The problem as simply as I can restate it is that users with the power to do what they want will also do bad things unintentionally even if they have to work at it.
Bunnies Happen!What if the UAC was not activated for tasks, but rather for activity along with the risk it exposes the user to. With ZoneAlarm (which I used to recommend) you get a learning phase and then an alarm for unusual network activity. The same thing could be applied to every file access and the parameters of normal interaction based on internet collected data. I imagine a whitelist sandbox OS where any application can be downloaded and installed, but the system would allow a sandboxed image of the installation and when completed, it would download information about the application, instances of immediate uninstall, instances of virus flagging and potential interactions. Something along the lines of
Choosing to discard would remove and delete the system snapshot. Choosing to activate would result in the user running in an instance of the system which would be using a differencing snapshot image. Choosing to activate permanently would discard the differencing snapshot and make the changes permanent.
Two of the actions described are already basically available with varying methods, but I've never seen them brought together into a single system. Microsoft's virtual server seems to (I'm almost certain) do differencing snapshots as described here. Jotti uses multiple scanning tools to identify the AV systems that flag a file as a virus. The third major component, (tracking the usage, acceptance and rejection of software) would become available through the vendor tracking databases which mostly already exist if not in this exact form. Recognising what an application would be capable of would require a robust sandboxing system, which I realise is a challenge but don't think is insurmountable one.
The Dancing Bunnies Problem
What's the dancing bunnies problem?
It's a description of what happens when a user receives an email message that says "click here to see the dancing bunnies".
The user wants to see the dancing bunnies, so they click there. It
doesn't matter how much you try to disuade them, if they want to see the
dancing bunnies, then by gum, they're going to see the dancing bunnies.
It doesn't matter how many technical hurdles you put in their way, if
they stop the user from seeing the dancing bunny, then they're going to
go and see the dancing bunny.