In hindsight I have to admit that Ctrl-Alt-Delete of Windows is a good idea. I propose a variant of this:
Introduce some scary red extra button with a key or locker symbol on it which can't be intercepted by applications or by root applications. When the OS needs authorisation, the user is prompted to hit that button, then a truly modal authentication prompt appears which is only dismissed by a second hit of that button or turning off the system.
This system could use different ways of authentication than by passwords.
Additionally users should be trained in only using this way of authentication and no others. The OS offers a secure API to invoke authentication, so that browsers also can use this for web apps. The prompt will look different and display additional information like «Application X wants to do Z», etc.
Introduce some scary red extra button with a key or locker symbol on it which can't be intercepted by applications or by root applications. When the OS needs authorisation, the user is prompted to hit that button, then a truly modal authentication prompt appears which is only dismissed by a second hit of that button or turning off the system.
This system could use different ways of authentication than by passwords.
Additionally users should be trained in only using this way of authentication and no others. The OS offers a secure API to invoke authentication, so that browsers also can use this for web apps. The prompt will look different and display additional information like «Application X wants to do Z», etc.
Edit: some more thoughts and clarification.