Try explaining how and when(!) to use this to your HR department, then tell me it's not fancy tech.

"My spreadsheet won't open" 'don't use sandbox for that' "But you said every file I downloaded" 'no, only exe'

"I opened the PDF exe, edited it, now it's gone" 'self-extracting zips from our payroll system are fine'

So right... this is clearly a "PRO" feature. For normal users the by far better solution is still: Do not install any EXE from unknown sources. Or even better: Do not install anything new in the first place.

Not that I disagree with what you're saying per se, since it really is the simplest option, but as technologists we really need to get over this idea that people shouldn't be allowed to actually use a computer to do computer stuff. Mobile OSs got it pretty close to right: self-contained applications that are sandboxed by default. We need to embrace that concept in personal desktop computers, only without the stupid store (and that includes a package manager) and with complete disk portability of the applications. Basically, the way desktop computer OSs worked in the 90s, only with sandboxing by default.