Here is an idea:
Every program needs to chose a "category", what kind of program it is - browser, text editor, game, whatever. There should be predefined categories in Visual Studio. Programs can have more than one category, Openoffice for example is more than just a text editor.
The end user should see what categories a program has.
If a program wants to do something, that is not according to it's category, there should be warning - UAC like prompt- "this program wants to do an action, which is not according to its category. Allow?"
As example, if a text editor wants to write into Windows\Currentversion\run or wants to execute CreateRemoteThread. Why should legit a text editor do something like that? The difference to the current UAC would be, that warnings would appear, that are not legit for a specific category. Currently it's possible that any medium IL application can write into the local autostart folder, but it would be not possible for a text editor category program to write into autostart.
Some functions should be blocked out completely to some program categories.
Of course, something like this is insanely difficult for the end user, because he should be able to know what a category means at the end. A malicious program could have a text editor category and a system tool category; while the user sees only the texteditor, the program rapes the registry in the background. So the user himself must know that he can only trust text editors, which have the text editor+html editor category, but not the system tool category.
Since the system needs a knowledgable user, it's pretty useless at the end.. well.. At least I had an idea.
WindowsClient: New WPF Showcase Addition: Enterprise
TechNet Edge: Windows Server 2008 R2 : New Power Management Features
