Interesting case study; see the full article for more details
Krstic's system, known as the BitFrost platform, has only one user prompt (turning on the camera) and imposes limits on every program's powers. Under BitFrost, every program runs in its own virtual machine with a limited set of permissions. Thus a picture viewer can't access the web, so even if a hacker comes up with an exploit that lets him control the program, he couldn't use it to grab all the photos on the laptop and upload them to the internet.
"Applications can no longer run rampant," Krstic said. "Spyware becomes very, very hard. It can't spy on the keyboard. You can only spy on how a user uses their program."