Thanks for your comment. SELinux and AppArmour don't do exactly what I commenting, those tools are more or less homologous to create users with different permissions for each application. RSBAC kernel extension would get closer, but not enough.

I really consider a need the system I commented, remarking process injections active supervision and internet access control, so I've been searching along one year or so for it. And I am afraid it does not exists, kernel modification is necessary for to obtain it, so the derived tools doesn't exist.

I guess the same way it does not exist something like SystemInformer(ProcessHacker) or Sysinternals' ProcessExplorer and Procmon (I talk about the advanced features, libs tracking/search, etc, not just show a process list). I mean, the philosophy about "my system could be infected" lets try to look whats going on.

>users are pretty quickly seduced to just allow everything

Certainly. In my case it requires a routine and a desire to follow it. Maybe I should have used the word advanced desktop user.