I think that article only goes so support my assertion. He is basically saying that the reason there is none is because people that use MACs don't put up with it. Well eventually when MAC starts making in-roads in the lower end of the market it's like a bunch of criminals moving into the neighborhood.
Maybe it's a little harder to write malware for the MAC maybe not but there will be a point when the additional difficulty doesn't out weigh the profit that could be gained and at that point people will focus more effort on it. It's just like the energy problem people didn't get really serious about it until oil got really expensive.
Not to mention that there is all sorts of stuff in the /Library folder and it might as well be as good a place to hide as the registry.
gruber wrote that essay in 2004. in those days, it seemed like the mac would always be the niche computer for special snowflakes. now it's more popular than anyone could have imagined. so it seems entirely likely that the platform will eventually get its share of uninformed, indifferent users.
For Gruber's argument to be true, there would need to be "peak oil" for Win32 malware: a point where the criminal value of those 88% of all desktops decreased because of all the competition. Then malware authors would address the 11% of OS X machines.
But there isn't "peak oil" for Win32 malware. Your odds of success with a new Windows bot or trojan or virus are as good as anyone else's. No matter what you do, you'll get more candidates than you would targeting Apple. There is no point at which targeting Apple becomes a rational business decision.
i can think of some reasons. if you could compromise a macosx machine, your trojan wouldn't have to fight for internet bandwidth and cpu time against all the other installed trojans, as is the case on a windows box. i've heard that there are windows trojans that seek out and disable antivirus programs: well, there's no need for that on a macosx box, because mac users never install antivirus programs. and so on.
in other words, there are all the same good reasons as going into any new field with few or no competitors.
Trojans disable antivirus programs as an F-U to antivirus vendors. There are two kinds of malware authors: the people who do it for fun, and see themselves in competition with the security vendors, and the people who do it for money.
The people who do it for money couldn't give 2 shits about any of this. But they're supplied by a market of malware arms dealers who are in feature-for-feature competition with each other.
As for the bandwidth thing, that just doesn't make any sense. Everything is in competition for bandwidth with everything else.
Look, Allen, I could be wrong, but I don't think your arguments are very good, and I'm not going to pretend they are just to save your feelings.
Antivirus programs are corporate standards in every Fortune 500 company. And yet those companies are rife with botnet infections and, yes, viruses. From a CS perspective, antivirus simply cannot work: you'd have to solve the halting problem to do it. Consumer Reports contracted ISE (Avi Rubin's company, a competitor of ours) to test AV software and found that none of it was effective against the simplest permutations of existing viruses.
AV software is not the reason Macs have fewer viruses than Windows.
I disagree that there is no good place to hide malware on Mac (or other UNIX-based) systems. For example, what if I replace the C library's printf call with a routine that checks if some condition is met, and if so, launches an ad popup. It would make the calling program look like it is the malware, and it would be difficult to remove.
http://daringfireball.net/2004/06/broken_windows