I ran across this post from Microsoft's Internet Explorer blog site shortly after the software giant patched the animated cursor flaw in Windows Vista with the release of MS07-017. Microsoft has said that users running IE 7 under Windows Vista are better protected from the malicious effects of Web exploits such as the animated cursor exploit than users running IE 7 under Windows XP because of the introduction of a new "sandbox" element (called Protected Mode) within the new operating system.
For example, in the case of the animated cursor attack, with Protected Mode enabled, remote attackers can only view files on an infected Windows Vista machine, not run malicious code. Now it seems there are exceptions.
Microsoft says that Protected Mode for IE7 under Windows Vista is enabled by default only for sites within the Internet, intranet and Restricted zones. It is not enabled for Trusted Sites or Local Machine zones. Thus, you are likely to see the Protected Mode icon switch from on to off and back again as you move among sites that fall within different Internet Explorer zones. To remedy this, Microsoft says you must enable or disable Protected Mode for Trusted Sites or Local Machine zones yourself.
To do so, choose Internet Options, the Security tab, select the appropriate zone, then check/uncheck the "Enable Protected Mode" box as appropriate.
There are other times when Microsoft says Protected Mode is disabled within IE 7. Here's a summary:
If you turn off User Account Control within Windows Vista, you automatically lose Protected Mode protection.
If IE7 in Windows Vista is launched by right clicking on the IE icon and selecting "Run as administrator" or when IE is launched with administrative privileges from another application, Protected Mode is disabled. An example would be during some software installations.
When viewing an HTML file on your hard drive (as opposed to the Internet), Protected Mode is disabled. The exception being an HTML saved from the Internet when Protected Mode was enabled; Protected Mode will still be enabled cached on your hard drive.
But the best part of the Microsoft blog comes at the end: "If you visit a page whose zone has Protected Mode enabled and you see the status is 'Protected Mode: Off,' you will want to close and restart a new instance of IE to visit the page."
Or switch to Mozilla Firefox 2.