[Don't forget the presence of a decades-long monopoly in your calculations. One might also say that it is "improbable" that a first world county would elect an incompetent president who starts boondoggle wars, kills babies and mothers by defunding family planning in the name of being 'pro-life," dismantles emergency relief systems in the name of being for "small government" while inciting terrorism and following the guidance of superstitious hate mongers who say sex is causing God to send the US natural disasters, and tortures US citizens on off shore locations ironically close to dictator Fidel Castro, but you don't need to calculate probability for events that have happened. - Dan ]

I freely admit that this seems terribly improbable, but I find assertions of insufficient motivation be even less credible!

However, if OS X security is as well designed as I would think, there would need to be a very high amount of incentive required before the extended labour is paid off. I’m thinking that Macs would have to have the locations of the owners stacks of gold bars, or oodles of highly blackmailable porn available for it to be fruitful.

My opinion is that there are only two explanations – either the incentive to create a Mac virus isn’t strong enough to overcome the technical difficulties, or there isn’t any incentive in the first place.

I don’t really see how you can claim otherwise. All we need is ONE Mac virus to prove that it’s possible to do, and that someone out there was motivated to do so. But after 9 years we have zero examples.

[most viruses are designed to deliver a payload. If you look at the botnets that send out spam you'll find the business model. Some are proof of concept things that spread without doing much, but the intent is clearly there. The same goes for trojans many times, and there have been trojan attacks on Macs that attempt to install some sort of adware or bot.

The difference is that its much harder to deliver single attacks that require user intervention (and on the Mac that means entering a system password) rather than setting off automated, viral attacks that infect and spread widely on their own. Windows accomodates this, Mac OS X doesn't.

Also, once you have an infection, Windows is often really hard to clean up. Infected tentacles end up reinstalling themselves from the Registry. On the Mac, it is very straight forward to identify and kill and prevent the return of an attempt to run a background process (and a bit harder to get them there and hide them in the first place).

That's (ironically) the "broken windows" theory of graffiti - if you leave it around, the place goes to the dump and people throw trash on the street and don't keep things up. If you remove any traces, then people in the environment feel more like keeping up their neighboring places too. The Mac is simply a better neighborhood. - Dan ]

How many machines do you need for a profitable botnet? The Wikipedia article on the subject justifies 25 thousand as substantial critical mass. How many OS X Macs are there? A low number is 25 million. So, if a virus or worm could, in short order, compromise just one tenth of one percent there is sufficient monetary incentive. Such a rate of infection is unprecedented, but we are talking about computers that are supposedly wide open here. Mac owners are smug and over confident, right? They are not running antivirus and they leave their machines on and connected to the Internet. And these are decent machines with well healed owners. Moreover, after nine clear years, most will dismiss the first reports of the virus as just another rumor, and the Mac community can be expected to be slow to react.

Sorry, but there is a credible business model for malicious Mac software. And this does not touch on the fame aspect, which provides even stronger motivation than money.

[Sorry but no, you're wrong. The 25 million Macs are scattered around among affluent PC users who all have different setups and are generally aware of what they are doing. The billion Windows PCs in the world are all over the third world and in those $300 PCs that sit unpatched in the homes of people who have no clue. And tons of them are identically configured behind weak security. Tap one, and you unlock a huge selection of similarly configured machines that are vulnerable to the same attack. Windows also makes it easy to install software without the user even knowing: no password needed to give elevated permissions.

Imagine a target with bullseye that is a quarter of a hundredth the size of another target. Which do you shoot at? Yeah I thought so. - Dan]

]

If there were a credible business model for malicious Mac software, then we would have seen some by now, no? Outside of some proof-of-concepts and a few trojans that pop up occasionally (which no OS could ever fully protect against), there isn’t any.