Quote:

Originally Posted by GadgetCanada 

I'm sure after the Australia 4G advertising lawsuit, Apple's lawyers scoured all of the promotional material to see what could be future lawsuit material. If anyone lost any data to a Mac virus and Apple is saying "to protect your data, do nothing", it's an automatic lawsuit. Going forward, I'm sure all advertising will be going through the lawyers for a final check.

There are NO Mac viruses in the wild!

Quote:

Originally Posted by Quadra 610 

PR. They had to. 

 

The average user doesn't know the difference between "trojan" and "virus" and "malware." In fact, Joe Lunchbox lumps everything into the "virus" category. 

 

Next time a trojan shows up for OS X (we get one or two every few years, Lol) they'll scream "virus!!!"  and there goes the neighbourhood.

And whereas media coverage about the precious few pieces of OS X malware in the past was next to nonexistent, Apple's brand name has

garnered more attention over the past few years than ever. Count on the news about next trojan (maybe sometime next year)

to clog tech news sites and mainstream news outlets. 

 

Apple doesn't need to deal with that kind of bullish*t. Can't blame them for modifying the PR blurb.

It wasn't necessary, but the possibility for negative PR arising from consumer misunderstanding (or rather, ignorance) is far too great. 

Exactly!

Quote:

Originally Posted by elmsley 

It's perfectly reasonably for Joe Lunchbox to think so.  Whether it's a worm or virus, or an STD, he doesn't care, "It just doesn't work, fix it" he yells.

 

Regardless, his understanding should be that "OS X doesn't need extra anti-viral software, because Apple will issue a security update ASAP if there is anything wrong".  It really doesn't make sense that they would need to teach us anything too technical. 

 

Should I be worried about my iOS running on 'unsecure wireless networks' yet?

No it's not so reasonable. I'm an administrator for my small office and i have to deal with a few people constantly telling them how to best behave or how to do common sense computing, and guess what those people are exactly the ones that are technologically challenged. Those people always disregard my suggestions or advice and thus i had to proceed to lock down even more. So in conclusion if the average Joe,"doesn't care" i say f$*$@ him and his problems sometimes because he didn't care from the get go. Now he's just paying for his own stupidity, recklessness and lack of decent IT knowledge.

Quote:

Originally Posted by nicolbolas 

Apple needs to get serious about security fast.  At least they are not being so crazy about how safe it is.

 

I hope Apple gets security build back up to when it had a smaller market-share.

 

Sadly i think it will not happen.

 

My bigger concern is now that most OSX users are much less careful than most Windows users....

 

:(

Yeah... no. You clearly don't know what you are talking about. Since the release of Lion Apple has been so serious about security I'm wondering if they have obsessive compulsive disorder.

Older versions of OSX back when Apple had a smaller market share had the worst security you could imagine and were far easier to break into. Windows 7 and even Ubuntu had better security than OSX Leopard and Snow Leopard by a considerable degree.

OSX Lion, on the other hand, has had all of its security features go through a Major overhaul. ASLR in OSX was vastly improved and is now on par with the implementations in Windows7. The Non-Executable bit has had some little tweaks made to it and, of course, you have the BSD-UNIX permissions system. Even if you manage to get past the ASLR you'll end up in the Application Sandbox and it is nearly impossible to get out of a sandboxed environment (like Google Chrome, only for the entire OS).

This is why I upgraded to OS Lion the day it came out.

To put it simply:

Lion is Fort Knox inside another Fort Knox.

Snow Leopard is a car parked on the street where the owner forgot to lock the door. But you're not quite sure if its unlocked or not when you walk past it.

Leopard is your house with a neon sign above it saying "We don't lock our doors or own an alarm. Keys to the Audi are in the vase in the hall".

Quote:

Originally Posted by ChiA 

 

If Windows was so battle hardened and perfect it would be impenetrable.  Yet with Windows 7 still requires antivirus because Windows 7 vulnerable to 8 out of 10 viruses.

 

Even Microsoft acknowledges that its current Windows 7 requires anti-virus software: 

 

How can I help protect my computer from viruses?

 

Yet after 10 years and millions of users, we're yet to see a single virus affect Mac OS X.  True it has been affected by malware, but not the deluge that engulfs the Windows world.

The real problem is this:

many (most?) OSX users have never had to deal with viruses/moved from PC and have stopped dealing with them.  

People who use OSX are *generally* not very well prepared to deal with an influx of viruses.

People who use Windows are *generally* prepared to deal with the viruses.

Also note, Many Windows users have AV programs, which stop viruses.... not so many for OSX.

The thing about Windows, is that Microsoft issues patches very frequently for viruses. I believe the last huge one that hit OSX had been patched in Windows for a month or something before Apple did anything about it.  

It is an issue of users who in general are less prepared to deal with viruses, and a company which does not have a much experience in dealing with viruses.

The issue becomes a problem because OSX is gaining enough market share that it may become more profitable to target solely OSX. Why?

1. in general people with OSX are richer as most Windows machines are cheaper than Macs.

2. in general people using OSX are more likely to be tricked by viruses/not worry about them

3. Apple is very slow (so far) in responding to viruses that affect many people.

If you want to debate this further please PM me :)!

EDIT: added reply to this post:

Quote:

Originally Posted by benanderson89 

Yeah... no. You clearly don't know what you are talking about. Since the release of Lion Apple has been so serious about security I'm wondering if they have obsessive compulsive disorder.

 

Older versions of OSX back when Apple had a smaller market share had the worst security you could imagine and were far easier to break into. Windows 7 and even Ubuntu had better security than OSX Leopard and Snow Leopard by a considerable degree.

 

OSX Lion, on the other hand, has had all of its security features go through a Major overhaul. ASLR in OSX was vastly improved and is now on par with the implementations in Windows7. The Non-Executable bit has had some little tweaks made to it and, of course, you have the BSD-UNIX permissions system. Even if you manage to get past the ASLR you'll end up in the Application Sandbox and it is nearly impossible to get out of a sandboxed environment (like Google Chrome, only for the entire OS).

 

This is why I upgraded to OS Lion the day it came out.

 

To put it simply:

Lion is Fort Knox inside another Fort Knox.

Snow Leopard is a car parked on the street where the owner forgot to lock the door. But you're not quite sure if its unlocked or not when you walk past it.

Leopard is your house with a neon sign above it saying "We don't lock our doors or own an alarm. Keys to the Audi are in the vase in the hall".

 

I do not upgrade OSX often.... so yes, you may be right about newer version.

however, is the majority of OSX running Lion?

and being on Par with Windows 7 is nothing special... my bigger concern as noted above is that Apple took so much longer to fix the vulnerability, I believe it was about a month after Microsoft fixed the problem, and announced it in its patch....

As a note, if i ever stop using a thinkpad for work (cough when i have to buy another computer.... WHY YOU STOP USING 16:10 LENOVO!!!) I will be sure that any Mac i get will have Lion or better :)

Quote:

Originally Posted by nicolbolas 

 

The real problem is this:

many (most?) OSX users have never had to deal with viruses/moved from PC and have stopped dealing with them.  

 

People who use OSX are *generally* not very well prepared to deal with an influx of viruses.

People who use Windows are *generally* prepared to deal with the viruses.

 

Also note, Many Windows users have AV programs, which stop viruses.... not so many for OSX.

 

The thing about Windows, is that Microsoft issues patches very frequently for viruses. I believe the last huge one that hit OSX had been patched in Windows for a month or something before Apple did anything about it.  

It is an issue of users who in general are less prepared to deal with viruses, and a company which does not have a much experience in dealing with viruses.

 

The issue becomes a problem because OSX is gaining enough market share that it may become more profitable to target solely OSX. Why?

1. in general people with OSX are richer as most Windows machines are cheaper than Macs.

2. in general people using OSX are more likely to be tricked by viruses/not worry about them

3. Apple is very slow (so far) in responding to viruses that affect many people.

 

 

If you want to debate this further please PM me :)!

 

EDIT: added reply to this post:

 

 

I do not upgrade OSX often.... so yes, you may be right about newer version.

 

however, is the majority of OSX running Lion?

 

and being on Par with Windows 7 is nothing special... my bigger concern as noted above is that Apple took so much longer to fix the vulnerability, I believe it was about a month after Microsoft fixed the problem, and announced it in its patch....

 

As a note, if i ever stop using a thinkpad for work (cough when i have to buy another computer.... WHY YOU STOP USING 16:10 LENOVO!!!) I will be sure that any Mac i get will have Lion or better :)

Every single one of these points has been covered earlier by a post in this very thread.

Did you even read before posting?

To be honest I am surprised that Apple managed to make such misleading "virus" claims for such a long time.

The earlier campaigns that mentioned the 114000 windows viruses were disingenuous in the extreme. In one sentence Apple define all windows malware as viruses but in the following sentance that definition changes to virus in its strictest sense when saying that there were no OSX viruses.

The flaw in such a strategy was that if they wanted to be honest abut the relative merits of security on both platforms, they would have had to say, for example, "windows has a lot of malware but we have much less". That doesn't sound as reassuring as "buy a MAC, you don't need to do anything to be 100% safe"

Sure there are no known OSx viruses but the marketing department were chopping and changing the meanings of words in an attempt to convince owners that OSx is bullet proof when Apple knew it wasn't.

The recent rewording is welcomed but still stretches the truth. Apple now claim that it is not possible to become a victim of malware without one intentionally installing malicious code. If I were a Flashback victim I'd be pretty hacked off at the suggestion that I infected my MAC intentionally.

I don't know if there will ever be a true OSx virus but until Apple start to be honest about exploits/worms/trojans etc, owners will refuse to take adequate steeps to protect themselves. Perhaps the amendments are part of a gradual move to be more open and honest about security with Apple slowly digging themselves out of the "OSX is bullet proof" hole.

Quote:

Originally Posted by SolipsismX 


Win7 has less infections than WinXP but there are more viruses for Windows than ever before. There hasn't been a drop in the number of viruses

With out the aid of a time machine, how could the number of viruses ever drop?

Quote:

Originally Posted by AndreiD 


Not only this but people forget that AV software just like any kind of software has it's own vunerabilities that can be exploited. That's one of the reason i don't encourage AV on Macs

Not sure what you mean when you say that AV can be exploited, do you have any examples?

I guess another problem with AV is that owners don't realise that no one product will suffice (nor that there are lags). Different firms will treat "suspect" software differently, for example when the scumbags at Micro Billing Systems started to hijack the PCs of people that had visited porn sites, none of the big AV vendors were willing to treat it as malware, even though it rendered the PC unusable, because MBS argued that users had agreed to the ToCs and it was therefore not malware.

That said, I personally think one is morally obliged to secure their computer.

Quote:

Originally Posted by hungover 

Not sure what you mean when you say that AV can be exploited, do you have any examples?

 

I guess another problem with AV is that owners don't realise that no one product will suffice (nor that there are lags). Different firms will treat "suspect" software differently, for example when the scumbags at Micro Billing Systems started to hijack the PCs of people that had visited porn sites, none of the big AV vendors were willing to treat it as malware, even though it rendered the PC unusable, because MBS argued that users had agreed to the ToCs and it was therefore not malware.

 

That said, I personally think one is morally obliged to secure their computer.

Read this paper pls! The net is abundant of such papers or publications regarding AV software vulnerabilities and exploits.

Your second paragraph captures a small part of AV software weakness. Other vulnerabilities are more technically oriented.

Your last statement is a no brainer though! Of course everyone is morally obliged to secure their computer but that's an ideal statement. Not everyone is capable by itself of securing their own computer and not everyone cares about it or has the power to let an expert do it (e.g. a technologically challenged secretary). Moreover, everyone should first practice safe computing, common sense, reality awareness etc. before weighing the benefits and disadvantages of using AV products or other scanners/malware.

Quote:

Originally Posted by MacBook Pro 


Here is a quick, easy list of 47 known exploits of various anti-malware software implementations, in particular this is the results of a search for "Sophos" which offers a well known security suite for Mac OS X.
Are you suggesting that Mac users should be obligated to use software that removes malware targeted at Microsoft Windows operating systems thus causing Mac users to experience performance issues and open potential exploits on their systems as well?

Thanks for the link MBP

From reading the info contained in your link, most of the so called exploits seem to related to the inability of AV software to scan compressed files (unless I missed something). I had initially assumed that you were refering to exploits which actively manipulated the software to do the bidding of others. Sorry I don't understand which exploits will occur as a result of MAC users having AV installed- could you elaborate please. 

Never-the-less though, I don't see why accepting that AV programs will not always find malware is justification for never using them. surely something that catches 99.9% is better than no protection.

I don't accept that you are being asked to install AV just for the benefit of windows users, MAC malware exists, as evidenced by FlashBack. Had more MAC owners had AV then the problem might have been dealt with quicker. On a wider note perhaps AV software should indeed target all malware, irrespective of the target OS. Knowing that AV software will target your malware might make the scapegraces think twice about hacking web and ,mail servers.

Refusing to have AV, as a matter of principle, because the users of an alternative OS might gain some benefit sounds extremely childish.  I agree that AV software did have a noticeable impact on computers years ago but if you are concerned that it will be akin to pouring treacle on your machine then perhaps it is time you upgraded.

Quote:

Originally Posted by AndreiD 

Read this paper pls! The net is abundant of such papers or publications regarding AV software vulnerabilities and exploits.

 

Your second paragraph captures a small part of AV software weakness. Other vulnerabilities are more technically oriented.

 

Your last statement is a no brainer though! Of course everyone is morally obliged to secure their computer but that's an ideal statement. Not everyone is capable by itself of securing their own computer and not everyone cares about it or has the power to let an expert do it (e.g. a technologically challenged secretary). Moreover, everyone should first practice safe computing, common sense, reality awareness etc. before weighing the benefits and disadvantages of using AV products or other scanners/malware.

Hi Andre

i did read through your link, tbh I probably still don't know what fuzzy is, err.. other than the sensation related to excess alcohol consumption.

I wasn't trying to suggest that AV scanners are the be all and end all of security but that they should be part of it.  

With regard to the wider question of personal responsibility, it is regrettable that it is socially acceptable to proudly pronounce that one is IT illiterate, by contrast we would mock anyone that says "I don't read so gud". Hopefully if all of the major OS vendors were more honest about the weaknesses in their systems, we, as the public would eventually become more proactive and alert. When one of the biggest players in the market uses slight of hand to make it look as though they provide an option that is impregnable people will believe them and flock to them under the impression that they can be as cavalier as they want.

As with insurance scams, we are all the victims of malware, either directly or indirectly, it hits all of our wallets to a degree

Quote:

Originally Posted by MacBook Pro 


Frankly, I feel I am morally obligated to help disadvantaged users of poor quality software truly understand how their poor choices have made them vulnerable. The best way to help those individuals is to not use any software on my system designed to protect those individuals rather than myself.

I agree!

@hungover: You have to take into account that AV software in itself as MacBook Pro stated can open doors to exploits (vulnerabilities). Don't think as AV or any other malware scanner for that matter, is a "magical barrier" as those companies that created them would like you to think of. It's not anything magical neither barrier neither shield or anything, it's just a pice of software, just as the OS itself but scaled a lot down and with a more focused purpose. Having said that you have to understand that software, just as everything else in nature is not perfect, is not without flaw and without vulnerabilities. So given those arguments even if one decides to install and run AV software on a computer, even for the 0,0001% potential threats that are out there NOW  he in fact opens up another door to other potential exploits. I't like trying to patch a whole in the tire but in the mean time when applying the patch possibly create another hole in the patch itself (if that's easier to comprehend as an analogy).

Moreover, please read this well put article also. Especially focus on the Prophylaxis not Always a Panacea. Better yet i'll quote the article directly:

That's the same story with the Flashback trojan. When it hit some macs (i highly doubt it was anything close to 600.000) please understand AV software couldn't do squat about it because there were no signatures of the trojan available. As the quoted article states:  imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn’t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.

Quote:

Originally Posted by AndreiD 

I agree!

 

@hungover: You have to take into account that AV software in itself as MacBook Pro stated can open doors to exploits (vulnerabilities). Don't think as AV or any other malware scanner for that matter, is a "magical barrier" as those companies that created them would like you to think of. It's not anything magical neither barrier neither shield or anything, it's just a pice of software, just as the OS itself but scaled a lot down and with a more focused purpose. Having said that you have to understand that software, just as everything else in nature is not perfect, is not without flaw and without vulnerabilities. So given those arguments even if one decides to install and run AV software on a computer, even for the 0,0001% potential threats that are out there NOW  he in fact opens up another door to other potential exploits. I't like trying to patch a whole in the tire but in the mean time when applying the patch possibly create another hole in the patch itself (if that's easier to comprehend as an analogy).

 

Moreover, please read this well put article also. Especially focus on the Prophylaxis not Always a Panacea. Better yet i'll quote the article directly:

 

 

 

That's the same story with the Flashback trojan. When it hit some macs (i highly doubt it was anything close to 600.000) please understand AV software couldn't do squat about it because there were no signatures of the trojan available. As the quoted article states:  imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn’t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.

 

Would you advocate that people keep their life savings under their bed, afterall we know that safes and banks have vulnerabilites that can be exploited. Having to visit the ATM or turn the tumbler on a safe might be an added inconvinience but IMO it is a "neccessary evil".

I don't recall suggesting that AVS is a magic bullet but I still contend that it should be part of a wider approach to security.

It is interesting that you quote an out of date article; the (flawed) crux of which is that AVS is not neccessary because the only way to infect a Mac is via pirated software. It points to the fact that AVS definition updates can be hijacked, such AVS vulnerabilities have been cited on numberous occassions throughout this thread yet to date no one has been able to provide a recent real world example of AVS corrupting a computer after having been comprimised in such a way.

I disagree that AVS would have offered no protection at all from FlashBack. With any brand new "virus" there will initially a number of owners running AVS that are infected but other users will be protected once the definitions are released. In the example of FlashBack the major AV vendors were able to offer Mac owners protection long before Apple.

The way in which viruses are spread has changed over the years; initially via floppies and later via email. The email threat has been reduced by the use of AV software at both the the server and desktop level. Increasingly they are now spread over the internet (largely by Linux servers via SQL exploits). Malware is the responsibility of not just end users but also OS vendors and service providers. It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive, fortunately this is a philosophy that apple seem to be adopting but until they take that extra step and say we recommend that you, the owner, use some kind of malware protection the wider Mac community will  continue to wheel out the same tired arguments.   

The entrenched position of some owners is a akin to the freeloading principle adopted by parents who refuse to inoculate their infants. Why risk the health of your child when you know that odds of contracting a disease is mitigated by the other parents who have taken that risk for the collective good?

Quote:

Originally Posted by MacBook Pro 


I agree. So sad that Google has so many robots convinced that Android and Google Play are safe when they clearly are not.
How is this not clear, "Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function."
You seem to not understand that anti-malware applications actually have vulnerabilities themselves.
By the way, what is MAC? Are you referring to a MAC Address?

???

savonaccessfilter.sys - Local Users Gain Elevated Privileges
 

I thought that the conversation was about viruses. All of a sudden you are concerned about someone using your computer locally. At the risk of bursting your bubble, anyone with local access can harvest your personal data... regardless of which OS you have.

Do you really need to ask what a MAC is or are you incredibly insecure? Should I ask you to clarify whether your use of the word Mac is a reference to Apple computers or apparel commonly worn by men who like to expose themselves?

Quote:

Originally Posted by hungover 

Would you advocate that people keep their life savings under their bed, afterall we know that safes and banks have vulnerabilites that can be exploited. Having to visit the ATM or turn the tumbler on a safe might be an added inconvinience but IMO it is a "neccessary evil".

 

I don't recall suggesting that AVS is a magic bullet but I still contend that it should be part of a wider approach to security.

 

It is interesting that you quote an out of date article; the (flawed) crux of which is that AVS is not neccessary because the only way to infect a Mac is via pirated software. It points to the fact that AVS definition updates can be hijacked, such AVS vulnerabilities have been cited on numberous occassions throughout this thread yet to date no one has been able to provide a recent real world example of AVS corrupting a computer after having been comprimised in such a way.

 

I disagree that AVS would have offered no protection at all from FlashBack. With any brand new "virus" there will initially a number of owners running AVS that are infected but other users will be protected once the definitions are released. In the example of FlashBack the major AV vendors were able to offer Mac owners protection long before Apple.

 

The way in which viruses are spread has changed over the years; initially via floppies and later via email. The email threat has been reduced by the use of AV software at both the the server and desktop level. Increasingly they are now spread over the internet (largely by Linux servers via SQL exploits). Malware is the responsibility of not just end users but also OS vendors and service providers. It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive, fortunately this is a philosophy that apple seem to be adopting but until they take that extra step and say we recommend that you, the owner, use some kind of malware protection the wider Mac community will  continue to wheel out the same tired arguments.   

 

The entrenched position of some owners is a akin to the freeloading principle adopted by parents who refuse to inoculate their infants. Why risk the health of your child when you know that odds of contracting a disease is mitigated by the other parents who have taken that risk for the collective good?

Haha don't even get me started with the banking sector d-bate. In many ways keeping your money under the sofa in those troubled times can be safer than depositing them to a bank. Ask Lehman Brothers! :) Not a very good analogy though and for the sake of not entering the banking sector d-bate let's discuss on another analogy.

Quoting an out of date article is still better than not quoting anything in the first place (i.e.: smacking around words). Nobody said the article is fresh as home cooked bread and nor does it have to be. With regard to your request for a "real world example" this thing can spin both ways meaning no one has been able to show a real world example of why Apple computers need AV software. 

Regarding your definitions comments, i'm telling you again: the definitions will only help you if your lucky enough to be susceptive to get infected after you get the AV definitions updated.That's sometimes days or weeks after a 0 day malware is out on the market and widely known. 

Can you please provide some facts to this statement: 

?

I agree with this: It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive; HOWEVER proactive doesn't really mean or rely on AV software. For me proactive defines avoiding social engineering techniques (what recently happened for some Macintosh users) by practicing common sense, reality awareness and others such measures. In fact if you're not proactive with those things first, it's kind of useless to having AV installed, as if you're fooled into installing something that you should know it's strange or fishy or forbidden (see porn apps/ sites), then it's in vane the AV software will yell this and that and you still disregard it and any kind of common sense. 

With regard to this:  ...we recommend that you, the owner, use some kind of malware protection; I SIMPLY CAN'T agree with you for 2 reasons:

1. Apple is being diligent enough to offer software protection out of the box: gatekeeper, sandbox, malware definitions etc. No need right now for any other user or third party software.

2 and most important: there is no self-replicating malware out there in the wild for Macs.

Regarding your last paragraph see the above 2 reasons and the fact that you don't compare apples with apples (pun intended). You compare Apple with Oranges, meaning you probably assume that PC-Windows users having so much indoctrination with using AV software (and based on good reasons) that it became almost a religion on the Windows world, that implies that those PC users in fact protect also the other community of Mac users. If that's what you implied then the analogy you provided is false because in this case it's not children playing with other children, it's children playing with monkeys. Knowing scientifically that monkey diseases cannot pass to humans (don't take it literally please) there's no reason to inoculate human infants. In fact you can't even do it because to inoculate someone you'd have to know what you inoculate him against. Not knowing that = impossible to develop a vaccine.

Quote:

Originally Posted by AndreiD 

Haha don't even get me started with the banking sector d-bate. In many ways keeping your money under the sofa in those troubled times can be safer than depositing them to a bank. Ask Lehman Brothers! :) Not a very good analogy though and for the sake of not entering the banking sector d-bate let's discuss on another analogy.

 

Quoting an out of date article is still better than not quoting anything in the first place (i.e.: smacking around words). Nobody said the article is fresh as home cooked bread and nor does it have to be. With regard to your request for a "real world example" this thing can spin both ways meaning no one has been able to show a real world example of why Apple computers need AV software. 

 

Regarding your definitions comments, i'm telling you again: the definitions will only help you if your lucky enough to be susceptive to get infected after you get the AV definitions updated.That's sometimes days or weeks after a 0 day malware is out on the market and widely known. 

 

Can you please provide some facts to this statement: 

 

?

 

 

I agree with this: It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive; HOWEVER proactive doesn't really mean or rely on AV software. For me proactive defines avoiding social engineering techniques (what recently happened for some Macintosh users) by practicing common sense, reality awareness and others such measures. In fact if you're not proactive with those things first, it's kind of useless to having AV installed, as if you're fooled into installing something that you should know it's strange or fishy or forbidden (see porn apps/ sites), then it's in vane the AV software will yell this and that and you still disregard it and any kind of common sense. 

 

With regard to this:  ...we recommend that you, the owner, use some kind of malware protection; I SIMPLY CAN'T agree with you for 2 reasons:

1. Apple is being diligent enough to offer software protection out of the box: gatekeeper, sandbox, malware definitions etc. No need right now for any other user or third party software.

2 and most important: there is no self-replicating malware out there in the wild for Macs.

 

Regarding your last paragraph see the above 2 reasons and the fact that you don't compare apples with apples (pun intended). You compare Apple with Oranges, meaning you probably assume that PC-Windows users having so much indoctrination with using AV software (and based on good reasons) that it became almost a religion on the Windows world, that implies that those PC users in fact protect also the other community of Mac users. If that's what you implied then the analogy you provided is false because in this case it's not children playing with other children, it's children playing with monkeys. Knowing scientifically that monkey diseases cannot pass to humans (don't take it literally please) there's no reason to inoculate human infants. In fact you can't even do it because to inoculate someone you'd have to know what you inoculate him against. Not knowing that = impossible to develop a vaccine.

We seem to be in accordance on some points but then appear to suffer from differing opinions as to which end of the egg to break open first. For example, I admit that I was unaware that OSx now scans incoming files and assesses them according to file signatures. That strikes me as being a postivie step on Apple's behalf, indeed I would go so far as to call it AVS  (likening it to Windows Defender). Frankly I don't care which vendor is offering AVS protection so long as it exists. It does however seem to make (some of) your reservations about AVS moot.

I am not sure why you considered that you need to stress the fact that there is no self-replicating malware out there in the wild for Macs. I agree with you and have not suggested otherwise. I have attempted to use the term virus in inverted commas in an attempt to make it clear that i am referring to malware in general. Thus far it has been Apple that has chopped and changed the definition to suit which ever marketing ploy they are adopting, thereby forcing devotees to qualify that they are discounting proof of concept viruses or other forms of malware.

Off hand I am unable to provide concrete evidence that the web has become the key route for the distribution of malware but for the reasons mentioned previously I am happy to accept that the statement is feasible. I questioned the validity of the site that you quoted given that it predates much of the recent (but "rare") Mac malware.

With regard to my inoculation analogy- I concede that if we use the term virus in it's strictest sense then my point is flawed, if however we are using the term to refer to malware then (IMO) it stands.