IE passed all of my Web browser security tests and scored in the middle on the remote password-handling tests. Local password handling was excellent; passwords are never revealed, and they are securely stored. Like the other leading browsers I tested (Firefox, Chrome, Opera, and Safari), IE didn't allow any malware to be silently installed from real-life malicious sites, and in most cases, it was very vocal about Web sites trying to install malware. Unfortunately, it too eventually got overwhelmed by the most malicious DoS Web site in my tests, and the browser had to be restarted. It should be noted that IE lasted more than a minute before succumbing to the DoS attack; in contrast, most browsers fell in less than 30 seconds, and some required complete system reboots.
IE has no peer in enterprise deployment features. Using the Internet Explorer 8 Deployment Guide, administrators can deploy and configure more than 1,300 IE-related settings via Active Directory Group Policy or the Internet Explorer Administration Kit. It is the only browser in the review to support Kerberos authentication over the Web.
IE's popularity makes it the most attacked Web browser by far, and its support of ActiveX controls has invited many exploits that are not possible on other browsers. But IE's mature security granularity, security zones, and deep enterprise features backs up its acceptance in the enterprise.