I don't understand why desktop operating systems still don't ship with mobile style sandboxing. It would be so darn useful to restrict applications from using filesystem, or have access to only certain folders, or restrict them from internet access.
I recently wanted to install a crypto currency wallet on my linux machine but I was terrified of the fact that every single software on my machine can access the whole of filesystem and can easily steal keys to the wallet. Eventually decided it's just not worth the constant worrying.
in this case it’s a kernel driver that interacts as an HID with every application. it also loads app specific macros so it needs to know WHAT app is running.
You have several options for that in the F/LOSS world: Linux containers, BSD jails, Qubes OS, or plain old VMs, etc. As with anything on these platforms you're free to pick your tool of choice.
On Windows there are also a few options, Sandboxie being the best one IME. It's open source now as well, though the quality and stability have taken a hit. And there's Windows Sandbox, which has been shipping since Windows 10.
I'm glad users can still make a choice on desktop OSs. As great as app isolation is on mobile devices, there's little from that ecosystem I would want on desktop. Even though OS manufacturers are desperately trying to merge the two...
I recently wanted to install a crypto currency wallet on my linux machine but I was terrified of the fact that every single software on my machine can access the whole of filesystem and can easily steal keys to the wallet. Eventually decided it's just not worth the constant worrying.