This "should AV/AT programs warn about keystroke loggers, crack engines, keygens, browser hijackers, jokes, burps, farts, etc" thing was discussed to death years ago. It re-surfaces periodically, with the same tired old arguments from the "we should have the freedom to do whatever we like" brigade. Today, email is the most common vector for new viruses ... but it wasn't always so. With antivirus software becoming smarter and more efficient, the virus writers of the 1990s needed a way to propagate their goodies fast. It didn't take long for them to figure out that warez and crackz were the perfect vehicle, and even today the number of deliberately virus-infected (and Trojan) cracks and keygens online is staggering. CIH stands out as one of the most destructive viruses ever written, but it wasn't smart enough to become as widespread as it did on its own merits. Human greed gave it the shot in the arm it needed to succeed. Weeks before its first trigger date it was online for two days on a crack site as a "keygen" for the Windows98 Beta. At that time only NOD32 and AVP could detect the virus, and by the time the webmaster was alerted more than 44,000 copies of CIH had been downloaded. Guess what the reply of any of those 44,000+ people would be if you asked them "Should antivirus software detect keygens as potential threats ?" I can see where Carl is coming from ... his file isn't a virus and it's not really dangerous ... but the mere fact that it calls itself "firefox.exe" might give The Mozilla Corporation the urge to brand it as a Trojan. I guess the bottom line is that antivirus vendors, like all other commercial software vendors, are largely dictated to by user wishlists ... and we can basically narrow those wishlists down to "what the big corporate customers want". If the IT Manager of "International Mega Dollars Corporation" tells you that the Paris Hilton video clip is not wanted on his 250,000 PCs, expect to see "firefox.exe" tagged as "Win32.PH.Porn".