What if they made a kernal that could not be compromised and tools to say exactly what is not a windows component and have people white list background workers.
There is process explorer but make dependencies to the application not always on data thieves.
The “guy at the top” is almost always worthless to operations I am sure terrorists operate similar to corporate.