Yes; they can do what they're doing now, but drop the scary language. Scaring users with non-specific threatening language does not enlighten them.
Since it's almost unheard-of for malware to be signed with a legitimate, unrevoked certificate, they could also afford to give signed executables much greater leeway when deciding what to report to the user. People seem to be assuming that signing the .exe is enough to keep the dire warnings from appearing. That is not the case, or at least it wasn't the case a few months ago.
Finally, they can provide a standardized method for whitelisting URLs (and not individual executables) instead of what they're doing now, which is apparently nothing.
They are giving signed EXEs much greater leeway, since the publishers is verified by a CA, providing a secure base on which the publisher's reputation is determined.
Since it's almost unheard-of for malware to be signed with a legitimate, unrevoked certificate, they could also afford to give signed executables much greater leeway when deciding what to report to the user. People seem to be assuming that signing the .exe is enough to keep the dire warnings from appearing. That is not the case, or at least it wasn't the case a few months ago.
Finally, they can provide a standardized method for whitelisting URLs (and not individual executables) instead of what they're doing now, which is apparently nothing.