>ok, but want do you want to do with a stolen session on symantec ? get >free AV ? Are you really known that it can be used only for stolen session? XSS may use for fishing, farming, XSS proxy and other.. Can we trust security company, which can not protect your corporate Web site?