OP, what are you worried about, specifically?
Services that have open listening ports that may be compromisable? Run netstat -aln to get a list of the listening sockets and look up their port numbers. Couple that with output of lsof and you can figure out executables/processes are controlling those sockets. Then you see if you actually need them open, if not you stop them. Eg: you are not running a web service, so if there is an httpd process listening on ports 80 or 443, kill it, don't start it.
Listening sockets are going to be the primary or one of the primary ways to attack the host remotely. If you are behind a firewall of some sort, say a Linksys wrt54g behind a cable modem, the default is "deny all incoming from the WAN unless it is a response to an outbound LAN request". If you don't have any port forwarding, from WAN to a LAN service, don't worry.
If you are concerned with "downloading an email attachment under Linux and forwarding it to a Windows user", not much to help with there. There are probably things that could scan the attachment, but still only as good as the latest definitions.
Downloading bad updates? Threat it like Windows: "check for but do NOT download and install". Then if something is a security update, download and install it, otherwise, think about it 3 times. Security updates, you should only apply the ones "applicable" to you ( if you are not running httpd server who cares about a CVE for it).
Above is all my opinion based on running *nix systems as a desktop for a long time. Others may have different opinions (good): it's up to you to take in all the information and make your own decision. You are responsible for your security on your resources.
I'll gladly answer any reasonable questions.