At the recent USENIX 7th Symposium on Operating Systems Design and Implementation, Stanford University student Nickolai Zeldovich presented his HiStar operating system, which he says goes a long way toward eliminating the "untrustworthy code" problem that results in increased malware and more leaks of private data.
This rather technical piece from Exduco.net explains Zeldovich's approach. The UNIX-based OS kernel is limited to 17,000 lines of code so that changes -- unauthorized or otherwise -- can be spotted quickly. (By contrast, the story points out, the Linux kernel is nearly 7 million lines of code.) The kernel, then, is viewed as "trusted." The remaining components of the system, as well as the programs that are running on it, are labeled according to their respective levels of "taint." What the programs and components are allowed to do with what information is then restricted according to how "tainted" or "trusted" they are. The Exduco.net writer uses the apt analogy of a tanker truck being rated to haul certain materials to explain the concept of "taint."
The developers acknowledge that the very young HiStar system still has weak links (complicated administration, for one), but businesses with high security requirements may want to keep an eye on how HiStar evolves.