needs root/admin accesss to perform it
And that is very difficult to achieve, isn't it? :)
Asking Microsoft to be secure is like asking your local bakery to do your IT. Come to think of it, they may do a better job.
With admin access you could just add your own signature, of course, but I guess that's the one thing $corporate will watch by way of simple host intrusion detection.