There’s also a lot of zealous discourse on the subject of atomic/immutable distros.

Many different solutions exist, even native ones. But I’d have to mention Sandboxie as probably the most popular option.

• Step 1. Upgrade to proactive security. Projects like HotCakeX’ offer a streamlined method of attaining it.
• Step 2. Commit to best practices. There’s a long list of this, but the short of it would be:
  • Uphold a strong backbone of secure software that has proven to be committed to safe practices.
  • Ensure that your system and/or software is always up-to-date.
  • Don’t visit unsafe/untrusted websites. Don’t click on shady/untrusted links.
  • Don’t execute untrusted/unsafe files. Especially not with administrator’s rights.
  • Sandbox all activities. So that even if you’re compromised, that the adversary can only access very little beyond the binary/program/software itself.

First of all, I’m sorry I can’t provide you with a video; I tried attaching it to the post but won’t let me attach any other than photos.

Gifs work. There are some pointers over here.

You seem to have the false notion that corporate distros are safe (or something). But, that’s not true. Look e.g. at the demise of Clear Linux OS.

For (perhaps) a better assessment on whether a distro is well-established^[1] or not, consider looking at the following factors:

• How long does it exist? Like, if it’s old enough to drink, then that’s definitely a good indication.
• How strong is its community? If there are literally millions of users, many of which actively contribute, then that’s definitely a good thing.
• How active is its development? The Linux landscape is constantly evolving. Hence, adopting changes (or, at least, enabling them) is somewhat to be expected.
• Does it serve a distinct raison d’être? It simply has to offer a strong justification for its existence.
• Does it have any strong dependencies/contingencies? Here, a lack thereof is actually what’s good.

TL;DR: If you want to be absolutely safe, then I’d recommend Arch, Debian or Gentoo.