Re: "If they don't match, then an exception is raised..."
"This is where I begin to wonder, if the part above can be borked by a 2-pronged attack...??? Hackers first find a loophole in the 'shadow watcher' and tackle that (sidestep CET)."
To do that, they'd have to find a hardware exploit since they're talking about something directly in the CPU.
"Zooming out to macro level for a sec... The Bangladesh-Swift Sony hackers, intercepted the return confirm and manipulated that to make it seem like the transfers were legit (hence no exception thrown). Could the same happen here?"
Only again by a hardware exploit since that would involve intercepting a memory bus, something much harder to do than a network or device bus.
"What I'd like to see is a hardware based LOCK system to prevent any manipulation of code whether its on hard-drive or in memory. The whole idea of self-modifying code is a disaster anyway. But Imagine code that was fixed like an original DVD. That's how it should be from disk to memory. Data on disk should be separated from code permanently and at a hardware level, so any weakness in OS can't be exploited."
You're calling for a Harvard architecture. But much as you hate self-modifying code, it's essential in certain restricted environments or those where speed is essential. Without the idea that code is data and data is code, you couldn't have things like a JIT compiler, for example.
"The process of installing apps i.e. pressing a fixed DVD, would need to be a special process. You don't want it to be cumbersome for users but it also can't continue down the path of silent installs."
Problem here is that you run into an Unhappy Medium. Since Users are Stupid (and You Can't Fix Stupid), there's a need for silent installs of mission-critical stuff like security patches. Meaning you have an overlap where NO ONE is happy.
"But if a program wanted to install itself or update code, I'd like to think that the user would be forced to do something physical like insert a master USB key / turn a physical key, something eternal, so that users better appreciate that what we have right now with UAC is oversight done by painting in water."
And then people just lose their keys and complain.