It is my opinion that the author's primary concern is that Windows Defender (or any antimalware suite [1][2]) has a huge attack surface, due to the high privileges assigned, and the huge amounts of file formats supported (which require custom or 3rd party parsing libraries.) Sandboxing substantially reduces that attack surface, by placing the parsing engines, and the untrusted executable in protected environments.
I agree with your sentiment that sandboxing will require more complex interactions between sandboxes for antimalware suites to act on pre-existing threats (and minimizing the required privileges for the 'SYSTEM'-level process that must act on those threats.)
A friend and I put together a free dynamic DNS service [1] offering cool custom domains aimed at the Raspberry Pi community (and similar hardware hackers.)
It's not strictly a hardware project, but it's a crucial building block for any network-enabled Raspberry Pi project, and we'd love your feedback.
I agree with your sentiment that sandboxing will require more complex interactions between sandboxes for antimalware suites to act on pre-existing threats (and minimizing the required privileges for the 'SYSTEM'-level process that must act on those threats.)
[1]: https://www.engadget.com/2016/06/29/google-symantec-antiviru... [2]: https://www.engadget.com/2016/01/13/trend-micro-security-pas...