The first thing I did after installing Zorin was enable the firewall, as that is not enabled by default.
I still occasionally run ClamAV via ClamTK which can be found in Zorin Software store.
I then run Rkhunter from terminal.
Both are manual scans and both generate spurious warnings so are not simple in use compared to AV you may have been using with Windows. Once you are familiar with those warnings you can just watch for anything unusual. I have not seen anything yet. 
As @Aravisian has already said, You are the security gatekeeper, so if it looks too good to be true, the alarm bells should ring.
1 Like