Debian as a server gets security updates, but the packages for desktop remain old, feature robbed and vulnerable. Default Web browser is passing on manifest v3 which enhances security. Linux isn’t going TPM2 (yet) which prevents rootkits, bootkits, keyloggers, and malware. Linux doesn’t enforce security updates. Anyone that thinks Linux doesn’t have frequent security problems hasn’t done a web search on the topic. All operating systems have issues, -Desktop Linux deliberately so.
How is it a waste of time?