I know essentially nothing of the windows system API, but it would have to be implemented at that level.
The Microsoft hate would suggest they are restricting the permission system to Metro to encourage development to move towards Metro. It could also be that the underlying metro API is much easier to build a permission system for than the old windows one.
From what I've read though, these kinds of permission systems tend to only be a barrier. Sandboxes seem to always have some exploits. It would certainly be an improvement though.
With regards to file-systems, a simple linux based file-ownership model would do essentially the same.
Windows already supports sandboxing old api applications, through something called AppContainer:
> Isolation is the primary goal of an AppContainer execution environment. By isolating an application from unneeded resources and other applications, opportunities for malicious manipulation are minimized. Granting access based upon least-privilege prevents applications and users from accessing resources beyond their rights.
I'm not sure why this is not really used. Maybe requires some recoding from the original developer, maybe it's too inconvenient and creates frustration for users.
Even with file systems permissions, there are a lot of problems. For example, a transcoding app like Handbrake should be allowed access to users files, but ideally it would only be able to access VIDEO files. Any attempt at reading any other kind of file (source code, text files, password stores) should be forbidden. This requires a very expressive permissioning system.
The Microsoft hate would suggest they are restricting the permission system to Metro to encourage development to move towards Metro. It could also be that the underlying metro API is much easier to build a permission system for than the old windows one.
From what I've read though, these kinds of permission systems tend to only be a barrier. Sandboxes seem to always have some exploits. It would certainly be an improvement though.
With regards to file-systems, a simple linux based file-ownership model would do essentially the same.