C was bad programming language from start, trough bad implementation and low dependability as to how long is Long or how long is Short, only thing being certain that Short is shorter than Long. To ask developer to write something resembling Rootkit is insane, and leftover from times MS employed hackers who suceed to crash WINDOWS. That is where all problams started, at MS. Nowadays any good high level language compiler should produce effective machine code, unless it is also full of bugs because it is written in C.
Problem of OS security is false one, as there would be enough that OS restrict execution on catalogued programs, that is ones installed by owner of computer. Any code imported from outside should be able to access only data choosen by computer owner as input, if input is not manual and files or databases are required. Server executed code is responsibility of server, just as all CGI scripts and HTML code. Before executing codes imported from outside, OS has to check them for subversive operations such as access of system files, and originator of such subversive codes warned and blacklisted for Internet use. Data about installed programs could be cryptographed with strongest coding so nobody from outside would be able to add their program to this list.
End of problems!