I get what you're saying, but OS vendors could prevent themselves from running arbitrary code, even from themselves, without the user's authorization if they really wanted to. I'm not sure it is in anyone's best interest since it would affect everything from security updates to automatically installing device drivers (e.g. people would be left with insecure systems or would claim Windows is broken since most would not understand the prompts). It would also be difficult to prevent Microsoft's marketing department from sneaking a trojan horse into things like security update.

Holds for Apple devices just as well.

I mean, the free software community has been saying this for 40 years now.

Probably influenced by the Microsoft history of sneaky things over last 45 years

What are you talking about? It's my machine. I authorized the running of certain kinds of software from Microsoft. It's not supposed to be a running authorization for them to reach in and do whatever they want on it.