I've seen viruses bypass security. That's what a virus is designed to do. It exploits the system. Heck you can easily bypass windows security by booting up with a linux CD. The virus basically does the same thing. instead of using the windows API calls it just does it at a lower level.
Very misinformed. To access the 'low level' you are going to need to to though the kernel. There quite simply (without booting from a liveCd as you mentioned) no other way to get where you want to go on the operating system. The exploits you are talking about do not go around the windows kernel or the linux kernel, they instead exploit some hole in an application with the privileges it already needs. Linux has many systems designed to defeat these kind of attacks such as SELinux and chroot jails.
Yes if your restricted user gets a virus, his personal files (everything he can read) are compromised. However, the virus can only write to things that user already has write permission to (which should really just be his /home directory). So while the virus could screw up your files, it's not going to affect any other user on the system. Also with proper settings to prevent execution from /home it will not be able to execute and propagate in the first place.
Unlike windows, 99% of all attacks are going to require you as the user to run the bad application in the first place. This means that you are going to need to tel the system to execute code you do not trust. If you are running applications from sources you don't trust, then you deserve to get what is coming to you.
Obviously no system is 100% secure, however the default security settings in modern linux distro's are very secure and in my opinion way better then most users currently have on their windows XP desktops today. It's safe to say you will probably not get a Trojan or virus while using linux as a desktop.
I did notice in Ubuntu 9.10 it's a bit better as far as requiring root for stuff. I was in fact able to change the resolution but it seems to only work for the user I changed it for.
Different users may want different screen resolutions.....
but considering apps install everywhere on the system instead of a designated folder, wont I need to be root to run most apps? Lot of apps put their config in /etc.
Again, very misinformed. The user has read only permissions to the folders needed to run applications. These are designated folders for designated things. For example /etc/ holds system wide configuration files. /usr/local/bin holds user installed binaries (think of them as exe files). Your user can run those programs because they have read permissions on those files.
So now you say "But how can my user change their settings in that app without root access then?". The answer is each app will store it's settings for that user in the user's home folder. If you do a ls -la on the terminal you will see a bunch of folders for your applications such as .applicationName. Inside that folder you will see configs related to the individual user. This is how it is done typically. I personally think OSX does this even better having a Library folder in the users home directory that contains all application related user specific files. But OSX lacks a proper package management system.