Defense in Depth...
The main problem here is a lack of awareness, understanding and application of defense in depth strategy by home users.
Of course you need AV, you always will need AV, but AV alone is not enough to protect you, you need a good firewall, not some $99 special you picked up at the big box store because someone told you you needed one and just plugged it in with default settings, a real one properly configured. In addition you still need HIDS, content filtering, and all the other things corporate users have ad a lot of common sense.
I see this as an attempt at application white listing, pure and simple. Quite frankly if more companies take this approach and control what can be run on their machines it makes it much more difficult to compromise the systems though traditional means and maintain persistence control for any period of time. Drives the pen testers crazy when done right.
Now the use of certs is good, but the problem here is they will only be as secure as the certs themselves, if developers share certs or a disgruntled employee signs his malware with a legitimate cert it will still get though the wall. That's why you need other defenses, if one or two fail hopeful the third or forth layer protects you, in security parlance it's called Defense in Depth, in layman's terms don't put all your eggs in one basket.
There is no silver bullet to security, but this is a step in the right direction IMHO.