I know a guy, goes to hacker conventions, he says virtualization is hackable. That is all I need to know about that. Besides, what protection does it provide against a hack that comes in, installs spyware, and gets your info all in the same session? I'm able to whitelist with very few calls to the DNS servers. I installed PRIO on my surfing machine and watched the url's as I logged in to simply discover the numerical addresses. IB's help chat shared their numerical url's with me, no problem there at all. They provide the security device that I have to have with me to log in so when I chat with them they are secured. If I want a static IP I can whitelist my IP at their servers just by changing my account settings. Regarding DNS cache poisoning, the news was they were fixing that, it should be done by now... besides, like I said, I don't do DNS if I can help it. Just the same I would not route to the server in China or a few other places I could name... If a rogue programmer is able to put spyware in TWS's code for example, when he wants to upload something from my computer likely he will want it to go to his own url. Since that is whitelisted out he will then have the problem of trying to get his stuff through the pinhole firewall at IB's server, likelihood of him having all that capability is really slim imo... Edit: This thread made me reconsider what I will secure with the hardware firewall and what's not worth it. Likely the bank is going to screw up anyhow, not worth it, good excuse to do banking with a MAC and just hope for the best, it's just checking that I do anyhow. IB is worth it, they go the extra mile... and virtualization, wow, how would having a windows simulation running on windows make your MORE secure? LOL, it's redundant insecurity at best... My wife was trying to deal with a bank last year regarding some accounts of her dad's and a power of attorney for his estate. They just were impossible.. she was getting really frustrated. At that time I stumbled across a blog where just a couple of guys were discussing how to hack a bank... they went on for a few days, I didn't report them to anybody because I was curious and pissed at the stupidity of banks in general (and this was before the subprime mess even) so I watched. Eventually they just put their spyware on some thumb drives and sprinkled them around where the employees took their smoke breaks... it worked, they said that somebody took one into the bank and plugged it in, they cashed in and obliterated the blog... street smarts kicks ass ever time