Understanding Vista's IE Security Model
The official Microsoft description is complicated. The explanation on their blog is highly technical and not much help to someone attempting make an informed decision. Their description on MSDN isn't much better. I'll try to sift through the techno-talk here and lay out what I think is going on.
First, Protected Mode is available only on Windows Vista. This is because much of the power needed by Protected Mode is available only through the security subsystem of Vista. If you're running IE 7 on Windows XP, you're out of luck.
Second, to understand Protected Mode, we have to better understand Vista's security model. In Vista, each area of the computer system to which data could be written and from which data could be read is broken down into access groups and require specific access permissions called "Integrity Access Levels" or IL for short. Files and registry keys are called "Securable objects" and default to medium IL. This means that if a process (like a program) doesn't have a specific permission assigned to it, it is assumed to be run by the user and thus can only write to specific areas of the registry and modify user files located, say, in the user's Document folder.
Processes (again, these are typically defined as running programs of some sort), have an IL that's dependent upon where they are run. Applications run from the Start menu have Medium (User) IL. If an application requires Administrative privileges, it runs with High IL which means it can write to (almost) any file and (almost) any area of the registry. Processes with Low IL can only access very limited files and registry keys that are specified by the operating system as Low access (see below). The Low IL specification is considered untrusted.
The bottom line here is that Vista segments areas of your computer system into "protected" and "unprotected." To access the protected areas which typically contain key operating system files, personal user data, program access and the like, a program must have specific permissions from you, the user or from the operating system. So how does this apply to Protected Mode in IE7?