Does anyone?
I think not...we will always be playing catch up...
Precisely. We need something more to protect us nowadays... We can't only rely on reactive policy of signatures (even they're generic ones).
Do you really think that a sandbox will protect us any better, I don't. Why, because on its own a sandbox doesn't improve detections and if something isn't detected within the sandbox, what is to say if nothing is detected and it is run outside the sandbox. Most of you want a sandbox, but then you want it to be able to have your cake and eat it too.
By allowing various things to be able to have access to the system and not remain inside the sandbox and save files, add-on updates, etc. etc. all of which weakens any point in having a sandbox in the first place.
We already have emulation which in a way is trying to emulate what the file would do and if that behaviour would be considered suspect. These areas are what I would consider to be of far more importance than sandboxing.
I just don't see sandboxing as the be all and end all in security.