Computer security experts have long recognized the threat of trojan horse programs [6, 15, 13]: programs that appear to perform one function while actually performing a second, unwanted function. A particular concern arises from the presentation of an interface to a user or consumer. Since human users identify applications by their interface, a human user may be unable to distinguish a legitimate program from a rogue program's mimicking of the first program's interface. These concerns are further exacerbated when the consumer is using electronic commerce protocols on the World Wide Web. The consumer may be required to enter security crucial information (such as credit card numbers, bank routing and checking account information, billing account information, personal demographic data, etc) into the local client. If a trojan horse can grab this information or fool the consumer into submitting this information to a third party rather than to a valid electronic commerce server, then the consumer can unintentionally release confidential information to third parties. This paper gives an example of how remote execution systems such as Java can easily host such a trojan horse attack. We then give a general method of window personalization to address this problem.