Increasingly, browsers and other utilities advertise their 'sandbox' abilities. You want these!
I know, I know, you hear the word 'sandbox' and you think of the location for your cat's smelliest offerings. Ha, ha, there's more to it than that.
But the analogy is apt. As hackers attack applications, what they leave in your system is no less smelly and no more harmful to your health. Much like the catbox you may keep, you want to dump your system (and its smelly nuggets) into the trash.
A computer sandbox is just that, a sacrificial bit of system bits, a barebones, emulated set of system components that take the worst of the hacker attack. They take that hacker bullet, sparing your Registry, for example, from modification by a hacker.
This has become very important because of all the freebie utilities, their poor security design, and their executable extensions that give the Internet Attacker a welcome mat to wipe their smelly shoes with.
Much like my 'Slash n' Burn' computing, utilities with sandboxes try to isolate the malware via separate system components.
Is this working? Yes and no. There are no standards for sandboxing. Instead, you sign up for the feature and hope it will work as advertised. Let me know about your experiences with sandboxing below.