Most things would be trivial to bypass. Lock down everything so only microb can make outgoing port 80 connections? To counter, bad person does this:

Only install apps from trusted sources - and you must define for yourself what is trusted, which may be nothing at all.