Rixstep is one of the most intelligently critical Mac-centric (well, originally NeXT-centric) websites around. Here’s their latest commentary on Apple’s security issues — an issue they’ve been railing about for years.
Now, I’m not about to switch to Windows for the superior security of Vista (which, if anything, is more vulnerable to social engineering attacks, which are by far the biggest threat*), but it would be nice if Apple closed some of the glaring holes before there actually are some real world exploits.
Note: * all the remote attacks to which Mac OS X is vulnerable are in essence going to require a social engineering approach to work in the first place. Whether it’s getting a user to visit a web page with a specially crafted QuickTime movie, or getting a user to download a trojan, the point is getting the user to do something. Vista screws up its warnings by crying wolf so often that the chance of a user inadvertently clicking “yes” at a critical juncture is much higher, and this is something CanWest et al don’t measure.