We've reached urban legend time for Java...? There is no Java virus known as "Black Widow". There was a melodramatic web article about Java security that used the title "Black Widow", a pun on the web. The article focused mostly on the danger of denial-of-service applets that consume resources on the client. While rude, annoying, and potentially the cause of losing unsaved edits in a word processor, (if you were flumoxed and panic'd and instead of killing your browser, you rebooted your computer and lost any pending edits) denial-of-service applets are *not* viruses. And they are not stalking the web. Really. I work on Java security at JavaSoft which is part of Sun, and try to keep our web page up to date. See http://java.sun.com/sfaq/ for info. In the "for what it's worth dept", the security breaches that have gotten so much press are fixed in JDK 1.0.2, our current release, and in NN3.0b4. This includes the bug mentioned in the May 18 NY Times story. Marianne