Sheesh. Running as root; what do you propose to stop a process running as root? Kernel-space or hardware only. And kernel-space is hard, since you can flash the kernel and reboot the device as root. Windows firewalls are not as effective as you might think, when applied to a system with a real security system, but with a crazy nut installing random things. In Windows, many applications can be installed without administrative privileges. (Which is not the way to go; even if trojans can't automatically get root, they can still compromise privacy, destroy data, and use exploits (local exploits, of course) to get root.) A port of Windows firewall would not be any better.
Sandbox execution, otoh, can make doing some things bloody near impossible. It works great for daemons with narrowly defined jobs; it works great for nice little applications. It doesn't work for, say, updating the kernel, or anything else outside the sandboxes. So unless you want to completely close the package management system, or require only Nokia signed OS packages, you're still in the same mess.

The trouble is giving a (clueless) user root, even for the limited purpose of installing packages. There's nothing that can (or should) stop a determined sysadmin from hosing a system, or a careless one from doing it by accident.