There are lots of different aspects of what makes something secure. Mac OS X already implements a user security model that prevents people from installing software with elevated privileges without knowing they are; Windows does not, and when Vista does, it does so using UACs, but it screams about so much that it has effectively cried wolf.

So Mac OS X asks a user to supply their admin password, equivalent to an ATM asking users to supply their PIN, indicating that something is up and that they shouldn’t be installing this thing unless they are aware of what it does.

On Windows, you can install crap just browsing the web. That’s why to be “infected” by Mac malware, you have to download warez posing as stolen software and expressly give it control of your system, but on Windows you can just click buttons and end up with an adware box with viral infections, even if you’re running Vista.

It’s like the difference in hitting your thumb with a hammer (something the vendor can’t protect you from) and getting salmonella from eating peanut products you thought were safe (because the vendor doesn’t care enough to ship safe products). One is a product problem, the other is YOUR problem.

The only way Apple can prevent you from ever getting malware is to set up an app store and control what apps you can install. Like it did with the iPhone. Google is ok with you getting Android salmonella just like Microsoft is ok with Windows salmonella.

The tech media is content suggesting that hitting yourself with a hammer is Apple’s version of salmonella, despite the fact that it isn’t.

BSD has been around for almost 40 years and yet the last major damaging virus was around 20 years ago. It’s not security from obscurity that is protecting Macs it’s a well engineered backend that is protecting us.

Why is it that no one is touring the insecurities of Linux? Same reason, Apple’s just a more visible target for FUD

Difficulty? Obscurity? No Financial Gain? Lack of Disdain?

I thought we Apple users were safe. I thought these security programs were going to be eternally useless to us. Yet, Miller claims that he might need to install security software if Apple ever reaches 30% of the market. Snow Leopard may be coming, but all this time, it sounds as though we’ve just been sitting ducks in a flock too small to attack. Say it ain’t so.

2. Also, if Miller knows about some sort of black market for exploits, why isn’t he under some sort of police surveillance? Isn’t all of that illegal? Is he really able to intimately know of an entire growing underground world of ethically-neutral anti-programmers and not worry about his own physical security? It sounds like an FBI movie or a TV pilot or something.

I mean, how can this CanSecWest exist without every attendee compromising their own anonymity by attending? Doesn’t the government scope out everybody there, or does the government do nothing because there’s nothing it can do? These computer security “conventions” sound like shadowy gateways into some alternate Matrix-level reality where anything can happen for the right price.

3. Here is a relevant web comic strip on the issue: http://xkcd.com/538/

I was in my local Apple Store earlier today. There on the shelf was Symantec Anti-virus, both in a single product box and as part of an “Internet Security” suite. They were also selling the Intego “security” suite.

Then there was the flap a few months ago about Apple’s website saying something to the effect that there might be viruses, and then they changed it to say no viruses.

Lack absolute, strong leadership from Apple on what viruses are of concern to Mac users (some? none?), this kind of FUD will only continue.

The bottom line is Safari failed. If Safari had held up like Chrome, there would be nothing much to write about. We need Chrome for Mac or we need Safari to step up to the plate.

[Not to knock Google's Chrome, which is doing some great things, but keep in mind that it's new and different and nobody has looked at it extensively.

Another think to consider is what everyone knows but the media refuses to say: that Macs aren't being targeted, and that a lot of Apple's security features in Snow Leopard will kick in long before anyone significantly tries to attack the Mac. As I pointed out before, there's no money motivation, which Miller's comments are in agreement with. - Dan]