Appple and its fans have more than enough holier than thou attitude to go around, however...

The, "root," of the problem is that one or more users running the machine are given a mechanism to assume administrative rights. That's the same problem that faces Windows isntallations. Users have to be given a lax enough security environment that there is reasonable chance that non-technical users can figure out how to install critical updates or new software.

Yes, I know there are tweaks for configuring sudo or setting policies, but remeber that we'd like minimally savvy users to succeed. The Windows Vista debacle shows the kind of reaction that ensues when security is too heavy-handed.

Any time you hand over the keys to the kingdom (i.e. administrative rights), there exists a chance the holder of the keys can be duped into a blunder that hands over the keys to parties unknown.

Malware authorship migrated away from pimple-faced teenagers to orgnaized crime syndicates years ago. Crime is a business and there is greater pay-off for development work in the Windows deployment space than for the previously tiny Macintosh space. As numbers of Macintoshes deployed increase, they are more likely to attact the sights of malware auhtors. Sometimes, it isn't so cheerful to be in the lime light.

So, it really isn't about plaform superiority, it is about which platform it makes more business sense to attack.

What iPad hack? They hacked AT&T's WEBSITE by breaking an easy to break reference sequence AT&T (NOT APPLE) was using to log email addresses. iPad had nothing to do with it.

The built-in anti-malware has been with OS X v10.6 since it's inception. This is not news and simply bolsters the already stalwart Unix security that OS X uses. My gawds! They made it MORE secure!? How dare's thay!

No. OS X is not impenetrable. There's still one weakness, the user. BUT, because of OS X's Unix underbelly (OS X is a fully compliant Unix distribution) the user has to ACTIVELY install it. And for it to run in an independent security context of the user it must be installed as an Administrator authenticating to root.

All systems have vulnerabilities. The question is, a) "Is the vulnerability easily exploitable?" and b) "Can it be exploited remotely WITHOUT local user action?" If the answer is , "No, to either" then it's not a critical vulnerability.

With OS X's popularity increasing why wouldn't "Security Vendors" want to sell their wares? That doesn't mean everybody needs to run out and get it. These vendors need to generate fear (not necessarily justified fear) to get their products off the shelf.

The fact is there is not one single "In the Wild" (meaning it gets on the system with NO user interaction) virus for OS X. It's claimed that this is due to "market share" which is to simplistic to be valid. There's more 7-11's than Fort Knox's. Which gets "hit" more often? The reality is that thieves go for the most reward with the least effort. A Return on Investment as it were. Put that into perspective and Operating Systems as targets are no different.

This article was over-hyped big time. Michael's post was far more reasonable and representative of the state of Mac security.

The anti-Trojan signatures released by Apple deal with the only malware in the wild for Macs: pirated software with a Trojan hidden within. Presently, if one doesn't install pirated software, Mac users have no known malware to concern them. Nice of Apple to furnish signatures for piracy.

As others have said, real malware will strike the Mac. 2010 may be the year. Despite the lack of exploits, Apple patches vulnerabilities. And with 10.5 and 10.6, Apple has released more and more security building blocks. With 10.7, if they continue to enhance memory protections such as ASLR as well as process sandboxing and some anti-execution features, the Mac will be well prepared (not infallable) for the eventual onslaught of software application exploits.

I feel very secure when connected to the Internet with my mac. These articles are always coming down on Apple but Apple releases security fixes quite regularly and they haven't been wormed like every other operating system out there. I highly doubt hackers could find a wormable interface in OS X to be quiet honest.

Just to reiterate what I perviously worte, and that several other people have expressed: the end user is at least as big a problem as the technology of the operating systems and their applications. I have supported Microsoft, Apple and other desktop and server systems extensively since the 1980s. By far, the greatest number of failures and security compromises are cuased by clueless, careless or just plain malicious end users.

It probably is not what the editors of this forum would like me to write, but an equal amount of money spent on a user education campain would probably garner more pay-off than dumping the same money into a technology refresh of the corporate firewall.

Form a technical standpoint, the operating systems of OS X and Windows 7 are both pretty good at implementing security. I give the nod to Windows becuase it incorporates more modern technology into ints kernel than does OS X. For both systems, it is the layers of application software and the end users that compromise security. In the Macintosh space, the Safari web browser and QuickTime media systems have suffered significant exploitable security short-comings over the last few years. Microsoft has done a better job than Apple at realeasing fixes in a timely manner.

As far as the iPad problem with the AT&T web site exposing user data goes, I will hold Apple's feet to the fire for responsiblity. Apple, and probably Steve Jobs himself, have quite consciously made the decision to make the iPhone and iPad captive devices on AT&T's network. Apple has full ownership of any shortcomings of AT&T becasue of the captive relationship. Customers have no Apple-sanctioned choice of any network other than AT&T. An AT&T network problem is an Apple device problem. As John Gage famously said, "The network is the computer."