Exactly.. sandboxing helps with this, not unix style permissions.
You still see a ton of comments saying things like "OS X and linux are secure because they use unprivileged accounts". But the security on unix is primarily to secure user alice from something that user bob does. It doesn't secure user alice from something that alice does. If alice gets infected with a cryptolocker trojan, it can't touch bobs files, but it can encrypt all of hers.
On a single user system that only has an alice account, what is needed is to secure 'tax program' from something that 'web browser' does.
You still see a ton of comments saying things like "OS X and linux are secure because they use unprivileged accounts". But the security on unix is primarily to secure user alice from something that user bob does. It doesn't secure user alice from something that alice does. If alice gets infected with a cryptolocker trojan, it can't touch bobs files, but it can encrypt all of hers.
On a single user system that only has an alice account, what is needed is to secure 'tax program' from something that 'web browser' does.