In a theoretical sense, your talk about well-managed resources refutes it. But in a practical sense, we know that that “goal” is unfeasible to the extent that there is a trade-off in utility and speed. Most OSes (even OS X) somewhat compromise that goal to achieve ease-of-use and user productivity.

As an architectural law it is false, as you indicated by the primary goals of an OS. But as a security law it is true, since you need to protect yourself against the worst-case-scenario. You never know if a particular OS feature is poorly designed and is the weakest link or when a bug in the system will compromise your computer.

My interpretation of Scott’s laws, particularly from the use of analogies and the cute phrase “a bad guy”, is that he’s trying to write a though-provoking piece just to get novices aware that security is not a walk in the park.

Further, there is the problem that MacOS and Linux often just provide a level of abstraction - prompting the user for the root password as necessary. If the user just enters this automatically whenever prompted, then the same security problems apply.

Really, the “law” could be refined to something more technically accurate such as “it is potentially unsafe to run any software you don’t trust”, but that is just saying the same sort of thing in a more subtle way. To truly escape the realm where the “law” is at least somewhat applicable requires something along the lines of MAC, such as SELinux.

And, while I agree that it is a good thing if the user understandles the distinction between the current reality of the principle and the fact that it is rather avoidable, that would be great. And, in the long run, users will be safer this way and therefore we should all work towards making that distinction clear. However, 1) most people don’t “choose” their OS at all, but use what comes with their computer, and 2) whatever choices might make for their home computer, they are still often going to be stuck with systems not of their choosing, such as Windows, in their workplace.

The problem with overly castigating the statement or phrasing it as “totally false” is that the general user may infer that all software is equally safe to run, which simply isn’t true in the majority of computing environments.

Many computer users now have the choice of using operating systems (MacOS or Linux, notably) where that law is true only for some users.

Now, I do agree with the point you are making as well, that the assertion is hardly a “immutable law”. My point is merely that in practice the statement is entirely true for the vast majority of computer users, and that if people tended to abide by that “law” then the number of security incidences would be much lower than it is now. This isn’t the same as the computers really being more secure…and there is a fine line between getting people to adhere to a principle because it is currently necessary and having them believe that it is inherently necessary/unavoidable…but at the moment general computer users would be safer if they believed this fiction.