Measuring container security

I know you're being tongue-in-cheek, but as an aside: this idea may be due for retirement. Microsoft has made some serious progress on securing Windows in the years since Blaster et al. roamed the earth. They still get hit with a bunch of stuff (due to their prominence), but it's no longer like the bad old days where half-baked ideas like ActiveX opened holes in the OS a mile wide. AFAIK their NX and ASLR support are state-of-the-art, and I know they've put a lot of work into static analysis etc. in an attempt to cut down on security bug counts. Plus, UAC is a pretty solid idea (initial UI disaster aside)...