I agree with that on the principle that it's a nice thing to have if it's optional. And amazingly enough, Windows 10 actually does have that: http://i.imgur.com/XV4Hpwd.png
It depends on how this is implemented. Is it enforced on a kernel level? What if some application, like browser or email client still allows starting an unsigned .exe file? Is Windows Store protected from publishing malware? Is there real privilege and access separation for different apps?
