It's probably one of those questions that, after I have thought about the answer, will feel stupid for having asked it. But why can't o.s. designers make a program that knows exactly what is supposed to be there and when something foreign is detected, quarantines it with digital t-cells? Let's say I have an encrypted password to use anytime I download something or copy from outside storage. A program that halts all traffic when a foreign packet comes in locking the user out while demanding payment or blue-screening or anything that is not normal behavior for windows. In other words, it detects, it stops/blocks, it analyses and reviews what came in and from where, it blocks the site, it then proceeds to extract the pathogen putting the computer back in good health. The site is auto added to a black list and the computer refuses to go there until the user manually takes the site out of the POISON list. Also the program could, in the future, alert to the smallest bit of contiguous known "poison" code and react accordingly. Etc and whatever.
Obviously there are reasons that this will not work or someone would have done it by now. If anyone would like to take a shot at explaining why some form of limited mimicking of biological immune functions could not work with a computer, I'd appreciate it.