On Linux, something I find very annoying with apt-get is that everything goes into a single /usr hierarchy, rather than having multiple ones and overlaying. Right now, it is a hack at best to do stuff like this. But serious thought, on all OSs, needs to be given to the following:
The point is to make the core of the OS read-only at runtime, preferably read-only at a hardware level (that is, install the OS on a small SSD which even the kernel cannot write to during normal running, and which delegates what configuration settings can be overridden from the writable portion of the files).
Essentially the 'principle of least privilege' is something that OS designers need to give far more serious thought to, and also what privileges are actually needed during normal runtime. Updating the core OS should be done from a 'secondary OS' whose only purpose is updating the core OS, and is restricted in its nature so as to only be able to do this. (The ideal place for this is in PC firmware, where one should use the firmware to install the base OS, and once booted, the base OS is effectively immutable.)
(Yes, this is basically a coarse capability-based security system, partially enforced in hardware, in a way which leaves users in control.)