Some people find the idea of compiling their own kernel to be fairly daunting. And, to an extent, it is. There’s greater chance for issues to arise when you start handling things yourself if you aren’t careful. But the benefits are very significant.
I’ve been running a Grsecurity patched kernel for months with very few issues – most have been due to me messing around and ATI drivers having massive security flaws. Performance is not any worse that I can tell – I feel absolutely no ‘bog down’ in any way.
Running your kernel patched with Grsecurity is the number one best way to stay secure. Every single thing I’ve written about is made better when you run it with a secure kernel, and Grsecurity is the leader by a long shot when it comes to kernel security.
Actual compile time on my laptop takes about 2 hours. That’s actually not that bad – consider that it runs in the background, the system is fine and responsive while it’s going on, and it’ll easily be done by the time I wake up.
All of the troubleshooting will happen at the beginning, the first compile. After that it’s smooth sailing.
You get a kernel that’s considerably more secure and faster if you take the time to optimize it.
Here’s a guide to patch your Grsecurity kernel.