I'm a professional geek for a rather large organization - end user security makes up about half of my job description.
I work in Windows but run Linux exclusively at home although the spousal unit still runs Windows - earlier this week I installed Windows for Workgroups in a VM on my netbook just for fun - i was an interesting diversion and a real blast from the past
But - IMO although sandboxing a browser session is a good idea and a great start toward securing your machine it doesn't eliminate the requirement for a firewall feature set or a malware scanner as there's nothing to stop the nasties on your machine if your sandbox gets compromised or if malware gets loaded on your machine from a platform other than your web browser - an example would be a hostile email attachment or infected removable media. If your machine's acting as part of a botnet a browser sandbox won't do anything to stop that behavior
Although there is no Linux malware in the wild I still run a virus scanner on my computers to help insure that nothing that comes off my machine can infect a Windows machine. I don't run a firewall on my desktops because by default Linux doesn't listen on any ports and it's not possible for an application to open a low port on a machine without prompting me for a password.
This brings me to another point - just because an application requests access to the internet doesn't mean someone needs to grant it
You did touch on one thing that IMO can't be overstated - the need for a trusted backup solution. Malware aside, all hard drives fail at some point and if you don't have your data somewhere other than on your hard drive you *will* lose it. Also, an untested backup solution isn't a backup solution at all. One needs to insure they can restore data from whatever method they use to archive that data.
All in all I think your guide is a pretty good start. I still think a malware scanner and a firewall feature set are (unfortunately) part of any defense-in-depth solution, though.
