Prevention and detection of tampered files in /home/* is definitely a major aspect of 'Securing the workstation'; As attacks are not just for exfiltration of data and could very well be to place .murder_VIP.doc; There seems to be a need-gap[1] for solutions in this space.
But considering immutable OS increases overall security of the system and that the system/software likely has to be compramised first to tamper /home/* I think they're useful to prevent this attack as well.
But considering immutable OS increases overall security of the system and that the system/software likely has to be compramised first to tamper /home/* I think they're useful to prevent this attack as well.
[1] https://needgap.com/problems/188-proving-computer-hack-proof... (Disclosure: I run this problem validation forum).