Ubuntu Desktop Security Defaults

[Null Ack]

Gday folks :)

There is difference between what I foresee as sensible security
defaults for our desktop build against what is being currently
delivered. It may very well be that there is aspects to the current
setup that I am not fully aware of, and I'd like to better understand
the reasoning behind the current situation if so. Otherwise, perhaps I
could please suggest some possible enhancements:

* Enabling UFW by default or some other firewall by default
* Having AppArmor actually protecting the desktop build rather than
what seems as currently a false illusion of coverage with just CUPS
being protected

In my view the users want to feel secure in knowing that should a zero
day exploit be identified, that AppArmor or SELinux or foo or whatever
will trap the damage the exploited service can take beyond the
standard user is not root UNIX setup.

Thanks and regards,
Nullack