Generally no, unless they fall into the small minority of users who do these things maliciously (i.e. to cause hassle for their employer etc).
The best course I find is to try and educate, and where possible suggest alternative working practices and/or software.
The classic opening an infected email must rank at the top. Other vectors like downloading programs and running without checking etc.
Many people sound like they are being black and white, but in many cases this is simply because they assume (incorrectly) that everyone is aware of these issues.
I agree, none of us are perfect. Would you feel safe in a car knowing that there was only one bolt holding on each wheel, the tyres were bald, and there is a detonate in the fuel tank waiting to go off should you corner too quickly or run into something? Many folks will do the IT equivalent without even realising.
Sorry, I did not make that clear...
I was suggesting that you need third party programs for protection (e.g. a good selection would be a virus scanner (AVG), AdAware, Spywareblaster, SpybotSD1.3, (possibly ZoneAlarm depending on platform)) to keep safe.
(All of these are available for personal use free. Given that and care you can be safe with IE/OE. I would also recommend you use them with _any_ web/email software).
If you don't have at least AdAware I would very strongly suggest downloading a copy and running it.
Odd that, I had you pictured as Silver Haired ;-)
Translations, ActiveX:
IE has the ability to download and execute code contained in an ActiveX control. This is just library of executable functions lumped into a wrapper that makes it easy to integrate these functions into a web browser environment. It allows a web server to pass programs to be run on your computer to you to (in theory) enhance the functionality of a web page.
A good example would be when you visit the Microsoft Windows Update site, it downloads an ActiveX that then compares the versions of software on your computer with the latest versions and passes this information back to the web server so it can produce the list of patches you need.
This is not unlike Java which is a cross platform technology (i.e. runs on many different computers and OSes, not just windows and Intel/AMD x86) that allows similar things. However there is a critical difference. Java programs run in a virtual machine (i.e. what they sometimes call a "sandbox"). While not fool proof, it does limit the amount of control that Java programs can have over the computer running the virtual machine.
ActiveX however has none of this sophistication, once the code is on the computer it runs with the same scope, privilege and capabilities as any other program you care to run or any action you may care to take. IE has grown a huge layer of complexity with different "Zones" to control when and where ActiveX controls can do their stuff. Needless to say many of the exploits on IE rely on circumventing these Zones to trick it into downloading a control and running it without asking, because it appears to be "trusted" or from a trusted zone.
A browser like Firefox will not run ActiveX controls. This is why web pages that depend on them will not work correctly on Firefox, and you still require IE.
Browser Helper Objects:
These are libraries of executable code that can be patched into IE to extend its functionality. For example if you view a PDF document in IE, Adobe Acrobat Reader will open up inside your browser as an extension of it. This is a BHO in action. There are similar facilities in most browsers, but IE seems to acquire the things without informed intervention of the user in many cases. (Many enhanced search bars for IE fall into this category). There is not direct functionality built into IE that lets to view and control these things however. You will need to get a copy of "HijackThis", or poke about in the registry to find out what you have hooking your browser.
For some this will be true. It is a classic case of "know your enemy". For 99% of the time however we are dealing with "mass market" compromises here. Unless I know there is some information of real value to me on your computer it is not worth me spending any more time or effort on compromising it than I would on any other. Most hacks of this type are robotic. Software will scan blocks of IP addresses looking for vulnerable unpatched systems, emails will be sent out, and malicious web sites created to ensnare computers in large numbers. If these techniques do not get yours, then that is not a problem since there are millions of others to get instead.
If however you enemy has targeted you personally, and they have the resources, then they will gain entry... probably by non technical methods.
Do you include yourself in that "we" ?