I could start in on the Windows 7 and 8 platforms that I've had to clean up from malware that have had UAC activated. . . But that a subject for DayGloRed' Windows thread. this is about Mac security.
First, the "security by obscurity" canard has been disproved so many times it gotten boring, but there's always someone who hasn't gotten the memo, like you. There are close to 100 million OS X macs in the wild with most of them, 99%, running completely without third-party anti-virus software in the possession of people who statistics show have a higher disposable income than do Windows PC users. These Macs are, in a phrase, sitting-ducks; yet you claim that target is too small to interest criminals. the same criminal that a few years ago wrote the Witty Worm virus to infect the 20,000 known Window PCs left unpatched six months after Black Ice closed the door on the vulnerability Witty exploited. . . and thirty minutes after the Witty Worm was released into the Wild, every single vulnerable computer was infected! So much for you "security by obscurity" myth. That is NOT the reason Macs don't get infected.
As for you claim of Apple products fell first at hacker contests WAS true but not due to ease of cracking. It once was the prize for cracking at these contests was the computer you hacked. The hackers all targeted the Macs. . . And their exploits were not spur of the moment cracks but exploits that took months of research and coding to prepare, sometimes by a team of programmers such as Charlie Miller's team of ex-NSA specialist who won four years in a row, but only seconds to execute. When asked why he went after Apple, Miller said because he wanted to win the MacBook Pro.
Now, they've added cash bounties as prizes and the hackers go for the biggest prize purse which can range up six figures. . . and they are targeting Google Chrome, Microsoft, Java, and perhaps Apple Macs as an afterthought. . . every exploit at this year's contest was on a Windows platform! Sorry, but that's the way it is.
I'll just say that it's worth noting that those slams against Macs are the same tired old tech-blog writer whore list of unworth complaints. Same ones as for the last, what, 5? 7? more? years.
And Apple's OS X, based on BSD Unix with a designed-in, not bolted-on-afterward, approach to security, will continue to have the smaller, stronger, and better defended attack surface for the foreseeable future. Windows has gotten much better over the years, and it's largely on a par with OS X with regard to most aspects of user security. But its internal complexity works against the goal of a simple, strong structure with inherently minimal attackable characteristics. That's just a fact.
There is so much misinformation in your reply, I’m not even sure where to start.
The vast majority of malware that I’ve seen on people’s PCs comes from them downloading some crap and installing it, blindly clicking past the security prompts. Usually this is some software product that has some crap like Ask.com toolbar or equivalent embedded in the installation. I don’t care what platform you’re on, if you do that, you’re going to get malware. The difference is, on the Mac, the quantity of apps that do that is just way less. The App stores (on both platforms), I think are eventually going to kill off that attack vector. There just won’t be another way to install apps.
We’re on a thread discussing a critical vulnerability (root level access) in OS-X, that’s been there since 2011, and you’re sitting there claiming that Macs are completely secure. You’re not doing less-informed users a real disservice with that kind of outright lie.
The comment about Apple products losing the hacking contests because people wanted to win a Mac is, by far, one of the most laughable claims I’ve ever seen on the Internet.
But I will concede one point, and one that you don’t directly make, but that you allude to in your reply. And that is, the biggest security vulnerability these days is not the OS platform, but rather the browser add-in products, most especially Flash and Adobe acrobat. It’s so bad, that the hacking contests like Pwn2Own have broken those exploits out as a separate category. And btw, those products are cross-platform.