ANSWER:

Up to you but at the vary least do these steps
Install anti-virus protection: ClamAV
When installing ClamAV, you can specify whether you want to run the program manually or have it run continually by connecting it to a daemon. For a desktop, it is ideal to have the program run as a daemon (this also still gives you the option of performing manual scans).
To install ClamAV as a continually running daemon, follow these steps:
1. Power up your computer and log in.
2. From the menu bar, select Applications > Accessories > Terminal.
3. Once the terminal is launched, enter: sudo apt-get install clamav-daemon
4. When prompted, enter your password. This installs a package called clamav-freshclam, which is the updater package for the ClamAV application.
5. You now see a message indicating how much disk space will be used when you install the software. Enter Y at the prompt to begin the installation.
The installation process should take only a couple of minutes. When it completes, you see an alert indicating that your virus database is older than x days and that you should update it as soon as possible.
Update your virus definitions
Virus definitions are patterns of code that are unique to different malware programs. Anti-virus scanners compare the contents of your files to the code patterns in a virus definitions data base. If a match is found, the program alerts you that there is an infected file on your computer and prevents code in that file from executing.
Malware writers are continually writing and trying to spread new infectious files, so aside from installing anti-virus software, keeping your virus definitions up to date is the most important task in keeping your files protected from malware. If the definition for a particular piece of malware isn’t in your virus definitions database, the anti-virus scanner won’t know it’s malicious code and will let it run and and do whatever damage it was programmed to do.
Because you installed freshclam with ClamAV, you can update your virus definitions immediately from the terminal by following these steps:
1. At the prompt, enter: sudo freshclam
2. When prompted, enter your password. Running this command updates your definitions to the most recent database.
3. The freshclam command does not cause any subsequent automatic updates to your virus definitions. Each time you want to get the latest definitions, you must run freshclam again. After performing the initial update, you may find it convenient to use the -v argument on the command to first check if your definitions are up to date or not: sudo freshclam -v

Start ClamAV
Now that you’ve updated your virus definitions, you’re ready to start ClamAV.
To run a manual scan of your home folder, go to the terminal prompt and enter clamscan. When the clamscan command completes, you see a report of how many directories and files were scanned and how many infected files were found.
To begin running ClamAV as a daemon, go to the terminal prompt and enter clamdscan. The clamdscan command creates a user named ClamAV. You can then add this user to the group that owns the files you wish to scan.

Install the ClamTk GUI for ClamAV
Because this tutorial is aimed at beginners, this section explains how to configure ClamAV using a graphical user interface (GUI) called ClamTk. To install it, follow these steps:
1. Close the terminal.
2. From the menu bar, select Applications > Add/Remove.
3. At the top of the Add/Remove Applications window, select All Open Source applications from the Show drop-down menu.
4. Enter Clam in the search box, and press Enter.
5. When Add/Remove Applications finds ClamTk, it’s listed as Virus Scanner in the main section of the window (see Figure 1). Select the Virus Scanner check box. If you are prompted to enable the installation of community-maintained software, click the Enable button.

Figure 1. Installing ClamTk using the Add/Remove tool

1. Click Apply Changes at the bottom right of the window.
2. Click Apply.
3. When prompted for your password, enter it and click OK.
4. When you see the pop-up window informing you that installation is complete, click Close.

Use ClamTk
It is possible to launch ClamTk from the desktop by selecting Applications > System Tools > Virus Scanner, but using the program in this manner may require you to log in as root, which you do not want to do. Instead, use the following steps to open ClamTk with the appropriate rights:
1. Press Alt-F2.
2. Type: gksu clamtk
3. Click Run.
Figure 2 shows the ClamTk Virus Scanner window. You can use the menu and toolbar to issue commands. The Information section lists files and their status. If a file is infected, it would be noted here (the files in Figure 2 are waiting to be scanned). At the bottom of the window the Status section indicates how many files have been scanned and how many infected files were found.

Figure 2. Scanning for malware using the ClamTk GUI

If you find that malware has infected any files, be sure that the file isn’t an essential system file before you delete it. This is especially true if you’re using a dual-boot computer, because you can scan Microsoft Windows directories using GNU/Linux and ClamAV.

Protect against rootkits
Probably the most dangerous malware that GNU/Linux users face is the rootkit. To fight against rootkits and other possible exploits, this section shows you how to install and use rkhunter and chkrootkit. These programs scan your desktop for suspicious files that may have been installed by an attacker to gain control of your computer.
Install and use rkhunter
To install rkhunter, follow these steps:
1. To navigate back into the terminal, select Applications > Accessories > Terminal.
2. In the terminal shell, enter the following command: sudo aptitude install rkhunter
3. When you receive a message informing you of how much space the software will use, enter Y to begin the installation.
Once rkhunter is successfully installed, you can run it to check your desktop for a number of exploits. To begin the program, go to the terminal prompt and enter: sudo rkhunter –check
If rkhunter is running properly, you begin to see a list of directories with the word OK or Warning next to them. Once started, rkhunter performs several types of scans. After one scan completes, you begin the next by pressing Enter. The different types of scans are:
• Directories
• Exploits on the desktop (sample results shown in Figure 3)
• Ports that are commonly used for back door access
• Startup files, groups and accounts, system configuration files, and the file system
• Applications
After all the scans are complete, rkhunter provides you with a report and creates a log file with the results.

Figure 3. Rkhunter scanning for rootkits

As with ClamAV, you need to regularly update rkhunter so that it can detect the latest vulnerabilities and exploits:
1. From the terminal, enter: sudo rkhunter –update
2. When prompted, enter your password.
Install and use chkrootkit
Although most anti-virus software does not run properly alongside another company’s anti-virus program, rootkit hunters will run symbiotically with one another. Therefore, for more comprehensive protection, you can install chkrootkit and run it alongside rkhunter.
To install chkroot, simply go to the terminal prompt and enter: sudo aptitude install chkrootkit
Once chkroot is installed, you run it just like you do rkhunter. At the terminal prompt, enter: sudo chkrootkit
When chkroot completes its scan you are brought back to the terminal prompt.
If rkhunter or chkrootkit finds anything out of the ordinary, they simply inform you of the potential problem. Neither of these programs actually delete files from your computer. If you’re alerted to something by either program, research the exploit or vulnerability that has been reported and make sure that what was found isn’t a false positive. Then, determine the necessary steps to eliminate the threat. Sometimes, you only need to update the operating system or other software. Other times, you may have to locate a rogue program and eradicate it from your system.

Using a firewall
The next preventative step you should take is to use the firewall built into your operating system. Ubuntu, by default, runs iptables as the firewall on every distribution. Upon installation, the default settings for this firewall allow all incoming and outgoing traffic by default. To make effective use of the firewall, you need to create rules to lock down your desktop.
You can configure iptables via the terminal, but this section of the tutorial shows you how to write firewall rules with a GUI called Firestarter.
Install and launch Firestarter
Firestarter is not installed on Ubuntu by default. To install and launch Firestarter, follow these steps:
1. Open the terminal and type this command: sudo apt-get install firestarter
2. When prompted, enter your password.
3. To launch the program, close the terminal window and select System > Administration > Firestarter.

---

Configure Firestarter
When you first launch Firestarter, you’re taken through a setup wizard. Follow these steps to complete the wizard:
1. Look over the introduction on the first screen and click Forward.
2. The next screen asks you to provide information about your network device. If you’re using an Ethernet cable to connect your computer to a router, the Ethernet device should be set to eth0, as shown in Figure 4. If you have DHCP running on your network, be sure this option is selected. After making the appropriate selections, click Forward.

Figure 4. Configuring the network device in Firestarter

1. If you’re sharing your Internet connection with other computers, the next screen lets you configure this (see Figure 5). Once you’ve configured your network setup, click Forward.

Figure 5. Configuring Internet connection sharing

1. Click Save to start the firewall.
   Figure 6 shows Firestarter actively monitoring a computer.

Figure 6. Firestarter

---

Add Firestarter to your startup programs
Before you begin configuring Firestarter policies, perform the following steps to include it in your startup programs and allow Firestarter to protect your computer each time you boot up:
1. Select System > Preferences > Sessions.
2. Click Add to bring up a window where you can type the startup command.
3. Enter Firestarter in the Name field.
4. Enter the following in the Command field: sudo /usr/sbin/firestarter
5. Click Add, and then close the Sessions Preferences window.

---

Create policies in Firestarter
In order to use Firestarter to stop illicit traffic, you need to create policies. Firewall policies are the rules that determine how a firewall handles incoming and outgoing traffic. Policies can be set to prevent traffic to or from a specific IP address, a specific site, or even a port on a computer. When creating policies, it’s important to remember that although blocking certain traffic may make your network/computer safer, it can also hinder the ability of people to work. You need to find a balance between security and functionality.
Make sure Firestarter is open on your desktop. Firestarter blocks any inbound network traffic that isn’t a response to a connection established by a secure host. If you didn’t initiate the connection, Firestarter blocks it by default.
To create a new policy that allows an inbound connection, follow these steps:
1. Click the Policy tab in Firestarter.
2. Set the Editing option to Inbound traffic policy.
3. Click Add Rule at the top of the window. When you do this, a new window appears, asking what incoming connections to allow (see Figure 7).

Figure 7. Adding an inbound traffic policy

1. In the first field, enter the network, hostname, or IP address from which you want to allow incoming traffic to originate. For practice, enter: thisnetwork.org
2. Click Add.
3. When you’re brought back to the main window, click Apply Policy.
   Highlight your new policy; the Remove Rule and Edit Rule buttons are now activated. Unless you created an actual rule that you plan to use, click Remove Rule and then Apply Policy.
   To create a new policy that blocks outbound traffic to a specific network, site, or host, follow these steps:
4. Click the Policy tab in Firestarter.
5. Set the Editing option to Outbound traffic policy.
6. You can now select either Permissive or Restrictive. Permissive blacklists selected traffic; if you create a policy in Permissive mode, you’re telling Firestarter to prevent outgoing traffic to anything listed in the policy. Restrictive, on the other hand, blocks any outgoing traffic except to anything listed in the policy.
   For example, if you want your computer to access only www.thisnetwork.org, select Restrictive. To block access to www.thisnetwork.org, select Permissive.
7. Click Add Rule at the top of the window.
8. In the Add new outbound rule window, enter the network, hostname, or IP address to which you either want to deny or permit outgoing traffic (depending on whether you selected Permissive or Restrictive in the previous step). For practice, enter: thisnetwork.org
9. Click Add.
10. When you’re brought back to the main window, click Apply Policy.
    Once you’ve made policy changes to Firestarter, you can lock the firewall by clicking the Status tab and selecting Lock Firewall.

Password-protecting the bootloader
When you’re using GNU/Linux, you can boot the computer to change the root password without having to enter a password. This is called single-user mode. This section shows you how to password-protect this feature.
First, password-protect the GRUB bootloader. If you are using LILO, follow these steps:
1. Launch the terminal.
2. At the prompt, enter: grub
3. To make sure you don’t store the password you’re going to create in plain text, enter: md5crypt
4. At the prompt, enter the password you wish to use for single-user mode.
5. You are then given an encrypted version of the password. Don’t close this terminal window–you’ll need this encrypted password in the next steps.
Edit the GRUB configuration file
To edit the GRUB configuration file, follow these steps (before editing you will back the file up):
1. Open a new terminal window.
2. Enter the following command: sudo cp /boot/grub/menu.lst /boot/grub/menu.lst-backup
3. When prompted, enter your password.
4. Enter the following command: gedit /boot/grub/menu.lst
5. This takes you to the Grub configuration file. Locate the line in the file that reads: password md5 — and replace the existing password with the encrypted password you created earlier in this section. Listing 1 shows what your GRUB configuration file should look like when the password has been changed.

Listing 1. GRUB configuration file, after the password change

Set a timeout, in SEC seconds before automatically booting the default entry

(normally the first entry defined).

timeout 3

hiddenmenu

Hides the menu by default (press ESC to see the menu)

hiddenmenu

Pretty colours

color cyan/blue while/blue

password ['--md5'] passwd

If used in the first section of the menu file, disable all interactive editing

control (menu entry editor and command-line) and entries protected by the

command ‘lock’

e.g. password topsecret

password –md5 $1$jLhUO/$aW78kHK1QfV3P2b2znUoe/

password topsecret

#

examples

#

title Windows 95/98/NT/2000

Unlike GRUB, LILO doesn’t allow for encrypted passwords. If you’re using the LILO bootloader follow these steps:
1. Launch the terminal.
2. At the prompt, enter: edit cat /etc/lilo.conf
3. When the editor opens, search for the password section, and create a new password there.

Remove guest account
You can remove this by editing /etc/lightdm/lightdm.conf and adding the following line at the end: allow-guest=false

Add a system load indicator
Although this may seem odd, adding system monitors to your tray on top not only assists in providing feedback to you as to the reason why your system might be responding slowly, it does to a certain degree become a security monitoring tool as the feedback can also help inform you of potentially suspicious activity that is occurring on your system unbeknownst to you and warrants investigation. For example if you are on your computer reading an article and suddenly see your network activity light up solid for apparently no reason, it might be worth investigating the cause to confirm that this is within normal system behavior.
Begin by installing a package called indicator-multiload. Once installed configure it to startup automatically by launching Startup Applications in Dash, then clicking on Add and adding an entry that runs the command /usr/bin/indicator-multiload.
Once the system load indicator starts up (you can either reboot your computer to start it or manually launch it the first time by running the command “/usr/bin/indicator-multiload &”) right-click on it, select Preferences, and add monitors for resources such as Processor, Memory, Network, Harddisk, etc. You may wish to also tweak the system monitor update interval as it does use considerably more processing power to animate it faster (you can confirm this by opening a terminal, starting top and observing the %CPU column for the indicator-multiload process).
Now in the event that you ever notice unexpected activity (again using the example of your system uploading data for no apparent reason) you can perform a quick and preliminary investigation by using tcpdump, wireshark, or netstat to determine what type of data is being sent and where.
Firefox Add-ons
Although there are countless add-ons and extensions for Firefox that can make your web browsing more secure or private, we recommend that you consider Adblock Plus, Ghostery, and HTTPS-Everywhere, for the reasons below:
Adblock Plus: An alarming amount of malware today is pushed through the advertising network. Although malware is not nearly as much of a concern for Linux systems in comparison to Windows, using Adblock will block advertisements and thus prevent any exploits from being automatically pushed onto your computer through advertisements delivered on legitimate web site. After you install the plugin and restart Firefox, you’ll be prompted to select a filter subscription. Choose the one closest to your locale and click Add subscription. Now I do realize that there currently aren’t any public reports of people purposely paying money to display malicious advertisements that target Ubuntu systems, however I still recommend the installation of Adblock Plus since running it typically does not cause any problems.

Ghostery: Ghostery allows you to detect and block trackers that are a part of most major web sites. Ghostery will produce a brief alert box in the top-right corner of Firefox showing the content it is blocking whenever you visit a page that has trackers. Given that the alert box can be distracting, you can disable this by going into the Ghostery options, and clicking on the Advanced tab, and unchecking “Show Alert Bubble”. In addition from here you can configure Ghostery to delete Flash and Silverlight cookies whenever your web browser exits.
HTTPS-Everywhere: Certain web sites that use both HTTP and HTTPS reserve HTTPS only for communication of the most sensitive information (usually credentials and payment information) and default back to HTTP for everything else even though you might prefer not to have that data sent in the clear. For example certain popular webmail sites were known to use HTTPS on the login page, but once you had logged in everything that you accessed including reading or composing emails was in regular unencrypted HTTP. This add-on forces web sites to keep using HTTPS throughout the entire session.

Optional: Change permission on home directory
Assuming that you do not need to share any files with other users on your local system, you can change the permissions of your home directory as a minor safety precaution. By default the permission is 755 which allows other local accounts the ability to cd into your home directory. (Note: If you encrypted your home directory, the permissions by default of the /home/ sub-directories are 700 for logged in users and 500 for those logged out).
user@ubuntu:~$ chmod 750 /home/

Christopher C from http://askubuntu.com/questions/298839