I just had a thought.
I was reading through “Intrustion detectors in dom0”, and had an idea.
A watchdog that monitors all VMs for certain commands, file types, actions, etc., and then alerts the user “Should you really be doing this in this VM? Wouldn’t it be better in <VM-name>? Would you still like to proceed?”
It might help mitigate cross-contamination of AppVMs (for example, just using whatever web browser is currently open and on-screen), and prevent people from “self-pwning” from complacency. I could see this being particularly beneficial for new users to Qubes OS (but potentially infuriating for experienced users, though).
I haven’t thought it through fully, but I thought I’d just throw it out there…