I disagree with the majority of what you are saying there Roy. From a business perspective running the servers/forums as you do then yes you need a clear security policy. For domestic users the seperation of execution from opening makes linux far more secure. It is impossible to become infected with anything from just opening (or previewing!) an email. Even if I sent you a script containing the usual nice 'rm -Rf /' for this to have any effect you would have to save it, change to root, change its permisssions and then run it.
Nice article here
http://www.theregister.co.uk/2003/10...ndows_viruses/
A bit old but principles still apply
I'm happy to leave a Linux box, straight virgin Mandriva install open for anyone to have a go at hacking. I'll leave a text doc on there if anyone can tell me the contents of the file I'll give them £20. If you can take the box out and make it unbootable or unuseable in any way £30 will be yours.
Anyone up for the challenge?