Look at Steam. Look at the various un*x package managers. They don't have this problem. When I install/update a game through Steam I don't have to worry about crapware (besides steam itself, but that's an other issue).
It would be a huge win for Microsoft IMO, better user experience, software updated automatically for better security, less chance to spread a virus etc...
I'm not advocating a walled garden, I'm advocating a fenced garden you can leave at any moment if you need to and you know what you're doing. Best of both worlds IMO.
It would also simplify the work of the devs, because right now most windows applications feature a custom and non-standard way to check and download updates. Or worse, they don't check, making sure that virtually nobody updates them ever.
As for 3rd party curated stores, we don't need to look beyond Adblock whitelisting Google ads to see where that's headed. Once any 3rd party store reaches critical mass, dollar signs start showing up and it won't be long before "official" weeds begin to creep into the 3rd party garden.
It might be possible for the EFF or a related body to step in and mandate that before installing a toolbar/extension browsers run a check against a Web Of Trust (WOT)-like decentralized system gathering ratings from actual users for all toolbars and extensions. This is a long-term play, one that is unlikely to come to fruition given the massive amount of co-ordination necessary for relatively little payoff.
Realistically, it's up to the users to get savvy. People get ripped off all the time in the real world and no one has managed to put a stop on that, why expect anything different from the virtual world.
Edit: I just had an epiphany in the shower that leads me to believe I closed off the discussion too soon. My initial thinking was that since this was a social engineering issue a technological solution was impossible. It took a hot shower to remind me that we have solved a similar issue with technology before; we know this as "Parental Controls".
Adopting a similar system for naive users has huge benefits — the control remains in userland instead of in the hands of a 3rd party which means its scalable (new users can begin using it right away instead of waiting/hoping a 3rd party would approve) and specific (opt-in/opt-out remains a choice of the user, so savvy users remain unaffected by the needs of the naive).
It works via a browser setting that a savvy relative can turn ON for the user. Once turned ON, all extensions and plugins including toolbars are blocked. Savvy user can whitelist some extensions etc during setup. Problem solved.
We can call this system "Special Controls", which I think is the best name that describes the purpose of the feature without offending the sensibilities of the user.
Note that most Ubisoft titles on Steam currently just install and launch UPlay instead of actually running the game through Steam. This is despite the fact that in the past having UPlay installed exposed you to remote code execution vulnerabilities.
