'app sandboxing' is one part, of a small part, of a subsection of a general thread model, why would you pick that when you talk about 'secure'? And LOL no, Linux has SELinux, apparmor, firejail, flatpak, snap, docker, lxc, and various hypervisors for 'app sandboxing', Linux does not have 'basically none', it has arguably to many.
oDot|2 years ago
jraph|2 years ago
On Linux, the default config is you install most programs from the "trusted" distribution's repositories. Flatpaks and Snaps are increasingly used for apps that are not in the repository. They are not perfect, but they are improving.
I don't know how it works for macOS. You'd download a program image but I don't know what the program can do and if there's a sandbox.