Maybe there's someone high up in Microsoft that thinks that free as in freedom software means every thread is entitled to a right to totally control it's environment.
I'll believe it when they provide a windows SKU that gives home and small businesses a best practice system without needing 6 months study, trial and error of MDT2013.
Don't think that there are any 3rd parties that offer this either.
Will they separate the NTFS "deny execute" from the "traverse folder" permission, add a no-exec flag?
Partitioning of file system and memory, so windows system, windows system temp, applications, applications temp, users, users temp, and the registry for each are not one blob that developers do not have the knowledge to filter? Maybe each user and each application should have to get it's own virtual sub-partition to ease the antivirus' job of looking for suspicious behaviour. And a queue for moving from one to another. Like OS-X "drag to Applications folder" procedure that everyone seems to manage.
Microsoft Exchange Online Protection, and outlook 2013, in default behaviour, allows zipped exe, scr to sail right through. (these are not password protected zips, which might be excused).
Home users and small businesses nearly need a second machine / tablet to vet all the internet facing stuff before trusting an antivirus protected windows installation to touch it,
Can Internet facing IE, Chrome, Adobe, Java, .NET be run in a single machine VDI that is more responsive and lightweight than Hyper-V? Pushing IE Edge to everyone including older OS might be a start.