Why do you need a JIT? JIT's are only required when you
want to run the binary for the first time. They are important for java because you want to be able to download your code and then execute it immediately and not wait a few minutes while it's recompiled. If your going to 'install' an application you could have
some program that goes through
and takes your VM code and recompiles it for the
target platform. This recompiler would of course be
platform specific, but thats ok - it came with the platform
anyway, and updating the recompiler would work for *all*
applications. You could also have your runtime write out
profiling information and later do a second recompilation
step to further optimise your code, maybe have a 3am cron session to choose a series of binaries and reoptimise them.
Another approach which email clients have taken under unix (and in particular Linux), is to use a 'mailcap' which has the associations of mime-type to application. This is seperate to your 'usual' associations and only contains applications which are 'safe' to run, a mp3 player, a picture viewer etc. The Microsoft model falls down because it uses the same associations as the 'desktop', so things that are "safe" to do on the desktop (run a trusted visual basic script) is concidered "safe" to do in email. By having a distinction between the two under unix much more saftey is gained. If a file is not in 'mailcap' then the only option that the mail agent can provide is 'save' as it doesn't (and shouldn't) know anything else about the file.
Capibilities should also help as a 'mailagent' can drop all of it's capibilities before it runs an external program.