virrii, spyware, adware, trojans, etc are yet something that the OS can not fully protect you from. Privilege seperation of the filesystem (the well known file permissions) is the only defence the OS offers you against such threats and is effective enough to guarantee you will not end up with a corrupt FAT or MBR, or a trashed OS installation, as you would in windows. Yet, the rest is your responsibility. As a single user you have the responsibility of what you execute and the knowledge that when you execute something you automatically grand it the permissions you have (i.e. delete or corrupt files that you own). In that sense, virii are still a possibility in linux, and they could do some damage (i.e. erase documents that you have stored in your $HOME). But the thing is that YOU have to execute the program that will do the nasty thing, if you don't it is very very unlike that something wil be executed on it's own (i.e. triggered by a web script), and that would involve a bug on 3rd party software such as your browser.
Yet, though spyware and virii *can* exist and do even limited damage, they do not prosper in linux. Some reasonable explanations for this are:
- that things are technically very different and the linux users percentage too small to justify the work and resources of companies (relying on spyware/adware) and lammers (coding virii, worms etc).
- that people with the knowledge to code the high-level tools that the script kiddies would use for making damaging virii etc, usually respect the free community
- that there is limited potential for damage (as mentioned above)
- the fact that linux users are rarelly clueless enough and would take care on their own against such pathetic annoyances as spyware, stupid virii and trojans.
The firewall is irrelevant to anything that doesn't involve the establishment of unauthorized connections. Thus, it would be able to help you only in the case of trojans and virii/worms that do network-related stuff. Of course you would have to configure it correctly first.
PS. I understand the above are perhaps too boring, so to answer more practically to your worries, you don't need to worry for things like spyware, adware and virii in linux. They are not popular, they hardly exist and you are likelly to be damaged, have your privacy violated, become a zombie in a botnet etc by a malicious code *only* if you are a wannabe hax0r who digs for "0day 1337 sploits", or do something stupid such as have a telnet/ssh server allowing connections from test:test.
There is very little malware around for linux.. for all the reasons that nske said already...
Furthermore, most Linux users are smart enough not to run around surfing the net logged in as root... unfortunately windows users don't have that luxury, since doing anything in windows when not as administrator (other than changing your wallpaper or double clicking on clipper in MS-Office) is a nightmare.
Plus, the browsers dont integrate with the underlying o/s as much as in windows (ok so yes Konqueror/KDE and Nautilus/GNOME do integrate, but thats merely with the desktop environment)... this means that security issues in the browsers don't necessarily affect the security of the underlying operating system..
Something that IE users still do not understand........
Ok. So, for now we don't have to worry too much about these issues, except for checking for viruses in e-mails, and only if windows is in the network, because if the OSs in the whole network is linux only, we are quite safe.