How IE7 Security Works
Theoretically, the Vista: IE7 security platform protects the system against ‘exploiter’ programs embedded in some websites. These programs initiate malicious code or set up Trojans in the systems they contact.
What are the merits of IE7’s Protected Mode launching browser code at low levels of privilege, with reduced file system and registry access?
A user can turn on or shut down Protected Mode per separate zone. The Default setting enables this mode for nodes listed in the Trusted Zone. Vista also offers Protected Mode API for management implements congruent with the aforementioned mode. This is a recently added, and yet untested, function which is thus quite susceptible to malicious programs.
IE7’s ActiveX Opt-in function obstructs ActiveX management devices that users have not confirmed for operation. How does this secure the system?
This function’s advantages are difficult to understand. IE has always possessed the capability to render ActiveX inoperative. In IE7, this feature enables itself automatically. In addition, users did not prefer to stop ActiveX operation, even while using earlier versions of IE. If they halt ActiveX, users cannot view flash animation on the Internet, or very likely encounter security pop-ups per view of a flash clip. From the usability perspective, IE7 has arguably declined in quality. Unknown components of ActiveX have been, and will be, permitted to initiate.
Cross-Domain Script Attack Prevention prohibits collaborating scripts (from different domains), and secures against phishing attacks. Are potential system attacks thwarted?
Keep in mind that inter-domain script attacks only comprise a tiny percentage of obscure attacks, and results in a virtually unnecessary and almost futile security solution.
IE7’s security functions have more components then the aforementioned Protected Mode, ActiveX, and Script Attack Prevention. Other parts include the Security Status Bar and Phishing Filter, among others.
Windows Vista: IE7 Security 
