How secure is Ubuntu 9.10 out of the box?

Your doing great, karmic comes with many apparmor profiles in the enforced mode i believe. (by default)
check this with: sudo /etc/init.d/apparmor status (in the terminal)
when enforcing more profiles:

Set an AppArmor profile to enforce mode from complain mode.
syntax : enforce rule
Example : sudo enforce firefox

some reading: http://ubuntuforums.org/showthread.php?t=1008906

And yes ubuntu is save. But rely on common sense, the (end) user should be aware and careful.
- no linux virussen
- zero open port policy

Have fun!

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles
https://help.ubuntu.com/9.10/keeping-safe/C/index.html

Depending on your use of the internet, Karmic is pretty secure for the
most part, are you looking for something specific

--
Regards,
Vikram Dhillon

On Fri, 2009-12-11 at 12:13 +0000, tsangdavid1 wrote:
> New question #93685 on Ubuntu:
> https://answers.launchpad.net/ubuntu/+question/93685
>
> Hi
>
> Ive just started using ubuntu for the past 2 weeks. I have basic settings set-update manager to install updates daily, Gufw firewall set to default deny all, avast for linux deb antivirus on demand scanner, running as a low privilege user-using sudo only for when i need to do things like update manger/remove programs etc, firefox 3.5.5 with no script and adblock plus, Open Dns with anti phishing enabled, wifi connection encrypted with WPA2 PSK AES.
>
> Im only a small home user-is this enough security for me? Or should i do other things like encrypt my entire hard drive, install apparmour?
>

Well to be honest some things about Ubuntu do still bug me.

One thing in particular is the lack of real time antivirus scanning-i know Ubuntu cant get infected by windows viruses and im running at low privileges so anything i let through sudo i bring upon myself. But what if i click on malware website-a drive by download or what if i get my credit card details phished by either a website hacked or a social engineering attack? How does Ubuntu protect its users from being scammed online?

Another thing that scares me is the way that Gufw firewall does not let you see a log of all blocked attacks-how do i know what its blocking things?

With adblock installed and noscript and the build-in anti phishing tools within firefox and WOT add-on( web of trust) your in most cases pretty secure.
Be a victim of social engineering is in most cases the beh. of the user very important. are you into every "facebook-like things" involved or not.
Gufw/ufw does log, but indeed not very explicit. You could monitor logs like: syslog, auth.log, auth.log.0 to see if everthing is ok.
As said earlier what in the status of: sudo /etc/init.d/apparmor status
Encryption: http://bodhizazen.net/Tutorials/Ecryptfs/ outstanding howto.

Inside of firefox you can use an extension called WOT, its one of the
best extensions and if you are on a website that is not creditable you
get a big warning saying this website doesn't have a good reputation

--
Regards,
Vikram Dhillon

On Sat, 2009-12-12 at 08:23 +0000, tsangdavid1 wrote:
> Question #93685 on Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+question/93685
>
> Status: Answered => Open
>
> tsangdavid1 is still having a problem:
> Well to be honest some things about Ubuntu do still bug me.
>
> One thing in particular is the lack of real time antivirus scanning-i
> know Ubuntu cant get infected by windows viruses and im running at low
> privileges so anything i let through sudo i bring upon myself. But what
> if i click on malware website-a drive by download or what if i get my
> credit card details phished by either a website hacked or a social
> engineering attack? How does Ubuntu protect its users from being scammed
> online?
>
> Another thing that scares me is the way that Gufw firewall does not let
> you see a log of all blocked attacks-how do i know what its blocking
> things?
>