Sticking to well-policed and reputed reposititories is key to keeping Linux secure. On Windows, you either purchase software from the store, or you download it off of some website, then you install with the executable. In Linux, you can download software the same way, but it's harder to install (though not that hard). Since it is harder to install, that actually helps its security because the weak link is almost always going to be the user, and the least knowledgable users will want to do things the easiest way possible. In Linux, that means sticking to the repositories. Just search, tell it to install, approve the dependencies, and you're done. The best repos will be policed and have software versions which are tested to work. It provides an intermediary between the people who wrote and released the software and your computer. Because of this extra layer of security, and because of Linux's model of users, groups, and privileges, it's hard for your computer to be compromised unless you are blatantly careless. I've seen rooted webservers before, but what is far more common is for a site to be infected for months and the server's owner won't be taking notice of it for a long time - while the server and other accounts on the server keep chugging along. The infection is actually confined to the user account, try that on a Windows machine.
As far as software, there's ClamAV and various firewall options. Ubuntu comes with UFW (Uncomplicated Firewall) which is easy to configure at the command line, but also has some GUI options. I really prefer the command line, having tried both at varying levels of Linux experience. Note that Linux is primarily a command-line OS, so anything graphical will be tacked on to the command line. This means that programs like ClamAV, UFW, and Maldet (another good anti-malware program, which is unfortunately not in Ubuntu's repos) were written with the command line in mind, and GUI front-end programs were written as an afterthought. This means that to make best use of them, you should get your feet wet at the command line - it's not really that bad, I'm a right-brainer and I was surprised to find out that I actually like the command line. Don't worry, Ubuntu has documentation that makes command-line tasks very easy, and it also has a very noob-friendly community to ask questions of.
When it comes to actually setting up the firewall, this requires you to think in terms of ports and protocols that you want to allow vs. those you do not. You generally want to allow as few as are needed to let you do what you want to do. Does that make sense?