New
#81
Microsoft considered a general whitelist, but they rejected it because they had several scenarios where it could be abused.
Linux does many things that wouldn't fly with Windows because Linux can assume it's users are highly technical, and know what is and isn't correct to execute. The requirements to chmod files as executable, for instance, is one of the hoops a user has to jump through to enable malware.
This is fine security, but doesn't fly with less experienced users. Microsoft choose to only whitelist system apps that ship with the OS, and even then not all of them are white listed. Only common use ones (like changing the time of day). You'll notice that Microsoft doesn't whitelist Office, or any other tools that don't ship with the OS, even ones they write.
The problem with a whitelist is that it gives developers yet another excuse to avoid updating their software to conform to the guidelines. A developer will say "Just whitelist it, and we don't have to do anything".
The only way software will become more secure is if developers starting writing more secure software. Continuing to coddle them, and add hacks to the system to allow them to work properly just continues the mess that Windows has been in for decades.