Re: Require password to install anything onto system?
I have to agree with the others, apparmor is your best bet.
the rest of your system (everything outside your home) should be safe by default, as only root is allowed write access, and would require sudo/gksu to install, and the installer would have to have the ability to set permissions to enable the execute bit.
that means the only location the browser can write to is within your /home/user directory.
apparmor restricts your browser to only have access to resources it requires to function, and thus limits any potential damage to those specific locations.
in the long run, that is the best you can do. a browser by definition needs the ability to download files from the internet and write them to disk. in the case of executable content (flash/java) it must also be able to execute files it writes.
Things are rarely just crazy enough to work, but they're frequently just crazy enough to fail hilariously.