Unlike Windows, where the attack vector is mainly virus
from file transfers, in Linux (and Mac) the attack vector is
going to be browser based.
So if you don't limit javascript trust, you can fall victim to
any manner of installations, ssh, or infestations from browser
based attacks like
BEef.
This tool will provide a triangulated Host --> Website
--> YourBrowser attack similar to XSS scripting browser
attacks, that opens your entire linux (or Mac) system to full
control via the Browser (Opera/FireFox/etc). A keylogger like
the one referenced by Sam would trivially be installed without
your immediate knowledge.
Of course if you do not properly firewall your home network,
have a "cable modem" that is subject to hacked firmware, or
take your laptop to public venues without a proper analysis of
open ports or iptables, you can always pick up a "hitcher",
who could install a key logger or other hack.
Various hardware hacks also exist, similar to tiny USB devices
that can be setup on your keyboard or monitor between
connections, which are commonly used by IT managers in NOCs
and Operations Centers (where oblivious Operations and Systems
staff continue to surf Facebook rather than actually work).
Regularly reading the logs, setting up reporting devices that
inform of new files or packages and of course watching packet
traffic by port on a regular basis will assist you to identify
keyloggers, as well as BEef and XSS browser hacks, since you
will clearly see a great deal of nepharious traffic.
Of course if you allow 3rd Party Cookies and don't control
Javascript, you are just laying on a large number of "adware"
and other installations that create traffic. Be sure you use
NoScript or another Javascript trust control plugin at the
browser level.
It is recommended that ANY systems user always have a fairly
realistic understanding of network trust, packet ports and
"regular traffic".
Also, beyond KEYLOGGERS, everyone needs to know that EVERY
SINGLE SITE YOU GOOGLE, every place you visit can trivially be
cross referenced from other sites for which you authenticate
to provide AT A GLANCE NSA and DHS data that will provide a
complete profile. This includes CHAT LOGS, Warez sites,
TORRENT, and porn sites.
The false sense of security that you can use a Anonymizer or
browser Proxy site, while it will allow you get to FaceBook
from work, will not protect you from large scale data taps at
the level of Akamai Caching and Cable/Telecom providers which
can be configured to hit any number of parameters for which
the feds are interested.