IIRC they were:
* Often Windows-only.
* Infrequently updated, with bugs bad enough to crash the app, sometimes the system
* Dependent on the user to install new versions
* Able to access everything on your computer
* Non-collaborative
* Dependent on you for data backups
These are non-trivial things.
Now that I’m thinking about it, I still don’t have convenient sandboxing of desktop apps.
We have online package managers, garbage collected languages, containers, unit testing, memory protection, remote backups, cross platform UI toolkits - None of the issues you mention required having to serve everything through a browser window set in motion by a subpar language written over a weekend with cosmetic considerations as first design principle.
BTW you can have easy app sandboxing today using flatpak, works like a charm on Fedora.
Is the Flatpak sandboxing actually secure, though? Or does it work like a charm because most of the security enforcement is disabled in practice?
Allegedly [1] a lot of popular packages use "--filesystem=host", which completely defeats the security of sandbox by granting access to the user's home directory (i.e, allows arbitrary code execution through modification of configuration files).
I think I would rather trust the browser's sandbox, where sandboxing has been in place from the start and applications are designed for it.
It's true many flatpaks are still leaky to match usability expectations. We don't know how to devise proper information partitioning schemes or aren't willing to accept the ones we come up with it.
Ultimately it comes down to who you trust the most. Do you trust your cloud provider to not look at your data and sell you off or do you prefer trusting your local application to not fuck around where it shouldn't?
These are non-trivial things.
Now that I’m thinking about it, I still don’t have convenient sandboxing of desktop apps.