I have read this thread. I had a security issue recently where a friend accidentally clicked a link in an Email which released a Virus (Windows) which sent the same Email and the Malicious code within to all people in his Address book.
To clarify my take on this thread, I can say I pretty much understand what Archie has said, as it's commonsense info, securing your browser, email, etc.; clearing your browser cache, cookies, simple 'Online Procedures'.
Adding to your browser any security addons, turn of, or uninstall Java, and Flash Plugin.
The concerns with what I think Just17 is saying are he's concerned with multiple user's on a System, or I have read of a state in Linux where you aren't 'root' but some form of User that is more powerful (thus more vulnerable) where advanced System tasks can be executed. I'll leave that there as i don't understand well enough, but suspect this is the Topic.
Getting back to the Malicious Email I received; I use Mozilla Thunderbird.
The moment I realised the Email link was dodgy I blacklisted the sender's Address.
It was Windows Malware so it wasn't a danger, but better careful than sorry.
Also, Thunderbird doesn't execute a link by clicking, it has to be copied and pasted into a browser. It used to initiate a link, and open my Default Browser but not theses days. I have to copy every link out of Emails, to my Browser. No problem.
Thus choosing what programs you RUN, and being very familiar with how to react quickly if you suspect something is going wrong is so important. As a last resort turn off Moden/Router.
Essentially I got to see first hand an attack via a "Phising Scam", but Linux didn't react at all, which was a great experience to go through !!
I've written somewhere else about this so I won't go further.
I'm not understanding what Just17 is saying, he has already pointed it out to me so I don't know enough about Linux to grasp the problem.
I do however know if I have sensitive Data I wouldn't store it on a Computer that goes online. There's many ways like encryption, sanbox, etc. to secure the Data, also.
Lessening the priority of an application, say your browser, or the Directory the sensitive Data is stored, seems obvious so it can't be reached from an outside source.
Keeping away from known bad sites, and bad online behaviour, obvious.
Googling some Windows Security Forums may also give some further info about bad URL's, and how to avoid them.
What happened to the good old HOSTS file ? No one mentions it, but it is an obvious security measure which should be recommended, plus setting up a Firewall.