Most of the files will be set to -rwxr-xr-x
and most of them will have root as owner and group.
You may want to restrict execute on some files, but not all.
If Mandrake issued a security warning, most likely they also released a patch. Use that instead.
In the end, most of the files are GUI software like Mozilla and the rest of them must be run as root.
Even if a user were to run one of these programs, they can't do anything, since all the configuration files (/etc) are only writable as root.