[minikites]

Is there a better way to prevent malware than a pretty basic review process (iOS/Mac App Store) and data sandboxing?

And to continue the car analogy, lots of car modifications are illegal for safety and public health (smog) reasons. I think computers are headed in the same direction in the next 40-50 years. The children of tomorrow will think it's absolutely bananas that we used to run unsigned code, because malware behaves much like pollution.

[ay1n]

I think sandboxing is a quite good solution, but it doesn't mean that you can't have a root access. Consider jails in FreeBSD, where you can isolate a single process but at the same time you have a control over whole system.

Your car analogy can provide insight into the consequences of a single insecure system in the network, but at the same time it's not valid when you consider that you can (should) control your systems and network if it has to fit your needs.