A very good place to start might be to study
Windows' security system. If you have (foolishly...) only used Windows as "an Administrator," it may well be that (no disrespect intended...) you know precious little about the
very sophisticated security-model that Windows supports!
The Linux system, by comparison,
might only provide a much more limited security model; one that is positively
naked by comparison.
Or, depending upon exactly what release you are using, it might be quite comparable.
The total topic of "computer security" is, naturally, impossible to digest into a single blog-posting. But there is a vast amount of information on the subject out there on the Internet. The question
therefore really becomes one of trying somehow to set all of that information into some kind of context! Let me try to provide the barest sketches of one...
First of all, realize that when you use any computer, the programs that you run are executing in an environment that is
created by the operating system, be it Windows or Linux or something else.
Only the operating system has
direct, unfettered access to the hardware of the machine. For everything that your program wishes to do, it must
ask the operating system to do it:
"No man shall come to the hardware but by me." And-d-d-d... the operating system just might say
"No!" If that happens, your program is (by design...) in no position to argue.
The operating system makes this determination, on a request-by-request basis, based on
some set of rules. Some programs are more "priveleged" than others. Likewise, some
users are more "priveleged" than others. The set of rules that govern the operating-system's decisions may be coarse or they may be very fine.