The referenced article included such gems as "Palladium stops viruses and worms. The system won't run unauthorized programs, preventing viruses from trashing your system." Setting aside all the other issues in the article, this by itself is a remarkable piece of misdirection.

Why? Well, let's look at viruses...

There are four main avenues that viruses and worms use to spread. There are others, but the vast majority of outbreaks have used these avenues of attack.

The first, and oldest, is "social engineering". You trick a human into running a program for you. This is the electronic equivalent of calling up the sysop at a company and saying "hey, this is Jack Smith in accounting, I can't get in, I forgot my password because I had it programmed into my mail program, can you clear it for me?". Making the OS more secure can help somewhat, but you don't need to wait for Palladium to do this... most multi-user operating systems are designed so that users normally run with restricted privileges, and so can only damage their own files... not the OS or other user's programs.

The second is exploiting a straightforward bug, usually a buffer overflow. To fix this you don't need a new security model, you need a programming language that doesn't allow buffer overflows.

The third is a "cross frame attack": you trick the client software (web browser, e-mail program, music player) into running untrusted code without restrictions. This is almost always an attack on Microsoft's poorly-advised merge of the web browser (which is almost always dealing with untrusted objects) with the desktop, mail software, and so on. If they had integrated the HTML rendering engine in the OS and left the Internet access code in a separate program that used the HTML rendering code but otherwise managed its own access controls... at least 90% of the widespread virus outbreaks would never have happened.

The fourth is conversion attacks. You encode the message containing the attack code inside a package the outer layers of the OS or application don't know how to open. Ironically, Palladium is likely to make this kind of attack easier, because it's almost certain that part of the security model will involve separating the system up into components that don't have the keys to each other's files.

Ironically, one of the latest security issues with a Microsoft product is due to the first Palladium-type software having three of the kind of security holes I just listed above... Windows Media Player. The second of the three holes would not exist if Media Player didn't have to have access to the OS internals to implement Digital Rights Management.

Of more concern, the integration of the browser and the desktop and other components that created the possibility of "cross frame attacks" is due specifically to Microsoft's attempt to avoid complying with their original agreement with the Justice Department by bundling the Browser and the OS. Microsoft has maintained this dangerous design despite years of massive virus outbreaks caused by this decision, because otherwise they'd have to admit fault. Even now, when they have been found at fault, and there's nothing left to lose, they refuse to unbundle the Internet access from the rendering code.

So, not only has Microsoft never before shown much concern for this problem, they have actively worked to prevent a straightforward fix that they are legally required to implement. Using this issue as a hook to get more control of the computer is, well, there are polite terms for it and I'll let you decide which one to apply.

Even if you don't care about this specific issue, what does this say about their likely behaviour if security problems crop up in the design of Palladium?