! I'm in the process of doing the same thing to Outlook Express. Then I'm going to investigate CHX-I (packet filter and firewall, separately) and then - who knows! I love TTT! Don't be scared of it! It's easier than it looks!