The most prominent security features are 1. upon installation, you're asked if you want to encrypt your /home folder. If you do so, then you are given a key and your /home folder is given true 128kb encryption (that's like one key for every molecule in the universe).
Encryption can be cracked - but it takes time, and supercomputing power to do that.
Secondly, the package management is excellent. To download software, you should first go to the synaptic package manager and search. Software is kept in repositories, and these are signed with keys which you can download and add. With Karmic, it's much easier.
An example might be the program Docky. You need to add the PPA. At first, maybe it's not so simple - I do this in terminal with the command 'repo' - the actual command is 'sudo add-apt-repository' and I'm lazy to type, so I edited a file called '.bashrc' and added "alias repo='sudo ad-apt-repository'. This makes life easy for me ;)
Not to spoil your fun, try this with me - google 'docky repository ppa' and find the information yourself....
Ok, so cut and paste into terminal :P or (on mine) type 'repo ppa:docky-core/ppa'
This adds the URL for the repository AND the encryption key to your software manager.
So next you update your software lists (sudo apt-get update) and then install docky. Simple, very safe, and much better than finding .exe files to run (you can get '.deb' installer files, and they work fine - but they're not updated the same way as a PPA is updated...)
Software from repositories is totally safe and secure. It is also updated with the rest of the system - automatically.
Now the firewall - this is rather like going out in the sun with an umbrella, and when you see a single raindrop, you find a tool to make a hole in the umbrella to let the rain come in.
There are firewall tools you can add - but actually you probably will never need one. Firewalls are based on IP tables, and in Ubuntu as with all linux variants - the doors and windows are closed. It is secure, and it works.
People often say that Linux and Mac OSX and other variants are secure because they are not viable targets for malware. I think this is a silly argument. If I were Steve Jobs, or Balmer of Microsoft - with millions of dollars of budget sitting around, then I'd offer some off-the-record salaries to some ace crackers and malware producers. Ok, let's say $500,000 a year for a few cool crackers - paid in cash off the record - to come up with some credible malware.
Let's face it, just two stories a year in the press would put people's mind at ease about using the ONLY insecure OS out there wouldn't it? :P
so the list:
No open ports.
Role based admin (it means no root access, you 'sudo' it - like telling your girlfriend 'make me a drink!!!' and she refuses :o then you just say 'sudo make me a drink' and she says 'sure darling'.
Security updates are fast and furious (there's no '79 day guarantee' like you get with Microsoft) and they work.
There are also many Kernel features - hardened and tuned and updated regularly (it sounds a big deal, but generally it installs while you continue working and you don't realise until - when you next boot up - an extra kernel was installed without disturbing you... no need to reboot when you install just about everything). non-executable memory, kernel memory address protection, null address space protection...
There's more - but I don't really understand it. This isn't Windows, you don't really need to understand too much - I just know that listening to Linux Outlaws podcast, and getting to know a lot of very smart developers (who work with Windows and Linux) who do know everything I wished I could have studied... well I listen to them before I listen to idiot Windows or Mac fanboys.
If you're a real security freak, then go for BSD - that one is REALLY crazily secure.
Stack protection, heap protection, application armour,