This is good advice, but it will not protect you against any malware that has been written in the last 10 years.
Stealer frameworks and dropper frameworks have implemented a lot of bypasses. From using other installed programs (lolbins / gtfobins etc) to using embedded scripting engines to do their bidding up until just reusing signed and installed default drivers to execute their payloads. A lot of drivers have sideloading and execution capabilities due to how the $igning process in Microsoft is constructed.
Additionally, nobody needs "root" access to do anything these days, this is just plain wrong assumption. Most malware will go for your browser profiles which are readable by your user (duh), so a separate privilege escalation exploit avoiding user account won't help you there either.
It's much better to sandbox your applications as good as possible. Even just using firejail profiles will go a long way, especially in regards to electron apps or apps that have remote update and plugin installation capabilities (e.g. discord, slack and the like).
Please, drop some malware binaries through ghidra or other tools before you give advice like this. You might be part of survivor's bias without realizing it.
Stealer frameworks and dropper frameworks have implemented a lot of bypasses. From using other installed programs (lolbins / gtfobins etc) to using embedded scripting engines to do their bidding up until just reusing signed and installed default drivers to execute their payloads. A lot of drivers have sideloading and execution capabilities due to how the $igning process in Microsoft is constructed.
Additionally, nobody needs "root" access to do anything these days, this is just plain wrong assumption. Most malware will go for your browser profiles which are readable by your user (duh), so a separate privilege escalation exploit avoiding user account won't help you there either.
It's much better to sandbox your applications as good as possible. Even just using firejail profiles will go a long way, especially in regards to electron apps or apps that have remote update and plugin installation capabilities (e.g. discord, slack and the like).
Please, drop some malware binaries through ghidra or other tools before you give advice like this. You might be part of survivor's bias without realizing it.