Here are my suggestions :
1) Give permission to others for Samba folder, hence it will be accessible via Windows Clients. Anyways, any user can see the shared data, but they can't edit unless full directory permission are given before sharing with Samba.
2) Create a user and add it to Samba User. Link User details with folder permission, such that specific User should have permission on specific folder only. Permissions are not browser specific.
3) Assuming site is hosted on Ubuntu/Linux flavour, so virus should not be a concern
4) Again, specific User should have permission on specific folder only
Essentially, permission are not browser specific. It can be set for User or the folder/files.
We agree that mapping the drives increases the chances for virus attack. Maybe you can script a quick any new file load scan over Windows platform (just an idea here...!!!)