And your analogy completely ignored the fact that I proposed delegating security to a actually secure system (one where instruction- and data- address-space is physically separated).
Am I understanding you correctly you want to protect your computer by only looking at the internet traffic from this computer ? Which most of the time is encrypted anyway ?