In the early days of multi-user OS security, applications were trusted because they were installed by the admin and users were untrusted.
Today, we have systems which are mostly single-user, but where the applications are incredibly untrustworthy. Hence the popularity of jails and app-store systems. You can't easily retrofit this on Windows because there is very little security between windows running on the same desktop, but what I think we'll end up with is each application having its own SID and a default-restricted view of the user profile.
But in this case it's a hostile OEM, and there really isn't much that can be done in software against that.
Today, we have systems which are mostly single-user, but where the applications are incredibly untrustworthy. Hence the popularity of jails and app-store systems. You can't easily retrofit this on Windows because there is very little security between windows running on the same desktop, but what I think we'll end up with is each application having its own SID and a default-restricted view of the user profile.
But in this case it's a hostile OEM, and there really isn't much that can be done in software against that.