Access to kernel mode on Windows is already pretty restricted as it is. As far as I understand, you either have to run your whole machine in a special "Test Mode" or have a specific kind of (expensive) code signing certificate.
But beyond that, I don't see how "more restriction" == "more control for the user"
But beyond that, I don't see how "more restriction" == "more control for the user"