Re: Just kill ALL code in a browser.
An OS where the user can't install random crap from a phishing email approaches Windows 10S or iOS in lockdown. Usability suffers as a consequence.
This is also wasteful. For protection from legal liability, it is sufficient that the machine can not be compromised without user error (i.e. user's assistance).
A likely path forward for Intel (et.al.) is to add a dedicated core with an "untrusted software" mode. This mode would disable speculative execution. Further, the operating system will have to be aware of these "untrusted processes / threads", so they can perform threat mitigations (that are now performed for all threads, sapping performance).
Anyone willing to make bets?