>If you allow WSH or other scripting things to run, you are living on borrowed time regardless of what you do. I use the Linksys router, and that prevents people from coming in through any ports I haven't explicitly opened. Email is a different beast. At some point we all open emails sent to us from people we know that has an attachment. How do we know where they got it? We usually don't, and that is a big potential problem.

True. There are apps that can scan email and attachments (usually even routes it though a differnt server), and also 'script walls' you can use that checks the scripting when it runs. One of the better ones is http://www.avx.com