Actually, it wasn’t Apple who said that: in fact, nor did Rich Mogull (in a comment quoted by John Gruber to which young Mr Harley drew my attention), though this mini-rant started from his assertion that “ …while the Mac security situation really is changing, those changes are due almost entirely to attackers’ changing tactics and have little to do with the inherent strength or weakness of Mac security…”
In general, the more thoughtful pro-Mac commentators (who are often somewhat anti-AV, as it happens) are now saying much the same thing that responsible AV researchers always have: the sky isn’t falling, Mac malware is a trickle, and it’s mostly about social engineering, not OS vulnerabilities. Most would even agree that a savvy home (Mac) user can get away without AV, though with at least one decent free product out there, they don’t need to.
Unfortunately, less savvy users have become exposed to more risks: not just fake AV and the other odds and ends of malware that are cluttering the Mac Threatscape, but other attacks that rely on social engineering, such as phishing. A good AV program may help reduce that exposure in some cases. And so, of course, may user education, though many people in this industry believe that it’s of little use or no use.
The trouble is, by announcing that it will provide detection for “all known variants”, Apple is likely to convince its ardent fans that Apple will take care of all their malware problems. Unfortunately, as Andrew Lee has pointed out in a new blog, the weakest link, irrespective of platform, is the interface between the chair and the keyboard. Apple would be doing its fans a favour if it suggested to them that neither Apple nor “real” AV can apply a patch for an absence of caution and commonsense.
Old Mac Bloggit
(who is now returned from Polynesia a poorer and browner pseudonym)