I had similar ideas in mind since some time. My idea was to split system32 into two folders. One system-specific part and an user folder, where all apps slap their DLLs into. The system-specific part would be under complete control of the OS, applications incl. the administrator would only have read-only access, whereas Microsoft signed patchers and all could write to it. Naturally should there be a special case for the admin, to allow him read-write access on request.

Preferably that scheme should apply to everywhere, including the registry, services and what not. In addition to promote some more security, cleaning up an installation could be reduced to something like "rmdir \windows\user_* /s".

Too bad this will be next to impossible to implement (in a timely fashion and without breaking compatibility here and there)