Microsoft is moving to same security model as Android and iOS where individual applications request (and can be denied) permissions to do things. One example is triggering desktop notifications. If you get a notification you can see exactly which application sent it and then prevent that application from ever sending you another one.
What you get with JRE and Python in the Win9x days is that the executable is "java.exe" or "python.exe" which isn't helpful when the actual application is what is being run by these programs. Granting a permission to python.exe is not what you intend when you're wanting a notification from helloworld.py.
That would easily be solved with an API call that says "Hey, i'm helloworld.py". It wouldn't solve the sandboxing stuff, but TBH i do not see that working for desktop applications (in that the sandboxing wont be mandatory for backwards compatibility - the main reason people keep using Windows - and most desktop applications wont bother restricting themselves).
The whole effort reminds me of W3C doubling down on XHTML despite everyone else ignoring it (and it isn't like XHTML wasn't nice on paper, but real world has other concerns beyond doing some things the theoretically "right way").
> That would easily be solved with an API call that says "Hey, i'm helloworld.py".
That's what this is! "Hey, I'm helloworld.py and I'm a Python application". Just an API call isn't going to work because every application is potentially hostile.
Windows 10X is sandboxing Win32 application through a virtualization layer.
What you get with JRE and Python in the Win9x days is that the executable is "java.exe" or "python.exe" which isn't helpful when the actual application is what is being run by these programs. Granting a permission to python.exe is not what you intend when you're wanting a notification from helloworld.py.