[aerzen]

I think the core of problem here is that applications are not isolated on the OS level.

If I download and install a mod for minecraft, it should never have access to anything on my computer, except for the minecraft game files itself. If I open a spreadsheet in Excel, the excel process should have access only to that file and it's own config files.

Something similar to how android works, were the app has to explicitly ask the user to access their files.

[kevindamm]

You're describing Qubes, which is great but I found it tedious to use as a daily driver.

[literalAardvark]

The other general purpose sandboxes are just as valid. Which is why all modern OS are moving towards them ( apk, appx, whatever OSX does)

Yes, qubes is harder, but it's also very niche, barely supported, and difficult to use.

There's really a lot of middle ground "any application can do whatever on your system as the user running it" and "any application runs in a separate OS with no rights and just 120 lines of hardened hypervisor code in common.

[pixl97]

>If I open a spreadsheet in Excel, the excel process should have access only to that file and it's own config files.

So ya, you've just broken a thousand enterprise application and integrations.