> You limit people's windows installations to only permit apps that utilize the newer permissions system, and they'll screech about wanting to install chrome. Microsoft's attempts throughout the years, like 10S indicate as much.

I don't think the 10S example works here at all - 10S was never locked down for security, it was locked down because it was for cheap devices to drive sales on the mandatory Microsoft Store software distribution - you get cheap Windows, it comes with software distribution strings attached was the deal offered with 10S effectively.

People hated having a crippled copy of Windows on their cheap computer understandably because app availability on the Microsoft Store was poor at that time (and still is today), whether it had security benefits wasn't the issue there - people just wanted to use their computers to run a Windows app and rightly got upset when 10S couldn't sometimes.

10S was arguably much more a product planning/marketing decision to offer cheap Windows PCs at ChromeBook price points, even if there were some security implications.

It works very well, because the Microsoft Store was trying to operate as other locked down stores do by enforcing better practices. Store apps used to have to use the new permissions system for example. 10S was locked down for security and even encouraged it after they dropped the cheap devices to help bolster secure environments on your own, Microsoft also benefited through control of the Store. They aren't mutually exclusive.

So yes, the security benefits is the issue. Once you impact people's ability to install Chrome and give it full permissions, they scream. 10S didn't allow this, and Google (just using them due to popularity and because they weren't trying to be malicious here either) didn't give a damn about adhering to the new app format's restrictions on permissions.

Sometimes you have to ignore what people want because the status quo does too much harm.

People objected to seatbelts in cars when they were introduced. Some people still do.

People object to EVs and don't believe that burning hydrocarbons is a problem.

We've mostly banned smoking in public places. A lot of bar and club owners thought that would kill their business, but it didn't.

We banned lead paint, despite the fact that it worked really well and covers just about anything without needing multiple coats.

It's easy to think of more examples.

Lead paint harmed a lot of innocent third parties, as did smoking near other people. Not sure I see the analogy.

When MacOS killed 32-bit libraries, it didn't save me from harm. It just made MacOS incapable of playing old steam games, and therefore my macbook air was no longer an acceptable laptop for vacations. I'm not saying it was a crime for Apple to change it -- OSes change. But it wasn't a benefit to me, and I took my business elsewhere.

Also Windows Vista. IIRC one of the main reasons users disliked it was incompatibility with some drivers and other software, but AFAIU a lot of these breakages were due to that software assuming admin permissions, and hooking into the kernel in undocumented ways, whereas Vista started the process of forcing software to actually use proper interfaces and made them actually get user permission to escalate privileges. A good thing, but which caused teething problems at first. I don't even blame users for their reaction, as the fact was their software wasn't working, regardless of the cause, but we got through that stage and now modern Windows is much more stable. I do still scorn Apple and others who criticised the existence of UAC - they should have been calling Microsoft out for taking so long to introduce it!

Well, the problem is that there are really many different markets for Windows. If my major use of Machine123 is to play old games, of course I'm going to be unhappy when Microsoft compromises my ability to do that. For that use, it might be better to lock down the OS in other ways (i.e., no internet).

The users were sold Windows as a solution to doing a wide variety of things. Now those things are getting compromised. They are not wrong that it was oversold.

> You start putting everything legacy in a nice little container, and people will freak out when they notice FPS loss or some things being a little odd

God forbid we waste a little processing power on security instead of the ever-expanding slime of bloated frameworks and nonsensical UI.

Seriously, someone competent, please bring an OS to market that can waste my CPU cycles on a robust sandboxing model, a la Android. Take my money. I'm tired of spending it on Apple's constantly degrading UX disaster and security half-assery.

> waste my CPU cycles on a robust sandboxing model, a la Android

Unfortunately Android's sandboxing sometimes literally wastes CPU cycles – when Google forced people more seriously to use the new scoped storage API, people stumbled across quite a few performance bugs once you stray past the very simple use cases.

And like almost all attempts at file sandboxing (except to a limited extent Apple's implementation for Macs), it's broken interacting with more complex file formats that don't consist of a single atomic file. Using a file explorer to directly open that kind of file (e.g. a local collection of HTML files) in another app has become impossible that way, because the sandboxing system will only grant access to the one single file you've clicked on, and ignore any related file that are implicitly required, too.

It already happens. Direct Draw games run like shit from Windows 8 and up, you need to use DXGL or something like that which wraps ddraw.dll calls into DX or GL.