There are lots
of ways to "attack" a computer, and by now the traditional "virus" is becoming somewhat long in the tooth. There are much easier and faster ways to do it.
But basically, in the case of "viruses," the main maxim that you need to keep in mind, regardless
of operating-system, is that privilege, ownership, and protection mechanisms are your best friends.
You do not need to run as Administrator on your Windows box, nor as Root on your Linux box, even though it is "your personal" computer and so you have every "right" to do so. Nor do you need to have every single file on your system read/writeable to you. As they say in firearms, "keep the safety 'on' until you are ready to destroy the thing that is in front of you."
Linux, OS/X (Unix), and all Windows-NT descendents
have a very powerful security-model ... Windows' actually being the strongest
of the three. They give you fully-automatic, fine-grained control over exactly what the operating system will allow you to do, and what it won't. When these features are used in the manner for which they were originally designed (namely, keeping a University full of very-bright, very-bored students more-or-less at bay
) ... a "virus" is quite-literally not allowed
to do what it wants to do.
In that regard, mind you, Linux is not special or magical.
Its standard security-model is actually quite primitive.
The only difference is... it's usually turned on!