> "sky is falling" implications, and then NOTHING absolutely happens
Sure, just brush off a sudo vulnerability.
> fight viruses off of Windows boxes
Virus != vulnerability.
Furthermore, while a rootkit is still a virus it's a long-shot from the relatively benign things running around on Windows machines (not that I mentioned Windows at first, but there ya' go - were on to that now). Just to avoid a Windows shitstorm, the same thing could be said of BSD. I am absolutely certain that there is at least one virus for the platform; however, the damage it could possibly do is seriously mitigated by the security of the platform.
"Viruses" (used as a distinct term to "rootkits") can at worst log a few keys up until your next virus scan. After that, poof! They're gone.
A "rootkit" (which requires a sudo/UAC vulnerability) can also at worst log a few keys or something. When you do your virus scan you're going to find nothing. It's going to sit on your machine until kingdom come because the virus is more privileged than you.
Security is like a backup. You only care about it when you have the random bad experience of actually needing it. I'm sure there are a bunch of Windows users who lament turning off UAC now that their files are all encrypted by ransomware. It has nothing to do with "market share" and has everything to do with risk: "UAC is such a stupid feature."
I could leave my keys in my car ignition every night of my life. No matter how much "market share" that car brand has all it takes is the random misfortune of someone on the street noticing that I do that.
Just keep in mind that it was you that bought up all these tangential topics.
Viruses are not going to go poof unless your antivirus knows about them
And in the typical case a vulnerability is a prerequisite for a virus.
But local vulns are only a concern if someone already has access to your system. In which case your usually fucked anyway. Which is why Apple introduced developer certs and gatekeeper.
If it doesn't impact me, and has never had, I will. Just like I don't feel any need to run antivirus and anti-spyware on my Ubuntu box, whereas I do on any Windows box 1 own (3 of them).
>Virus != vulnerability.*
Well, the vulnerability has to be exploited to matter. Either by some virus, some hackers, some malware, creating a botnet, whatever. If it never does, or its always in the form of some trojan needing a stupid user to install it willingly, I don't care about it.
The mere existance of it is not really important. All systems had, have and will have some vulnerabilities.
I'm not some wide eyed believer in the invulnerability of OS X. I've cut my teeth on Sun OS (pre Solaris) and HP-UX, and I've run Linux since 1997.
I just don't care much for hypotheticals.
As for my data, I back them up. I can go back to a clean system, if anything happens, within 10 minutes with rolling archived bootable backups. And I re-install from scratch + dumb data in around 5 hours (I just did it a few weeks ago to try El Capitan).
>Security is like a backup. You only care about it when you have the random bad experience of actually needing it. I'm sure there are a bunch of Windows users who lament turning off UAC now that their files are all encrypted by ransomware. It has nothing to do with "market share" and has everything to do with risk: "UAC is such a stupid feature."
Well, it's kinda stupid. Even with UAC enabled the same users would just have gone ahead and authorized it to install the malware in the first place, not knowing what it is and just wanting to get it out of the way.
Besides, if they had earlier backups of said files, removing the ramsonware and restoring the original files would be a few minutes affair.
>I could leave my keys in my car ignition every night of my life.
And if you live in certain countries where car theft rarely or never happens, you'll be justified too.
There are countries were people sleep and even leaves their house with the doors unlocked and windows open.
Not because theft is impossible -- just because it's rare enough that barely even registers, and they don't feel any need to be paranoid.
It's a healthy lifestyle, even if 1 in 100.000 has something stolen from time to time.
Heck, it's healthy even if it's you that has had that misfortune.
Sure, just brush off a sudo vulnerability.
> fight viruses off of Windows boxes
Virus != vulnerability.
Furthermore, while a rootkit is still a virus it's a long-shot from the relatively benign things running around on Windows machines (not that I mentioned Windows at first, but there ya' go - were on to that now). Just to avoid a Windows shitstorm, the same thing could be said of BSD. I am absolutely certain that there is at least one virus for the platform; however, the damage it could possibly do is seriously mitigated by the security of the platform.
"Viruses" (used as a distinct term to "rootkits") can at worst log a few keys up until your next virus scan. After that, poof! They're gone.
A "rootkit" (which requires a sudo/UAC vulnerability) can also at worst log a few keys or something. When you do your virus scan you're going to find nothing. It's going to sit on your machine until kingdom come because the virus is more privileged than you.
Security is like a backup. You only care about it when you have the random bad experience of actually needing it. I'm sure there are a bunch of Windows users who lament turning off UAC now that their files are all encrypted by ransomware. It has nothing to do with "market share" and has everything to do with risk: "UAC is such a stupid feature."
I could leave my keys in my car ignition every night of my life. No matter how much "market share" that car brand has all it takes is the random misfortune of someone on the street noticing that I do that.
Just keep in mind that it was you that bought up all these tangential topics.