Since Linux is not one of the recommended platforms, a few points about Windows security:
* there are widely used keyloggers (Zeus banking malware) that take screenshots on mouse-clicks, precisely to target on-screen keyboards. However this may help against some keyloggers.
* Secunia PSI is a little-used free-as-in-beer security tool - it scans all applications for vulnerabilities and flags those that need updating. It also does the updates for certain common applications. I wish Linux had this for non-repository applications, though of course sticking to distro packages reduces the risk.
* Cloud-based antivirus such as PrevX (free as in beer) is to some extent based on whitelisting - it generates a hash of all executables and only consults the cloud service for those that are news. Some cloud services such as Google's Safe Browsing use automated tools to download potential malware, run it in a clean VM, and detect undesirable changes on the machine, in order to classify it.