But you do not need 24-hour patrols by armed guards with dogs, a set of monitored security cameras, direct panic button access to the cops, etc. I consider much of the security measures promoted in linux are analogous to the security measures needed for a vital commercial service, not for a home computer with dog photos and recipes. I would find it annoying having to enter a 16-digit security code and call into base to get into my house and some of the security measures are similarly annoying to me.
Yes, they could make your computer a zombie. How is hiding "zombieness" achieved? How can such access be hidden? If you get made a zombie, can't you see that your processor is working away, sending stuff? Or your modem flashing away? How is it hidden?Part of the alleged "fun" of hacking into someone's system is not complete destruction, but rather control in such a way that a) the owner of the system is unaware and b) the the controller can use the one platform to gain control of more platforms.
There are different aspects to security and they are all bundled up and discussed as if they are one thing. For example - In a business, your system files are important, even a day without the system can be a nightmare - so you need to keep users away from them so they can't crash the system. Root/user is essential. It may also be essential where you've got dopey kids on a home system. But it may not matter at all when you've got a single user home computer with an easily reinstalled system.
Data files - protection in a business is essential. Loss/corruption catastrophic. Home system - it depends what you've got on the computer. Root/user and file access permissions are more important for important data.
Hacker/zombie issues - these should be of concern for all systems, but how does root/user come into it? Can a hacker do nothing from a user account? How are processes hidden? How does a hacker get into a system connected by a router which is "fully stealthed"? What happens next? If a user downloads a file with something "dodgy" in it, how is the system compromised (if at all?) Is it only of concern if a root user downloads a dodgy file? How do you detect dodgy files?
There are different aspects and I don't find the "you must never run as root!" admonitions particularly useful in understanding exactly what's being talked about and what the specific risk avoided is in each case.