The easiest way to prevent most malicious attacks is to set up a User Account without Administrator priveleges.That works only together proper permissions on files and directories, user privileges are exactly used to check what file they can access and how. Because on any PC there are different software running with different users - besides the logged on one for example there are services running with other users, many with the highest privileged one "local system", if you have something that could be modified by unprivileged user and then run by the privileged ones, you risk big troubles. My advice is: do not try to outsmart the system. There are often good reason if it designed that way. That's why OSX and other systems looks to be more secure. Unlike Windows, users stick to the OS rules, and usually don't care where software gets installed or data is stored, they let them go where they should.