> The long-term end goal for Microsoft is to lock down Windows and force signed code
Defender already forces binaries to be signed by developers that spent money on certs from Microsoft-certified CAs.
Pull those certs, or don't use them at all, and 99.999% of users will not figure out how to run what they want, because the OS will trick them into thinking they're about to get owned by Russian hackers for just thinking about running something that wasn't blessed by Microsoft.
Defender already forces binaries to be signed by developers that spent money on certs from Microsoft-certified CAs.
Pull those certs, or don't use them at all, and 99.999% of users will not figure out how to run what they want, because the OS will trick them into thinking they're about to get owned by Russian hackers for just thinking about running something that wasn't blessed by Microsoft.