Nice hint of an ad hom attack there. Anyway... But, yes, there is something you can do to make yourself effectively immune from such attacks: do all your admin and anything involving paypal etc, even indirectly (eg using the email acc your paypal account is linked too) from account that you only a very minimal and trusted set of X apps from. Or even do such things only from a X-less boot. Yes, this is hassle and not worth it for most people - but it is possible, and probably what should be done for servers.