For security, I run Linux (therefore, I obviously don't use IE either). But even with this, I don't allow Java in a web browser (certainly not - never have), but neither do I allow JavaScript or Flash. When I run into friends who ask for computer help and they are unaware enough to be allowing ActiveX, I advise them to disable that. I haven't messed with many Windows computers lately, so I really don't know much about Windows and IE anymore. I abandoned that long ago because of all the security flaws, and just never looked back. Windows could have improved since then, but I really don't care anymore.

I do have a few websites whitelisted and they are allowed to use JavaScript (ETS being one of those), and other specific websites are allowed to run Flash. Very few however. Cookies are disallowed for most sites, I enable that on a site-per-site basis. For example, ETS can set permanent cookies, and when I'm actively buying a product off a website I usually enable cookies (temporarily) for "session only" since most online purchases won't work without that. Ads are blocked as well. The main reason is not because I don't want to support advertisers (although I admit I DO hate intrusive ads!), but because allowing all that stuff into your computer is just another road to potential disaster, as well as a bandwidth hog.

You don't want websites running software on your computer. I may be old-school and hard-assed about this, but my computers don't get compromised.