That seems ≈impossible in a world where you're running arbitrary, Turing-complete code. A modern consumer machine can do so many different things—often a bunch at a time—that there is always a massive amount of space to hide bad behavior.

There might be some way to design a system from the ground up to avoid this problem (some kind of declarative, capability-based security?), but retrofitting that onto an existing behemoth of a system does not really work.