It used to be that you had to click on a link on a website to get compromised.
Now all you have to do is view the page.
If you visit a page that has been written to compromise your computer, you're right. If a page has an advertiser that has written nefarious code, you're right. Even legitimate sites can infect you if one of their ads is compromised. A fully patched computer is much less likely of falling victim to rogue installs, however.
It used to be that you had to open an email and click a link to get compromised.
Now all you have to do is preview the email.
Again, only if there are imbedded images, and the best they can do is confirm your address is valid.
It used to be that you had to DO something with your computer to be compromised.
Now all you have to do is have your computer connected to the internet and be on.
Seriously.
Despite the feeling of paranoia this incites, it's mostly true. New exploits are found everyday. However, linux and mac truly do encapsulate your environment to the point of making this almost impossible without your consent. Vista and Win7 have an almost comparable solution with UAC (user account control). If you pay attention to the prompts and what you're actually doing, you can avoid almost all calamity.
The only certain way to never get infected is to NEVER connect to the internet and never connect ANY external drive- dvd, cd usb, anything.
100% true, yet way too ominous.
Using Apple is not a guarantee, using linux is not a guarantee.
You're right, of course, there are no guarantees. Yet, using either of those OS's reduces your exposure to threat by a HUGE margin.
However, security can be as intricate and involved as you want to be- how paranoid are you? (Not meant as an insult, just descriptive.)
This is a common variable in security of any kind. The more security, the less functionality. The more functionality, the more exposure to risk.
I am fairly paranoid so I have hardware and software firewalls and manually do updates.
I watch where I go and what I do.
I use different passwords and rarely replicate them.
I don't do anything with facebook or other social media either.
There's nothing wrong with this stance. I'd consider all of that as "best practice." As far as social media, you should know EVERY level of privacy and security available before you start posting.
I NEVER open emails from those I don't know.
This, again, is a best practice... I'd even call it common sense.