And of course, do not download anything except from authorized site. Keep Gatekeeper turned on.
Also, and though I note the admin/root distinction you mention below, please please, please people, regardless of what OS you run, create separate accounts for admin and daily use. Never do your daily stuff in and admin account - and only provide the admin user/password when prompted if you fully understand what it is you're about to do.
The easiest attack vector under any computer security model is trying to elicit a mistake from a privileged user.
For anyone who is unfamiliar with Mac Gatekeeper, here is a link explaining it...
http://www.macobserver.com/tmo/article/how-to-secure-your-mac-with-os-x-gatekeeper