Most Linuxes, by default, create a single login user and grant this user "administrative privileges" by making it a member of the
("big ...") wheel group.
I recommend that you treat this default user as "the Administrator," and use it
only for "administrative" purposes. Use it to create
other users, who are
not "administrators," and use
these for your daily activities. Turn off the option to "automatically log-on" as any particular user. The system will now present you with some sort of login prompt
This is referred to as the
Principle of Least Privilege. You are, on a daily basis, using an identity that – if it wandered into a phone booth – could
only make a phone call. It could
not fly back out of it wearing ugly blue tights.
And this means that "rogue software," using "your" identity to attempt to do things without your knowledge or consent, could not do so either.
If you're a small-business owner who "wears many hats," this is also a very convenient way to segregate these various activities ... and to protect their files. When you're "the accountant," you unlock "the accountant's office" and go inside. (Set the home-directory access mask to
-rwxrwx--- because "what the accountant is doing is nobody else's business.") You find things just as "the accountant" personalized it. And, so on. As a computer consultant, I create a separate account for each client's work, so that anything I set up for one ("preferences" and so forth ...) is
guaranteed to be completely segregated from every other.
