(no title)

Those are policy decisions not really connected to the sandboxing technology. They control what sort of signing the system will accept and make it so that it only runs things they approve, and they only approve things that are sandboxed a certain way. The exact same sandboxing could be used with a system where an admin user can decide what gets to run and what kind of sandboxing is required for each thing.

No, Windows has consistently been ahead of Linux for many years in terms of average-user desktop security, from binary hardening to designs like secure desktop, because average Windows users do not typically have curated software selections, so you assume the worst. (When I wrote the original "binary hardening via compiler flags" RFC for NixOS over 10 years ago, almost everything in it was already done on Windows and had been for years.) It's still not ideal; macOS takes it even further and actually allows things like "storing secrets on disk in a way that can't be read by random programs" because it can e.g. make policy decisions based on code signatures, which are widely deployed. None of this exists in pretty much any Linux distro; you can literally just impersonate password prompts, simply override 'sudo' in a user's shell to capture their password silently, copy every file in $HOME/.config to your evil server, setuid by its very definition is an absolute atrocity, etc. Linux distros make it easy for people to live in their own chosen curated software set, but the security calculus changes when people want to run arbitrary and non-curated software.

You can make a pretty reasonably secure Linux server by doing your homework, it's nowhere close to impossible. An extremely secure server also requires a bit of hardware homework. The Linux desktop, however, is woefully behind macOS and Windows in terms of security by a pretty large margin, and most of it is by design.

(In theory you can probably bolt a macOS-like system onto Linux using tools like SCM_RIGHTS/pidfds/code signatures, along with delegated privilege escalation, no setuid, signature-based policy mechanisms, etc. But there are a lot of cultural and software challenges to overcome to make it all widely usable.)

> Linux excels over Windows in the area of security by a wide margin

No, this is wrong but might be true if you are talking about Linux package manager vs. Random Windows .exe on internet. But if you are talking about Secure Boot, encrypted disk, sudo etc. Windows is more secure but it looks like https://amutable.com/ will make Linux more secure like Windows.

Edit: Some insecure things on Linux: Dbus (kwallet etc.), sudo, fprint, "secure boot".

And executable you run has access to any file in your home directory, including SSH private keys, secrets in config files, browser cookies, passkeys—all of it. That includes the thousands of npm modules installed as a transient dependency of at least one tool you use that brings node as a dependency.

Windows at least has a proper ACL system; on Linux it just takes a single compromised executable to loose everything.