What you suggest is either impossible, extremely undesirable, or both, assuming that by "they" you mean Microsoft.
For them to prevent certain classes of applications from running, without special knowledge, would require a kind of analysis similar in nature to solving the halting problem - a problem well known to be unsolvable.
Then the course of action is to require applications requiring root privileges to be signed by Microsoft, essentially making Windows a closed platform for developers. Furthermore, any applications they sign would have to be bullet-proof, getting back to the halting problem.
It is not impossible, in fact it is very possible.
Microsoft would have to create a flag so that programmers can set it to tell the system that it is a security related program and thus should be allowed to execute under the admin account. There is no microsoft involvement there except that they have to create a flag in the API. Not impossibly hard to them do.
With that in mind, I don't see how this is impossible. I didn't say we could completely prevent attacks, just make them a hell of a lot harder.
I am assuming however that the user that knows how to get in and use the admin account is not a complete retard. If they are and do execute a virus as admin, then they are retarded and deserve to pay me to fix their computer.
Yes, I run a computer business. So offering this could hurt me in the long run, but I hate seeing all the pings and scans and attacks against my firewall everyday. Something needs to be done.