Regarding Antivirus:
I read the "tips" from
@kibasnowpaw in post #4 above.
The advice looked like good generic security advice that I have seen countless times, until I saw the recommendation to install antivirus software. I had similar thoughts as the others. Why does the author consider that antivirus is essential on Linux? What is the threat?
To me, the text felt like someone copied some typical generic Windows security advice and modified it to apply to Linux. Overall it is good advice, but the antivirus recommendation detracts from the rest by bringing the original author's credibility into question.
@DavePM (the OP) installed ClamAV and that's okay. In my opinion, it won't add much security unless Dave is very gullible. Based on his writing here, Dave does not seem like the kind of person who would install software or give his admin password whenever any silly dialog box asks for permission. I doubt that he would trigger a reaction from the antivirus, especially if he works from an unprivileged user account and reserves the admin and (inactive) root accounts for software installation and system configuration only.
Antivirus software can sometimes lead to more harm than good. Because of what it does, antivirus software runs with high privileges. In the past, attackers have found ways to exploit vulnerabilities in anti-virus software itself to gain a foothold on your computer.
Regarding Norton VPN:
I was surprised to learn that a commercial VPN company does not support Linux as a operating system platform for its customer clients. I do not use commercial VPN services, but I imagine that most VPN providers can provide you with client configuration information so that you can configure your own generic VPN client to be compatible with their service. The proffered client software seemed to be more about conveying the configuration parameters to make VPN connections easy for the customer to configure.
Apparently Norton (owned by Gen Digital) is so large that they feel that they can require a proprietary VPN client with a proprietary configuration. That may help Norton lock in customers, but prevents them from selling VPN services to Linux customers. My feeling is that Norton views the VPN as an add-on "feature checkbox" for the Norton product lines that they sell to Windows and Mac customers.
I did a web search and found a blog where someone determined that Norton VPN uses OpenVPN with specific parameters. If you have a working Norton VPN running on another platform (e.g., Windows), you should review your settings files to extract the necessary information that you need to configure OpenVPN on Linux to work with your Norton VPN. See this blog entry:
https://blog.jeroenhd.nl/article/getting-norton-secure-vpn-to-work-on-linux
Depending on how much money you have invested in Norton VPN, I would consider switching VPN providers. I would definitely do it after the current Norton subscription runs out, especially if you plan to stay with Linux.
(If you are an adventurous learner, think about renting a cheap private Linux server to run your own VPN server on it. Cheap means between $10 and $20 a year. Oracle Free Tier offers free private servers. Even though it is free, Oracle Free Tier is too much trouble to be worth the effort, in my opinion.)