So this virtual kiosk is a virtualized enviroment.... that cleans itself on restart? If so, isn't it exactly like CIS manual sandbox, maybe just enchanced (complete virtualization)? I mean isn't right-click menu item "run in sandbox" will do the same, kinda like sandboxie?
Or maybe it's kinda like a giant sandbox "entry point" if you will? Like right now, when CIS detects unsigned installer there is an option to launch it in sandbox, so after it installed in a sandbox you can launch this kiosk thing and the installed program will be there, along with other programs you chose to run in sandbox manually. So you can start those programs there "safely" to check them out, "uninstall" or remove them from the sandbox (without deleting entire sandbox) and maybe even "transfer" them to the real system after you conclude that program is safe. That would be great idea I think. Add some external controls, like wipe the sandbox, remove specific programs from sandbox without starting actual kiosk, place those controls on Defence+ tab, or maybe brand new Virtual kiosk tab in CIS6, and I think that will be pretty sweet system.