The current Windows is too vulnerable! For example, the Windows can be damaged even if I just clicked an attached file in a email. The root reason is that all the applications(or exec files) inherit the total privilege from login user's !!!!! We can't define a privilege to some special apps. In the modern OS, the access management basing on application level(not user level) is much needed. As an network security engineer, I have been looking forward the function for many many years. As I know, the function has been supported by Linux group. The AppArmor and Selinux in Linux are a good method to achieve the OS's security. So, my suggestion as below: 1. The application level access lists can be supported. (Just like AppArmor, or Selinux) 2. In order to customers to use it, the default configuration as below: * Windows Kernel can access any folder and resource * Formally installed Application can access its home folder and privileged resource when it is installed. * Uninstalled Application or exec files, they only access an temporary folder. 3. Using a management tool, above access lists can be modified for every applications or exec files.