I'm not saying it's the only one, just that it's by far the biggest one. If you have a choice between writing malware that could affect 70% of computers or 10%, you pick the 70% demographic. If Mac suddenly had the biggest demographic of users, we'd be seeing a lot more malware for it.
The malware might not exploit X application, and sure, Windows has been plagued by Adobe, but there's nothing that makes OS X fundamentally more secure. Especially considering that a lot of malware today actually relies on social engineering rather than 0days.
Most malware goes after exploits, not social engineering. You see more social engineering and less exploitation on OSX because there is far less to exploit on OSX.
A lot of malware uses social engineering to become deployed, including on Windows, with or without exploits. If you don't think so, I seriously doubt that you work at Malware-Bytes in an R&D capacity, given that Malware-Bytes is the most popular tool for removing stuff that relies entirely on social engineering, e.g. Fake AV malware.
> You see more social engineering and less exploitation on OSX because there is far less to exploit on OSX.
That statement might be true for applications that users typically install on these systems, but it's not true for the operating systems themselves.
In absolutely nothing I said did I make the claim that social engineering wasn't used by malware.
You made the claim that there was a level playing field with regards to security between Windows and OSX, "especially considering that a lot of malware today actually relies on social engineering rather than 0days". My response was simply that this isn't 100%, that many malware variants still use exploits to get onto systems, and that your statements based around that are also incorrect.
> "especially considering that a lot of malware today actually relies on social engineering rather than 0days"
That doesn't mean "most".
> My response was simply that this isn't 100%, that many malware variants still use exploits to get onto systems, and that your statements based around that are also incorrect.
I'm saying that if Windows disappeared tomorrow, malware--the pieces that exploit software or social-engineer users--wouldn't go away by any stretch of the imagination. Malware distribution would immediately and significantly increase on the now most attractive platforms.
There is nothing about the architecture of the other operating systems that make them any more resistant to malware than Windows--in fact, Windows' UAC is superior to the equivalents on both OS X and Linux.
Take something like the Chromebook or iPhone, and we'll talk.
The malware might not exploit X application, and sure, Windows has been plagued by Adobe, but there's nothing that makes OS X fundamentally more secure. Especially considering that a lot of malware today actually relies on social engineering rather than 0days.