[masklinn]

A Javascript browser exploit is still an issue, however it won't usually be able to read and write to kernel memory. TempleOS runs entirely in ring0. That means any exploit whatsoever and the exploiter can not just access some of your data, they own your machine entirely from the kernel up.

http://www.templeos.org/TempleOS.html is a good explanation of the point and purpose of the project, one which is reasonable and makes perfect sense. It explains why a TempleOS machine should not ever run unchecked third-party programs (let alone be on any kind of network), but could be an excellent OS to use on a remote abandoned island.

[kragen]

It won’t be able to read and write to kernel memory unless it can capture the user’s password and the user has sudo access. Also, as xkcd says, if you don’t have sudo, “If someone steals my laptop while I’m logged in, they can read my mail, take my money, and impersonate me to my friends, but at least they can’t install drivers without my permission.” https://xkcd.com/1200/

[MichaelGG]

Could you elaborate on the difference kernel vs user as far as the end user is concerned? I'm pretty sure that we've seen how damaging CTOs opening Office docs can be.

And web browsers seemed to take off before Windows NT was the more popular desktop kernel.

[masklinn]

> Could you elaborate on the difference kernel vs user as far as the end user is concerned?

* No possibility of a secure experience via strict privilege separation (e.g. strict usage of multiple account, inconvenient but protects against alteration of personal data)

* A ring0 program has unfettered access to the hardware, so the machine itself may be compromised, a breach is not "format & reinstall" let alone "run a bunch of antiviruses" it's possibly "throw the whole machine into the bin and buy a new one".

> And web browsers seemed to take off before Windows NT was the more popular desktop kernel.

Windows 98 didn't run in ring0. It was crap, but not that crap.

[moreInfo1234]

To elaborate on the reasoning behind why it may be necessary to throw the machine out, for the people who aren't familiar:

Given full access to the hardware, it's possible (though I haven't tested it to be certain) to flash the BIOS. The machine could be bricked by a remote exploit.

[masklinn]

> Given full access to the hardware, it's possible (though I haven't tested it to be certain) to flash the BIOS.

Or the firmware in hardware parts. An attacker with the know-how can not only brick but control your GPU or SSD.

[MichaelGG]

In the context of getting completely compromised, I'm not sure the cost of another computer really adds a lot.