Security

Ubuntu's goal is to be secure "out-of-the box". By default, the user's programs run with low privileges and cannot corrupt the operating system or other users' files. For increased security, the sudo tool is used to assign temporary privileges for performing administrative tasks, which allows the root account to remain locked and helps prevent inexperienced users from inadvertently making catastrophic system changes or opening security holes.^[36] PolicyKit is also being widely implemented into the desktop. Most network ports are closed by default to prevent hacking.^[37] A built-in firewall allows end-users who install network servers to control access. A GUI (GUI for Uncomplicated Firewall) is available to configure it.^[38] Ubuntu compiles its packages using GCC features such as PIE and buffer overflow protection to harden its software.^[39] These extra features greatly increase security at the performance expense of 1% in 32-bit and 0.01% in 64-bit.^[40]
Ubuntu also supports full disk encryption^[41] as well as encryption of the home and Private directories.^[42]