The problem of security should be considered at two levels, user level and system level. An operating system can be at most as secure as its user. An uninformed user has every possibility to put an operating system under risk. Internal system vulnerability, on the other hand, cannot be prevented (without considerable effort, equivalent to patching the system oneself) by the user.

Therefore, the whole idea of improving security should be realized by means of warning the user of possible risky operations and strengthening the operating system itself which are equally important.

Security threats come in three kinds, (or in fact, I put them into three categories) aggressive attack, seductive attack, fundamental attack. How someone can harm your computer or data in general?

More Here