[holy_city]

>the chances of me being attacked are practically zero

That's because the OS developers have placed value on security over performance. Whooping cough is rare too, we still vaccinate against it.

If you want a classic example, bounds checking an array is important to avoid RCE and sandbox escape attempts. It can also have a hefty performance penalty, under some scenarios it trashes the branch predictor/instruction pipeline. But I'm glad that my browser isn't as fast as machine-ly possible when streaming video, because I'd prefer if there wasn't a risk of having my emails from various banks, stored passwords in the browser, etc from being collected and sent to a bad actor.

[badsectoracula]

> That's because the OS developers have placed value on security over performance.

No, that is mainly because nobody knows nor cares about me personally.

As for your example, i already addressed it with that last part in my message:

> Note BTW that there is a difference between "i find performance more important" and "i do not care about security at all". I do care about security, but i am not willing to sacrifice my computer's performance for it. I simply consider performance more important.

The browser is a case where i'd accept less performance for better security because it is the primary way where things can get into my computer outside of my control. However that doesn't mean i'd accept less performance in, e.g., my image editor, 3d renderer, video encoder or whatever else.

In other words, i want my computer to be reasonably secure, just not at all costs.

[monocasa]

> No, that is mainly because nobody knows nor cares about me personally.

I mean, they do care about you. I assume you have a bank account, or personal information that can be used to open a credit card under your name?

> However that doesn't mean i'd accept less performance in, e.g., my image editor, 3d renderer, video encoder or whatever else.

Most of that is specifically designed with security in mind. For instance the GPU has it's own MMU so you can't use it to break the boundaries between user mode and kernel mode.

[badsectoracula]

> I mean, they do care about you. I assume you have a bank account, or personal information that can be used to open a credit card under your name?

That is not caring about me though. Honestly at that point you are spreading the same sort of hand-wavy FUD that is used to take away user control "because security".

> Most of that is specifically designed with security in mind. For instance the GPU has it's own MMU so you can't use it to break the boundaries between user mode and kernel mode.

Again, i'm not talking about not having security at all.

[monocasa]

> That is not caring about me though. Honestly at that point you are spreading the same sort of hand-wavy FUD that is used to take away user control "because security".

I legitimately don't understand your argument here. Do you not lock your car? A opportunistic car thief doesn't have to "care about you", and going through the process of unlocking your car could slow you down.

[badsectoracula]

Those comparisons miss important details so they aren't helpful - and also i do not have a car. Though if you want a comparison that does apply to me - i lock my apartment's door, though i do not bother with installing a metal door and window bars despite knowing how easy the door would be to break for someone who insists in entering my place as the chances of this happening are simply not worth the cost.

I already repeated that several times, i'm not sure how else to convey it: i care about security (lock my door), but it isn't at the top of my priorities (do not have a metal door and window bars).

[monocasa]

The problem is you're speaking in metaphors. Which security is getting in your way that you can't trivially disable?