No, killing the user's applications is to make sure none of the apps for that user (e.g. firefoxUser) run, even if malicious in the background. It's similar to killing all of a sandbox's processes.

I suppose you're one of those who also laughs when he's told to "reboot with live distro before generating cryptographic keys" by experts. If you do, then well, you really don't know what real security is. Clearly you must never stop potentially compromised applications (and whether or not they're "secure by design" is irrelevant because exploits exist, not necessarily in the application itself).

For example, if you're about to log into some super secret account that only requires password (don't ask), why the fuck would you not quit potentially compromised apps (those with internet access) first just to be on the safe side?

Probably same reason people freak out about firefox vulnerabilities that are really insignificant because they can only read its own process' memory, but ofc people use only a single firefox instance whether they login to something super secret/confidential or browse malware websites, and thus turn a complete non-factor security exploit into something big by their own incompetence.

So when you leave your house, I assume you leave it unlocked? It doesn't matter, right? No matter what you do a really determined burgler is going to get into your house anyway, so what's the point in locking the door?

I dunno, maybe because you're not a freak. So I'm logging into a website and I need to open keepassxc to get the password. I close Firefox, because it's connected to the internet and potentially unsafe, then I type in my password to keepass, get then re-open Firefox and get back to the page and then sign in? You think that's a reasonable thing to expect end users to do in the name of securing their keepass password?

No, it's the complete opposite. I'm the "paranoid" one here, some people think that because they got a heavy metal door with a bio-scanner lock (Wayland) that they are perfectly safe from any thief and won't bother adding any extra caution. My wooden door (X11) with a simple keyhole makes me take extra measures.

For the second quote, I don't see the problem, I do that daily for sensitive websites (including email account login). Most of them aren't even done daily, and you talk as if closing Firefox is such a big deal. I think wasting 10 seconds or so per day for extra security is worth it.

Most websites or whatever are not that important, you can reset your password on them anyway as long as you have email access or whatever, even if you do get compromised.