One of the sad facts of the computer security world is that even though everyone acts as if having safe and reliable computing is THE most important base feature to have in a computer, that really isn’t true. Users are far more interested in having the latest, cool, gee‐whiz feature, computer security be damned! Vendors and developers that spend too much time on security end up getting beaten to market by their competitors. Designers who make their devices and applications too secure end up being out of a job. You can architect security into a product as long as it doesn’t bother the customer, and that’s a difficult thing to do.

Hence, most people don’t run the most secure operating system on the planet. The vast majority run a popular, well‐supported, fairly secure operating system, but it’s not the most secure one. If end‐users really cared about security the most out of all their considerations, more would be running Qubes (https://www.qubes‐os.org/), created by Joanna Rutkowska who was profiled in the previous chapter, or OpenBSD (https://www.freebsd.org/). They are the most secure, general‐purpose operating systems, and they are free, yet most of the world does not run them. This isn’t necessarily a bad thing, as we make similar trust decisions in our lives all the time. Security is rarely the first or only consideration in a decision we make. The majority of the world, at least right now, runs Microsoft Windows, Apple iOS, and Android operating ...