We're still just designing systems wrong.
Programs running against your consent:
Whitelisting (available on Windows, by the way, if you run domains... it's called Software Restrictions Policy). Task managers that cannot be overrode, and which INSTANTLY KILL PROCESSES WITHOUT GIVING THEM A CHANCE TO RESPOND. A single, solitary lists of programs that run at startup / specified times, that is definitive and none of this "Is it in all users? Is it a scheduled task? Does it run from the registry entries? Is it a service?" nonsense. You want a program to run other than when a user executes it? You need to be in the list, saying when - startup, every hour, all the time in the background, etc. - and then we ask the user about that, And, no, programs do NOT get to modify the list. And users can just delete your entry from that list at any time. P.S. One entry per executable.
Programs encrypting all your files:
Containerisation, overlay filesystems and copy-on-write to files they use (and why is your game trying to open your work email folder?) rather than just blanket filesystem access for everything. Permissioning stops this but nobody uses it properly. And why are programs given access to everything that isn't permissioned off by default? Literally, every program running as it's own user (application_program_name) who has ZERO ACCESS until it's granted. And No To All, or "Uninstall this application" on all related permission request dialogs.
Programs deleting data:
Shadow copies / snapshots. Why are they not enabled by default on all computers, and why are they deletable? Literally just set every machine to fill up its disk with "backups" and only remove them when there's no space left (and count them as "free space" in all statistics so users don't panic). The average user would be able to have months of automatic backups, literally every time the PC was turned on or logged into, rather than the occasional System Restore from when they last installed updates.
Programs running without your consent:
Stop the ability to replace task managers, etc. One-click kill of program (Task manager is inherently inferior to, say, Comodo KillSwitch or SysInternals Process Explorer in this regard, too.). A "kill and don't allow children to spawn" option, too. No hiding of program names. No running as "system". A safe mode that damn well works and isn't just a cut-down version of the exact same OS with the same system paths, programs isntalled, etc. Hell, what's wrong with a "System Maintenance Mode" in which you can install programs but not run them, and a "System Operation Mode" in which you can run installed programs but not install them?
Programs being difficult to remove:
One-click removal of entire container for each program. Every file, every setting, every hidden DLL, gone. Literally, nothing gets installed as a "program", they are all just containers that fake access via overlays and layers to make each program think it's installed in C:\OldProgram, accessing the main registry or whatever and actually it's just a mini-copy that gets overlaid. Windows registry pretty much already has this functionality. When you delete the container, all its effects - including startup entries and registry entries and filesystem modifications are gone.
We just don't know how to make an OS for the modern world where things aren't trusted. Even Linux makes you set up the above manually for the most part.
Rather than design a system that lets users run riot but makes administration almost impossible, and tells the users to never set a foot wrong, lets jump to the assumption that the user is an idiot and will do dangerous things all the time, and give them - and admins - a way to undo their actions and contain them. And give admins an easy way to stop anything they like. Literally "That's it, that's the list of programs I will allow. Nothing else can ever run.". Yes, we have bits and bobs of that functionality but it's NOWHERE NEAR the default.
Biting the hand that feeds IT
