A lady I built a PC for called me and asked about security when entering sensetive info. She was doing business on her bank's site and said Protected Mode is set to off (because I disabled UAC) and she didnt see the "lock" icon, so she did not proceed. She is using Vista and IE7. She is concerned about this, but I dont really know what Protected Mode does. If you are at a legit website (I explained about e-mails and links pretending to be real) what risks do you run when sending this info? When the pop up message tells you that you are sending info unsecured, is that a risk? I have always just pressed yes to continue and never had an issue.

She may have not seen the lock icon because its in a different place in IE7, at the top instead of the bottom. Is the lock something that the PC controls, or the website? I always thought it was the website.

I did some google research on Protected Mode and found that it has nothing to do wtih sending information over the net. In theory it isolates IE7 (works only in Vista) from your OS so that IE cannot install anything onto your computer, like malware. But somehow Protected Mode turns itself on and off depending on where you are. UAC has to be enabled for Protected Mode to work.

I still would like to know how one can be sure that the info they are sending over the web is secure. Is it up to the site you are on, or are there settings in IE that affect it?

First, in IE, got to internet settings, click the advance tab and at the bottom of the box, click the "Restore advance settings", this puts the settings back to what they were when IE was installed after you restart IE. You can check your SSL settings (Secure Socket Layers) by going back to internet options, advance tab, scroll down to security area and make sure the Use SSL 3.0 is checked. Some sites use the "lock icon" you see at the bottom of IE or FF, to tell you if a secure connection has been made, some, like my credit union, change the http to https once a secure connection has been made. The latter might well be why the lady didn't see the "lock" icon. If you want some more info on SSL 3.0, this link has a good but brief summary on it.
http://www.schneier.com/paper-ssl-revised.pdf