Microsoft is finding that they're walking a fine line. Some DRM features can be used for good things, but there's very few of them. However, Palladium and NGSCB are right on the edge of taking total control of your computer, and the people have spoken and said they didn't want that. I think one thing that would help get rid of viruses is if the hardware was set up so only the first booting program, (basically the operating system) could access the hardware. Any other program that wanted to access your hardrive or network would have to go through one central location in the operating system. This would give the operating system a chance to analyse the request that is being made to it, and decline it if nessecary. This may allow the user to set up what files can be read by which programs, what files can be deleted. These things can be done today, but are so trivial to hack. Setting a file to read only doesn't do much if a virus can change it right back. This would also allow any bugs to be worked out of a central location. Instead of trying to get every bug out of every program. For example, instead of checking for a buffer overflow in every network application, maybe you could just have one central network program that all the other programs talk to, and your program tells it how much data it's expecting and how to get it and the OS can check for the bufffer overflow. A virus tries to delete your data and the operating system can make sure to notify the user before the action takes place. The downside would be of course that it may not be possible and if it were you would need some modified hardware, second, there's a chance that the OS moniting every request to a T would bring the system to a screaching halt. Nevertheless one quick fix would be to focus on autostart programs. There's too many places where programs can be automatically booted from on startup. This should be reduced to one central location, that is easy to manage by home users. Most users don't know how to turn off programs in their system tray. Second, no program should be allowed to autoboot on startup unless the user has requested it through the interface. In other words, a program should be installed with autostart turned off by default, and have to be manually turned on. Unfortunatly most programs go the other way on this. The OS should at least not allow that behavoir.