The latest (but most likely not last) breach of security in MSIE details a way to run any program on a user's computer from a remote webserver. A demo site runs logout.exe which promptly logs out the user from Windows. The official response from a MS Sweden representative is to rename logout.exe to something else. He did not specify what one should rename format.exe to; maybe stupidbastards.exe would be a good idea?