Should I install a lightweight firewall or something of the sort? Or is the security I get with Ubuntu out-of-box going to be enough for daily web-browsing?

• If you are usually connected to networks behind their own firewall (college wi-fi, coffee-shops, home wi-fi/routers, etc.), that's sufficient. If you directly plug into a cable modem/DSL router, or somehow your college hands out unfiltered public IPs (very rare), you should just use the built-in ufw (Ubuntu's firewall), and set a default policy blocking all inbound connections.

Also, if I should have the misfortune of getting my Linux install completely messed up (say, I install a malicious software package), is there any way I can prevent this digital fire from spreading to my Windows partition?

• Well, malicious packages for Linux are rare; your Windows partition (and data in general) is much more susceptible to plain human error ;)


• If you want to be very cautious, and you dual-boot, you can create a 5-10GB FAT32 partition or so for sharing between Win and Lin, and mount your Windows partition read-only in Linux.
  
  
  
  • Wubi is riskier than dual-boot because it must, by definition, have read/write access to your Windows partition
  
  


• If you are using a virtual machine, well, you're completely isolated -- just make sure you choose the shared folders carefully, and make any that contain important data read-only to prevent any errors in the Ubuntu VM from affecting them.