First post in 2007, some thoughs about browser security.
Ever since Microsoft developed the so called AtiveX (an dll program, origin from OLAP )which enabled executable code run on client machine, the security issue that relate to IE increase aggressively.
Unlike traditional scripting language such as VB script, Java script who run within the sandbox environment ( executable code is restrict inside the interpreter, like JVM ), AtiveX code can run on the client machine freely. By which mean, ativeX opens a big door for the attackers to take over control the user's computer. Although, many modern technology make sure of activex to bring cool effect, such as the Macromedia Flash; the downside of activeX is incredible overhead. I surely believe people known a the spy ware called the Gator. Thanks to activeX.
Traditional internet concept is only to deliver TEXTUAL static page to the client; however, nowadays, server will even deliver executable codes to the client. Man~~~ that too danger... because there are many malicious code out there on the web. If I am you, I will shied myself up by setting my browser security as high as possible to avoid possible attack.
The browser is like a pioneer, it take you to any place on the web everyday. Imaging that you are exploring a new territory where you never been to before ("Good luck!! hold your breath~~). Will you scare that you be attacked by wild animal. Same concept apply to today's world wide web. Therefore, better shied yourself up while browsing the web.
A little tips from Steve Gibson, an highly intelligent security guy, teaches you to shied up yourself in IE. In IE, there's something call the zone level setting in the preference. User can set that level to the highest level, once you do that, you are disabling all the executable scripting from running in your computer. and then there is a thing called "Trusted zone", where you can specify which sites you will trust and allow it to run executable script.