> This isn't supposed to replace Windows,
replyOP wasn't suggesting it was, just that the lack of quality in one significant area of the company's output leads to a lack of confidence in other products that they release.
but if the host OS is already comprised, what is the point of sandbox inside of it?
replyMaybe we need secure attestation for sandbox to be protected against compromised host :)
replyIt does sound hard, and might need to employ homomorphic encryption with hw help for any memory access after code has been also verifiably unaltered through (uncompromised) hw attestation.