Re: It'd be nice to have a system...
"The vulnerable applications should be virtualised, in their own bubble where they don't ooze all over the operating system core and registry, nor other applications, and interaction with the file system / network is through an application specific proxy that looks for unusual patterns of traffic."
Then they just attack the proxy or slip something through that the proxy doesn't detect. Why do you think sandboxes are so last season? Pretty sure a VM escape exploit will be coming soon.