Security is getting more and more important. We have all heard the security problems Windows XP, Internet Explorer, Quick Time and many other programs have been experiencing. By many people Ubuntu and Linux is regarded as more secure than Windows, if it is the truth I don’t know.
One thing that need to be understood is that far more computers (and I mean far more) are running Windows than Linux, so malware and viruses are often by default designed to attack Windows-based computers rather than Linux-ones. The Windows user-base might also be less tech-savvy than the persons using Linux, a lot of family computers are running Windows.
So what security features does Ubuntu use? I would say that the real difference between Ubuntu and Windows XP is the user account management. In Ubuntu you do not have administrator rights by default as in XP, which means that viruses trying to take over your computer will not be able to without your account password.
Windows Vista has a similar feature, User Account Control. UAC was attacked by users and media for being annoying and in the way when installing software and configuring computers. Ubuntu also has an equialent of UAC, it prompts for you to enter a password every time you want to configure something, however it is not as frequent as UAC in Windows. UAC and similar features are probably the best security measure that any computer can have, it really makes life harder for hackers and malware. But requiring the user to enter a password each-time is a bit over the top I think, creating a password free UAC is something Ubuntu should borrow from Vista.
All current Linux distributions have a firewall on a kernel level, it is called iptables. Iptables is an old style Linux product which does not include a GUI and it is pretty hard to configure and always allows everything by default. There are utilities to help you though, Lokkit is probably the easiest and most straightforward one. There is also one called Firestarter, which is an easy alternative. If you are already behind a firewall there is no reason to worry too much about Ubuntu’s lack of a firewall, but if you are using a laptop on the road or have your computer connected directly to the Internet you will want one.
A common Linux legend is that you do not need any anti-virus program because Linux is engineered so it is hard for viruses to run in the first place. But if you have files being used on Windows computers you will still want anti-virus. Even though infected files will have a hard time infecting your computer, the system will carry the virus to the next Windows computer. Obviously if you are using a dual-boot setup it will be needed even more.
There is open-source virus software, ClamAV. It seems very capable, but I went with AVG Free Edition for Linux just because I use it in Windows Vista and it’s great. AVG for Linux doesn’t do much else than detect viruses and scan for them. It can’t heal files, which is a bit weird but at least you know you are infected.
As you already know Ubuntu is open-source. In the media it is often said that open source is more secure than closed source. Some argue that open source applications are more secure since a large community has been able to test the code and find exploits. Obviously it can also pose a security threat if the community does not find the exploits and bugs first, so there are really two sides of the coin and don’t let anyone tell you otherwise.
Using Ubuntu feels more secure, from a security perspective it is better engineered than Windows so at least you can relax somewhat. One should however be clear that threats directed towards Linux-computers will increase as Linux become more and more popular.