Microsoft has the exact same concept, they just operate from an allow first standpoint. The minwin kernel was completely rewritten, and sans loading rootkit-like software, you can't observe the kernel's memory ops.

If linux wasn't susceptible to the same types of insecurity, you wouldn't need Bastille.