I'm not telling you my mantra...
"How often did the mantra that MacOS was immune to malware need to be repeated until the vast majority of users believed it and continue to do so, even after Apple went as far as incorporating rudimentary AV software into MacOS," Ferguson writes.
"Criminal activity extends far beyond file-based threats, encompassing social engineering, phishing, social networks and email borne threats. The palette is continually expanding and the techniques are continually evolving. To assure your customers that they will not have to deal with online cybercrime simply by switching OS is foolish to say the least," he concludes.
We put Ferguson's arguments to Google, which pointed us towards documents arguing that the security of Chrome networks doesn't rely on any one component (such as sandboxing), but rather "defence in depth", which it claims is better than existing models.
Chromebooks use the first operating system designed with this ongoing threat in mind. It uses the principle of "defense in depth" to provide multiple layers of protection, so if any one layer is bypassed, others are still in effect. So while it's still important to take precautions to protect your data, Chromebooks let you breathe just a little bit easier.
Google let the dig that it was adopting the "security arrogance" of Apple slide, perhaps wisely. While Google's re-imaging of security architectures is welcome, it is unlikely that security problems will change, much less disappear, with wider adoption of the operating system. Google has earned plaudits from the security community for the superior stability and security of its Chrome browser as compared to Firefox. However, the recent rash of Trojans infecting Android devices has drawn criticism. Eugene Kaspersky, for example, has even gone so far as to describe Android as the new Windows.
Whether Chrome OS more closely represents its browser namesake or Android in terms of security will do much to determine the overall security landscape over coming years.
That doesn't quite follow. The rabid fanbois (for want of a better term) will probably not have fallen for the fake virus warning -- some would have genuinely thought that their machines were impenetrable and so it was a fake and others will have been IT literate and/or savvy enough to realise it was fake.
However, there will the the smug gits who bought an Apple because a friend told them it was invulnerable and were so gullible that they believed the friend and so gullible that they believed the virus warning.
Then there are the spouses, children and other family of people who own the Mac. For example if you're using daddy's PC and it says you got a virus when you're on a dodgy site then you'll try to cover it up -- it doesn't matter how much of a rabid fanboi your dad is, because he's not there. If you buy your dear old parents a Mac because it's "invulnerable to viruses" they don't necessarily hear you say that. Heck, if your wife uses your "super-invulnerable" Mac she'll probably not realise it -- especially if she spends her day at work using or administrating Windows machines.
So, you may be right that the rabid fanbois may not have clicked on the warning -- but that doesn't mean their arrogance wasn't responsible for problems.
Not quite saying you can't get a virus, but certainly inferring it.
I know Apple will say it refers to not getting a PC virus, however for quite a lot of people PC is personal computer and if a Mac is neither personal or a computer then what is it?
It's not black and white
You could build a system that was absoluty, completely invulnerable to viruses, but it would also be computationally incomplete as a direct side-effect of this. If one process can access persistent data created by another process, then you have the necessary and sufficient conditions for harmful software. No persistent data at all means no viruses, but it also means no files! Tying files to the application that created them, still breaks usability horribly -- and providing a "hidden" API for use in "official" apps only keeps you safe as long as the API *stays* hidden.
Unix-like OSs *are* more secure by design than MS-DOS and Windows 95 / 98 / ME. That is just a fact. In the Unix camp, we screw on the door locks from the inside. In the Windows camp, before XP, they generally used to screw them on from the outside; and a lot of old Windows software, written by self-taught "developers" using pirated copies of Visual Studio and incomplete API documentation, expects outright access to the entire machine. And it can't be rewritten to do things "properly", because the Source Code is long gone. So even though modern Windows has proper security features, much software still relies on them being disabled. And Windows *has to* allow disabling security because if you have to get all your business-essential bespoke software rewritten, you may as well think about making it multi-platform this time around -- why tie it to Windows, now we know all we know?
A really secure (still not totally secure, but about as good as you can get) system would have everything interpreted; this would be enforced through the use of a different instruction set and addressing schema in every physical implementation, so no way to run native code at all. Although this would not make malware impossible, it would at least make it much easier to spot and deal with when it appeared.
However, this would also make Caged software impossible, so the world isn't quite ready for it yet.