I don't know how clear I can say this, your threat model is broken, and the bad guys can't stop laughing about it.
Come on, now...who's going to be better at Security than Microsoft? Since bad guys won't be allowed inside the TCPA world then everything's going to be just fine.
Seems like the "evil packet" idea will be useful here...bad packets should have their "evil bit" set to one, and they won't be alllowed inside.
-TD
