First, I want to thank you for the above. You are correct.
I did not think this through, so... good point about IE6 as well.
I think the argument about the popularity and vulnerabilities may have its' basis in our frustration and exasperation towards M$FT, before their security initiative was introduced a few years back. That there were serious vulnerabilities, there can be no question about that.
IE6 probably was a badly written program from a security standpoint, from the start.
Update on BufferZone -- it is not a VM, as I have found out. It also is more restrictive, more so than Sandboxie, in use. It also is not truly protecting my system as I later found out, as I found 0 byte folders in the hidden Vritual folder of COMODO Firewall. It had also been renamed to "VritualRoot" as well. I looked before I restored with a disk image, found it, restored the image, and this folder was back to the way it was before I installed BZ.
This is good experience, and in line with what R. Proffitt first said. This is beginning to look exactly as you said, "A waste of time if free", so....
I think a difference between Microsoft historically in years past and Linux and Mac is in how the program database is managed differently in Linux and Mac. Each is much more restrictive, and requires a basic knowledge of terminal and sudo commands in Linux and Mac to install and run a new program. Windows is basically a click-and-run os, with the same processes hidden behind the fancier gui's and the average user never sees these processes run, so has no idea what they are or what is actually going on.
Hence the danger of installing and running a program such as BZ.