Every Application should be it's own 'user' (sub user) while the login-user / manager should be the group leader of all those 'sub users' / 'agents'.
A change in security model from the 1970s/1980s might help with security and isolation. However that same security would also generally be a pain without really smooth management in the desktop environment / shell.
A change in security model from the 1970s/1980s might help with security and isolation. However that same security would also generally be a pain without really smooth management in the desktop environment / shell.