The Mac really *is* safer.
I clipped this yesterday from one of the Mac sites. Am looking for the link, but will post the text for now. Its time we laid this issue to rest, at least among those who have an open mind.
"I'll address several issues here. I'm a programmer by trade, and have been creating UNIX programs, filters, and drivers since '82. My name is in the '94 and '94 Yggdrasil Linux "Plug-and-Play" books, so I've obviously been a Linux hack since '92. I also write Windows programs using Visual Studio, and have been porting my tools from Linux to OS X since the beta. So, I think I *might* be qualified to say what I'm about to say.
"Remember: a "virus" is a set of invasive routines which have been attached to a legitimate program. A "worm" is, in essence, a detached background process.
"Creating a UNIX "virus" would require the writer to muck with program text and data segment pointers, and change the program initialization pointer from the "crt0.o" equivalent to something else. The degree of difficulty here is at least 9.5 on a scale of 1-10... even if you *do* have the source to the runtime invocation routines. Then, to screw up the system, you have to attain root privileges from within the attached routines in that user-privileged program, which is indeed quite a bit harder. It's not impossible with the default OS X install, but it ain't easy. The easiest way to defeat this is to create a root account with a scrambled password on *EVERY* *NIX system you use, and that includes OS X.
"Writing a UNIX "worm" is easier. Any program can create a detached process. BUT, the same issues with user-level vs. root permissions exist. Worms will run on properly protected systems, but they may never be able to attain the privileges necessary to do significant damage.
"Now, these are not easy tasks. It's *much* easier to write a simple script that fools Windows into thinking that an offending program is actually something the user *wants* to run. Windows does *NOT* have user-level protections - and that's why viruses and worms are so easy to invoke on Windows.
"Lastly: each task on a *NIX program runs in its own virtual memory space. Programs running within these virtual spaces are not allowed to "touch" devices or other system resources. Instead, programs make requests to the system for system resources. Even the graphics subsystem runs as a task under OS X. Hence, a "buffer overflow" within the OS X desktop would cause the desktop to crash and restart, but shouldn't cause any other problems.
"Windows has incorporated graphics routines into its kernel. Hence, a "buffer overflow" in one of the graphics routines causes the kernel to respond with a handler. If you write your virus properly, the handler will execute *virus code* as the handler... and the virus has now attained system-level capabilities. The Windows kernel thinks it is running legitimate code, but it is running the virus' code -- which just happens to now be running as the system-level error handler. And, without user-level privilege protections, you can do.... anything.
"That's how it's done, folks."
