This brings up something that's always baffled me.
Why does a user's (or worse, the entire system's) files have to be
immediately accessible to any application wanting to take a look.
Take a legacy example, SCOPE or NOS on a CDC mainframe. At start of
job, you start out with a null file set available to you, but for
standard input and output pre-named files.
If you need a pre-existing "permanent" file, you attach that to your
current session, providing the necessary password and other information,
such as the cycle number--and then giving that file its own (local)
name--i.e. user-permanent files have a different (usually longer) name
than what they're known as locally.
To the best of my knowledge, outside of password leaks (a different
password, if you wanted, for each type of access), we had no security
issues.
The better approach in modern times, I suppose, is to sandbox your
browser--and never, never, never browse with administrative privileges.
(Something the average Windows user doesn't seem to understand).
Has cryptolocker ever invaded the world of Unix/Linux/BSD?
--Chuck