As Apple market share increases, the number of exposed vulnerabilities will also. There are plenty of Unix exploits. Please have a look here. I have to deal with them on Unix systems on an (almost) daily basis. I love the ix variants, but anybody who is not patching routinely is vulnerable. I applied six patches to the Ubuntu 9.04 installation I am typing on at this minute just last night; and I apply patches to my linux box(es) every day, so it's not as if I was just catching-up.
As Apple market share increases, the number of exposed vulnerabilities will also. There are plenty of Unix exploits. Please have a look here. I have to deal with them on Unix systems on an (almost) daily basis. I love the ix variants, but anybody who is not patching routinely is vulnerable. I applied six patches to the Ubuntu 9.04 installation I am typing on at this minute just last night; and I apply patches to my linux box(es) every day, so it's not as if I was just catching-up.
Ping.
First of all, "vulnerabilities" do not always translate into "exploits."
Secondly, we've been hearing that same "any time now" mantra from Windows fans for the past eight years and it has yet to come true. From my viewpoint, eight years and counting of no malware worries counts for a lot. I know my blood pressure is better for it.
Thirdly, Fred, exactly what is the magic number of Macs that will suddenly cause the cracker community to sit up and pay attention to all those Macs out there running without AntiVirus or AntiSpy ware of any kind. Many of them operate without even a firewall. Is it 5 million? 10? 20? 30? There are currently more than 40 million OS X Macs in the wild, 99% of them running bare naked, unprotected by anti-malware applications. Why have they not been successfully targeted yet?
It can't be because they are obscure... obscurity has not stopped crackers from writing viruses and worms that have targeted far smaller populations of vulnerable machines. The Witty Worm was written to target all 12,000 or so unpatched BlackIce firewall protected PCs and within 45 minutes of being released into the wild, all 12,000 PCs were infected. Viruses were written to infect 30,000 of one particular model of smart phone... and got all of them. Someone even wrote a virus to infect iPods that had been converted to run LINUX... all couple of dozen of them. Why, then, are 40,000,000 smug sitting ducks being ignored???
It has been reported that a spambot of just 2000 machines is worth $50,000 on the black market for just a two week window of use. If we assume that all of those Macs could be converted into 2k spambots, that's 20,000 spambots that would be worth $1 billion on the black market before they could be patched. Why has no one mined this very lucrative field before? That's a lot of cash going begging?
The real reason is the extreme difficulty in finding a viable vector to spread the OS X Malware. Currently, the most dangerous are trojans that depend on social engineering to persuade a user into installing a malicious app and running it. That is limited by proper computing practices and the use of standard accounts rather than administrator accounts. There are currently only two families of viable Trojans, both of the URL hijackers, and OS X Snow Leopard will warn users when they attempt to download one of the variants.