[the_af]

Unfortunately I think the option you propose (sandboxing) is unreasonable for most users. A lot of the software you want to run (e.g. games, but also lots of special software, including apps/experiments featured on HN) is not available as part of your distro. It's unreasonable to expect end users to sandbox everything just in case.

It may be the only think that works, but it's also an unreasonable expectation. In practice, this makes it a non-solution. A security solution must both work and be reasonably doable by most users.

[LarryMullins]

It doesn't have to be reasonable for most users. GNU/Linux in general isn't reasonable for most users.

[the_af]

But this problem isn't exclusive to Linux or Unix. It affects everyone using a computer (with the possible exception of mobiles that sandbox by default).

[Kamq]

Most users aren't on hacker news.

You should not confuse general wording, which is directed to people who read this website (by the fact that it's y'know posted here instead of somewhere else), with advice for the average person.

[the_af]

What percentage of HN readers do you guess sandbox every non-distro-packaged program by default? My guess: they probably are a minority even here, so it's a nonstarter for the general users population.

[Kamq]

> so it's a nonstarter for the general users population.

I agree. My point was that this point isn't important for a discussion on a niche site.