One of the biggest threat to an Operating System (OS) does not originated from the outside, but from an internal user. An internal user having privilege access to the OS may compromise its security by intentionally or unintentionally running applications that could subvert the security of the OS.
One solution includes isolating a user in the OS via a virtual environment. However, such user may still be able to manipulate its virtual environment to eventually compromise the security of the entire system by running malicious applications.