"What he was talking about is the increasing attention we're giving to security at various levels in the system, said Rattner. How can we make our products more robust in the face of attacks of all sorts — viruses, and worms, and rootkits, and all kinds of malware — as well as making them more capable of protecting secrets even in the face of attack?"
Here I was thinking that one can't fix a broken OS in silicone. The cpu doesn't really know the intent of the code it's executing. Executing a virus is not a bug if the OS allowed it in the first place, no?
One area which could use improvement is a mechanism to lock down the bootloader such that it cannot be modified - even by the OS, without user approval (requiring either physical, or network authentication). This way, even a vulnerable OS could be restored to a known state simply by rebooting.
I'm all for the RNG too!