This seems like a start, but just marking applications as "trusted" doesn't cut it. We need real rules like each program can only access its own installation folder, its own user data folder, and any folders the user has explicitly granted access to for that program.
I may "trust" a video editing app, for example, so I can access my raw content folders. It should still be completely impossible for that process (or any spawned from it) to access my browser session information in case of an RCE from loading a malicious video.
I may "trust" a video editing app, for example, so I can access my raw content folders. It should still be completely impossible for that process (or any spawned from it) to access my browser session information in case of an RCE from loading a malicious video.