End user security for web browsing

Someone asked me, earlier this week, how to setup a "very secure Fedora 16..." system for a user that mostly surfs the web and uses email. Instead of responding directly to that user I'm writing this in order to get others to comment and provide additional information that I may not think about as I'm writing this.  Generally speaking, however, I think this would be a short list of things to do:

  • Remove unused packages.  Software packages that are unused on your system may introduce unwanted access into your system through an unpatched bug.  More software packages also means more packages to update/maintain.
  • Use the latest version of your web browser.  Web browser makers provide updates to their supported versions of their software.  If you are using an older version of your web browser then you may not be protected from all vulnerabilities.
  • Use HTTPS whenever possible.  When you use HTTPS instead of HTTP when surfing the web, the connection between you and the web server is encrypted.  If you use the Firefox browser then you can use the HTTPS Everywhere plug-in that will automatically change HTTP to HTTPS on many pages that the plug-in knows about.
  • Don't use the same password for all of your online accounts.  If one of your accounts gets compromised then all of your online accounts could get become compromised.  Use a password manager to store your passwords so you can use long, complex passwords and not have to remember them.  Firefox has a password manager built-in.
  • Use SE Linux.  SE Linux helps keep your system secure by using mandatory access controls. This will keep any rouge code from gaining too much access and doing too much damage.

This is a short list and I'll probably add onto it.  Anyone have anything else to add?