It isn't just about settings, which is what my first post here talked about. Sure, you can alter IE settings to make it as secure as a Mozilla source build. Sure you can add a google bar to block popups. But then again... FireFox, Mozilla, and Netscape already have these features by default.
But the greatest threat is the base source code within IE itself. That is unchangeable, unpreventable, and unblockable. Settings won't alter a thing in the world when a buffer exploit in URL handling exists. Thus what I said in my first post on this thread. IE still remains insecure for it's natrual codebase exploitation.