[arthur2e5]

Oh no, it certainly helps grandmas and the one-per-classroom public computers (China, 2008-). You get all the USB sticks coming in and out, and before you know it you get that one obnoxious virus that hides all folders and replaces them with a .exe of the same name.

And yeah they do boot from a readonly C: with some magic to make it appear writable per session. But re-infection is quick, especially when you have extra writable data partitions.

[AnIdiotOnTheNet]

I think application whitelisting by signature is a better fit for that use case. If for some reason you are required to allow arbitrary applications then the malware protection is probably going to cause more problems than it solves anyway.