All of the major operating systems in use to day adopt the unix-y model of multiple users, isolated from one another. Who cares if a user program does something stupid and nukes a document? That's their problem, the other users are fine. Well, at some point we decided that personal computers needed Real Operating Systems(tm) too, so memory protection and multiple user support is to be expected. A vanilla OSX, Linux, or Windows install has several user accounts, a number of which are for various background services. Hey nifty idea - if you give a process like Apache its own user account, it's a bit more isolated! That's kind of nice. But Firefox has _my_ privileges. Pidgin has my privs. Hell, that windows app I'm running in Wine has my privs. A process is the user running it, huh...that doesn't make sense on the desktop.
Grandma should be able to run Conficker.exe and punch every monkey that she sees. The fact that a process can access my personal files (without going through a privileged file chooser) or intercept keystrokes, or just about anything else.
Processes aren't their users. We need to protect users from processes as much as users from each other.
It's a fucking sad state of affairs. Is our solution really to keep using virus scanners and bitch online about stupid non-expert users clicking things or plugging in a network cable? Are we going to keep hiding behind some cop-out biology analogy of an 'immune system' instead of fixing a fundamentally broken security model?