Not that I care what some bloke I've never met on the other side of a computer screen somewhere in another part of the world thinks of me but here's a quick story.
I work in system security for a telecoms company, have done for 5 years now & spent about 20 years in tech support in telecoms & UNIX, also done more than my fair share of sysadmin work. (Yes, I'm *that* old.)
Yep, I used to think I was a pretty "l33t" guy, then my home Linux server got hacked about 8 years ago because I stupidly left an FTP daemon running. Several scripts were dumped on my machine that kept kicking people off of a few IRC channels, someone complained to my ISP and my connection got severed by them. After two weeks of emailing them and sending them logs, they accepted it wasn't me and reinstated my connection - being hacked is quite a humbling experience.
Since that time, I read up a lot on OS security, tried a lot of stuff myself and now I work as a security consultant for a telecoms company - it's interesting, it pays well, I'm happy.
I do a lot of auditing and hardening of customer servers, I see (and fix) a lot of security holes put on systems by people who were well intentioned but didn't fully understand what they were doing - passwordless accounts, unpatched daemons running, scripts doing some pretty scary things on systems. Not one of my customers is confident enough in their management abilities of those servers to trust them to be exactly the same as when they were delivered in shrinkwrapped boxes, so they get me to come in and close down any holes.
So if you choose to ignore my advice, that's your call, it makes no difference to me. But rest assured that one of the worst things you can do is not double check your systems on a regular basis and become too self-assured about your own security.
Yes, but the core point I am trying to make is that you simply cannot make a simple statement that an OS is inherently insecure - it very much depends on what other layered security defences are placed around it.
I would hope that these days, virtually everyone with an Internet connection is using an ISP-supplied NAT router because that alone adds a whole heap of good security protection over any computer just connected to a USB ADSL modem.
Look, I'm sorry, I'm a simple security consultant, a mere mortal, nothing more than that.
When I read phrases like "market share", my brain starts to hurt & braincells scream their last dying breaths... I'm *just* a bloke wot fixes stuff, nothing more.
Please, go now. Go find someone who lives on that higher plane of "tax dollars", "margins" and "pre-tax profits" because your words are now going fuzzy and are spinning around... I need to go lie down now...
System security shouldn't be something users should ever have to worry about. While it's true making a perfect lock is impossible, Windows security until 7 has basically been a giant sign that says, "Please don't own this box."
Absolute rubbish! And that's coming from me, a mostly Linux user.
Microsoft made some design mistakes in Windows and cocked up on marketing making people believe that it is entirely possible to use Windows as an inexperienced user and never have to worry about security. In Vista they tried to counteract that bad information by annoying everyone with "in your face" security reminders called UACs, realised they'd gone too far with that and backed off a little in Windows 7. (And that *really* is the extent of my Vista and Windows 7 knowledge because I've not yet used either.)
But even up to and including XP, if it's patched up to the latest Service Pack and patch version, has a firewall activated, a virus checker and sits behind a NAT router on the Internet, then that system is going to be pretty safe just sitting there.
The fact is, that XP machine will get viruses and malware because an inexperienced user has not understood what he's doing or has been tricked into clicking something he should not have done. Sorry, but if you insist on downloading cracked games and cracked software from BitTorrent, then you're going to be putting viruses onto the machine that will end up trashing it, it's that simple.
But, on the other hand, if you get rid of applications like Outlook and IE that hook deeply into the core system, replace them with standard applications like Thunderbird and Firefox (or countless other web and mail clients) that sit *on top* of Windows, rather than *within it*, then that's already going to block a lot of malware getting onto the system in the first place. Then take care with email attachments, stay aware from dodgy software and sites, and like me you'll have several XP systems that haven't seen a virus in years.
Ever OS (yes, even Linux) has security weaknesses that can be opened up by a user who is not sure about what he/she is doing.
Windows is *not* an easy system to maintain, XP needs as much care and attention from an administration and day-to-day maintenance perspective than anyone of my Linux servers do, maybe even more so in my case because I'm much better at automating stuff in shell/Perl scripts on Linux than I am on Windows.
But it's got its bad security reputation because Microsoft made some poor marketing decisions and aimed it at people who believe they don't need any sysadmin skills to maintain it, and your comments don't honestly do any justice to the number of really good Windows sysadmins who make a pretty good job of keeping it secure, in my experience.
With all respect, that's an absolutely facile statement.
1. Add up the total number of devices that run some kind of Linux kernel in this world and it would certainly exceed the number of instances of OS X being used and may even give Windows a run for its money - I'm talking everything from DVD and media players, through car engine management systems to Internet servers. The number of desktop instances of Linux is probably very small in comparison, I agree, but they could all suffer from security exploits.
2. Unless you are talking about specific kernel exploits (which ultimately may only ever cause a system to slow down or crash, rather than allow access to the system), then to say "Linux exploits" is meaningless because it depends what applications and services are running on top of that kernel - again, that will be determined by what that particular installation of Linux is expected to do.
3. Based on the above, then exploits onto a Linux system will occur as a result of an application exploit onto that system - e.g. OpenSSH, Apache Web Server, FTP, etc. Since those vulnerabilities invariably occur in programming errors within the source code, and that source code can probably be ported to a number of platforms including Windows or OS X, then those platforms might also be at risk of the same vulnerability.
I have no problem with anyone having a go at the low number of Linux desktops because most of who use it just use it and don't care how popular it is. (Yes, there are zealots in ALL user bases.) But if you are going to make a comment then do so from a position of knowledge, rather than basing that comment purely on the FUD you may have heard.
And to be honest, believing that a particular vulnerability *only* affects Linux may not strictly be true, as I have explained - and that could be dangerous from a seucrity perspective.
I'm not trying to offer any moral guidance here, I'm just stating the fact that if you go to dodgy parts of the Internet then you're more likely to pick up something nasty, especially if you download something that's some kind of executable program.
I stopped all that stuff years ago and haven't had a virus since - my view is that the amount of time I spent fixing virus-ridden PCs wasn't justified by the amount of money I saved running cracked software. If you or anyone else believes otherwise, that's fine, you now know the risks.
And whilst I agree there are no known viruses for Linux or OS X, in both cases you *should* pay more attention (than you would on Windows) to running daemons, stopping any that you don't need and keeping the ones you do need updated. That's standard UNIX security stuff across all the flavours of it.
OpenSSH is pretty good at the moment - it's like all software, when a new major release comes out, you're probably more likely to see vulnerabilities reported but after a few dot releases, it'll usually be pretty good. Having said that, 5.8 was released earlier this month and had a security fix from 5.7 so even I should have a look and see what that one's about.
All I'm really trying to say is maybe scan your systems to work out what's running and what version the stuff is - then keep an eye on the security alerts from CERT, Security Focus or wherever.
I don't want to argue semantics here but a virus scanner or an adware blocker do not keep a system up to date - they keep malware off it, you're (unintentionally?) mixing stuff up here.
The reason you need both of them is because of the amount of malware that makes use of flaws in extended privileges on Windows - that's partially down to bad design by forcing users to run in administrator privileges too much. I've not used any Windows beyond XP (mainly Linux) but I understand UACs are supposed to be a defence against letting software install with too high privileges.
But you can lock Windows down with user-only privileges, but how well that works for deeply-hooked applications like Outlook or IE I can't really say.
You do need to install updates (of course) but that's equally important on any OS - on a UNIX-like one, especially so if you're running network daemons that can be attacked from outside.
So by design, you're less likely to see a virus propogate across UNIX machines but it doesn't mean they're automatically safer because they do generally expose more potentially vulnerable daemons to the network - so more prone to different types of attack.
I own newtrally.org. If any readers would be interested in assisting me in all-terrain amphibian racing, please drop me a note at ideas@newtrally.org. My intent is to use this to promote newts rallying, and not to make a quick buck. --
With shards of broken glass embedded into the top of the wall... and machine gun nests on the other side of the wall... surrounded by a moat filled with sharks with FRICKIN' LASER BEAMS IN THEIR HEADS!!!
If you're paranoid about it then you subscribe to Security Focus or CERT and keep an eye open for any new ones - then turn the daemon off or restrict connectivity until it's been updated.
The point is not to get complacent about security - every OS needs to be watched for vulnerabilities and updated to fix them.
You need to be aware of what versions of daemons (like SSH, HTTP, FTP, SAMBA, etc. etc.) are running on your system currently.
You then sign up to security alerts, from your OS vendor, but preferably from somewhere like CERT who will report the vulnerabilities first. If a security vulnerability is reported on something you are running, then ideally you'd turn it off until it's fixed by the OS vendor; if you can't, then wrap some connectivity restrictions around it from a firewall, TCP wrappers or network ACLs to restrict what IP addresses can connect to it. Then patch it when the OS vendor releases an update.
Anyone who cares about security should do this - just because you run Apple doesn't make you special.
Just for the record, I'm 80% Linux user and 20% Windows XP user - not had a virus on either for as long as I can remember.
But let me tell you how that number of viruses got onto your friend's Windows machine - he put them there. Or you're exaggerating. Or a bit of both.
Yes, it may well be his virus detection didn't pick them up (does he use one and is it updated regularly?) but that many is a sure indication he's been downloading dodgy software, games, or serial cracks, probably via BitTorrent.
If your virus killer is up to date then you need to be confident that it can get to an executable and examine it before that executable runs and installs something dodgy on your PC. If that executable has been downloaded from a dodgy source, or copied from a friend, then it may well be virus ridden but compressed in a certain way such that the virus signature is concealed, and therefore not detected.
The obligatory car analogy would be having a car thief concealed behind the driver's seat and you locking the car with him still in it - in that case, the locks and windows on the car will be bugger all use in stopping the thief from stealing it.
Whatever operating system you use, if you install executables on it that you are not sure of the source of, then you can put something dodgy onto your machine, end of story. It just happens to be that Windows has a lot of dodgy software available for it.
Sorry, but if you believe that a virus scanner and maybe an adware blocker are the be all and end all of security on Windows, then you deserve what you get, I'm afraid. You also need some common sense in not bypassing the protection you do have by installing some dodgy executable or running a dodgy email attachment.
We have to be at work on weekdays - we can't get our kicks snickering at you from behind our cappucinos when you sit there posing with your MacBooks in coffee shops.
Actually, it needs to be "rm -rf/" or "rm -Rf/" on some systems.
And if you are stupid then I would recommend using "sudo" as it is more than likely configured to only let you run some (and hopefully less harmful) commands as root.
But let me guess, you're the sort of person who laughs at an eight year old kid who needs stabiliser wheels on their first bike because they're not yet good enough for only two wheels, right?
Nope, that application that turned your iPhone into a glass of beer that you could put to your lips and appear to drink from was ONLY on the iTunes store, thanks to superior quality software vetting by Apple.
You clearly have little concept of the differences between Windows and OS X (well, beyond "Windows sucks but Apple is cool, dude" anyway) so I'll try to explain it in simplistic terms.
Viruses and Trojans propagate easily through Windows systems because there is a common platform across many machines in which a piece of malware can run, and because a lot of Windows users run in administrator mode with deeply-embedded applications running with similar permissions, malware can get deeply into the system. Yep, a lot of that is bad design of the OS but that's how it is.
A UNIX-like system is not susceptible to the same type of malware propagation because there are many different variants of UNIX that don't frequently run common binaries (i.e. programs need to be compiled for each specific type of UNIX). However, a bigger barrier to virus propogation is the fact that UNIX instills in you from the outset to do as much as possible as a normal user and just change to root when you need to.
I am a huge fan and user of Linux but I tell you now, categorically, the above facts DO NOT AUTOMATICALLY MAKE YOU SAFE!
UNIX "presents" applications to the network ("daemons") that have been started from their own shell and if you manage to crash those daemons, then you can force the system to drop to a shell prompt. If that daemon was running with root permissions, then it will drop to a root shell prompt and you then have unrestricted access to the system to do what you like - this type of attack is known as a "buffer overflow attack" because it's purpose is to crash the daemon by sending either too much data for it to process or badly constructed data. And this is precisely why modern UNIX systems usually try to run daemons at normal user level, rather than root, so that in the case of a crash, it drops to a user shell only in which you can do a lot less damage because you are far more restricted at a permissions level.
Another form of attack is "brute forcing" where you try to break open an application by continually trying to send, say, a valid password to log into the system.
In both cases, such attacks need to be directed at a specific application, maybe even a specific version of that application with a known vulnerability that can be exploited. However, because it's possible to drive attacks from an automated program, a lot of machines can be tested very quickly for vulnerabilities.
If you have enough knowledge of what you are doing and don't believe me, make sure your machine is logging everything and then stick it in the DMZ of your home router, maybe run up Wireshark packet sniffing at the same time. I guarantee you that if not immediately, then within minutes you will see signs that something out on the Internet is having a look at what's running on your machine - a common one is brute forcing the SSH daemon where syslog will show you spurts of activity of something trying to get access to your machine by systematically trying common account names.
What's worse in your case is Apple markets their machines as being easy to use but, the fact is, you need to know a lot about UNIX before you can be relatively confident that you are safe. Incidentally, I got seriously into UNIX security about 8 years ago when I put a home server on the Internet, stupidly left an FTP service running, it got buffer overflowed and a script got installed on it to kick users from an IRC channel. I found out about it when my ISP disconnected my account due to complaints and it took me over two weeks of sending them logs and emailing them to get it reinstated. Suffice it to say, I've never been hacked since.
The moral of the story is "Don't get too complacent" and you'd be far better off reading a few books about UNIX security now rather than sitting there thinking it will never happen to you.
To be honest, if I was hit-whoring, I'd be more inclined to put "Windows Sucks For Security" rather than "Apple Sucks For Security" based on the respective user bases... just an observation.
Slashdot Mirror
Not that I care what some bloke I've never met on the other side of a computer screen somewhere in another part of the world thinks of me but here's a quick story.
I work in system security for a telecoms company, have done for 5 years now & spent about 20 years in tech support in telecoms & UNIX, also done more than my fair share of sysadmin work. (Yes, I'm *that* old.)
Yep, I used to think I was a pretty "l33t" guy, then my home Linux server got hacked about 8 years ago because I stupidly left an FTP daemon running. Several scripts were dumped on my machine that kept kicking people off of a few IRC channels, someone complained to my ISP and my connection got severed by them. After two weeks of emailing them and sending them logs, they accepted it wasn't me and reinstated my connection - being hacked is quite a humbling experience.
Since that time, I read up a lot on OS security, tried a lot of stuff myself and now I work as a security consultant for a telecoms company - it's interesting, it pays well, I'm happy.
I do a lot of auditing and hardening of customer servers, I see (and fix) a lot of security holes put on systems by people who were well intentioned but didn't fully understand what they were doing - passwordless accounts, unpatched daemons running, scripts doing some pretty scary things on systems. Not one of my customers is confident enough in their management abilities of those servers to trust them to be exactly the same as when they were delivered in shrinkwrapped boxes, so they get me to come in and close down any holes.
So if you choose to ignore my advice, that's your call, it makes no difference to me. But rest assured that one of the worst things you can do is not double check your systems on a regular basis and become too self-assured about your own security.
Yes, but the core point I am trying to make is that you simply cannot make a simple statement that an OS is inherently insecure - it very much depends on what other layered security defences are placed around it.
I would hope that these days, virtually everyone with an Internet connection is using an ISP-supplied NAT router because that alone adds a whole heap of good security protection over any computer just connected to a USB ADSL modem.
Look, I'm sorry, I'm a simple security consultant, a mere mortal, nothing more than that.
When I read phrases like "market share", my brain starts to hurt & braincells scream their last dying breaths... I'm *just* a bloke wot fixes stuff, nothing more.
Please, go now. Go find someone who lives on that higher plane of "tax dollars", "margins" and "pre-tax profits" because your words are now going fuzzy and are spinning around... I need to go lie down now...
System security shouldn't be something users should ever have to worry about. While it's true making a perfect lock is impossible, Windows security until 7 has basically been a giant sign that says, "Please don't own this box."
Absolute rubbish! And that's coming from me, a mostly Linux user.
Microsoft made some design mistakes in Windows and cocked up on marketing making people believe that it is entirely possible to use Windows as an inexperienced user and never have to worry about security. In Vista they tried to counteract that bad information by annoying everyone with "in your face" security reminders called UACs, realised they'd gone too far with that and backed off a little in Windows 7. (And that *really* is the extent of my Vista and Windows 7 knowledge because I've not yet used either.)
But even up to and including XP, if it's patched up to the latest Service Pack and patch version, has a firewall activated, a virus checker and sits behind a NAT router on the Internet, then that system is going to be pretty safe just sitting there.
The fact is, that XP machine will get viruses and malware because an inexperienced user has not understood what he's doing or has been tricked into clicking something he should not have done. Sorry, but if you insist on downloading cracked games and cracked software from BitTorrent, then you're going to be putting viruses onto the machine that will end up trashing it, it's that simple.
But, on the other hand, if you get rid of applications like Outlook and IE that hook deeply into the core system, replace them with standard applications like Thunderbird and Firefox (or countless other web and mail clients) that sit *on top* of Windows, rather than *within it*, then that's already going to block a lot of malware getting onto the system in the first place. Then take care with email attachments, stay aware from dodgy software and sites, and like me you'll have several XP systems that haven't seen a virus in years.
Ever OS (yes, even Linux) has security weaknesses that can be opened up by a user who is not sure about what he/she is doing.
Windows is *not* an easy system to maintain, XP needs as much care and attention from an administration and day-to-day maintenance perspective than anyone of my Linux servers do, maybe even more so in my case because I'm much better at automating stuff in shell/Perl scripts on Linux than I am on Windows.
But it's got its bad security reputation because Microsoft made some poor marketing decisions and aimed it at people who believe they don't need any sysadmin skills to maintain it, and your comments don't honestly do any justice to the number of really good Windows sysadmins who make a pretty good job of keeping it secure, in my experience.
With all respect, that's an absolutely facile statement.
1. Add up the total number of devices that run some kind of Linux kernel in this world and it would certainly exceed the number of instances of OS X being used and may even give Windows a run for its money - I'm talking everything from DVD and media players, through car engine management systems to Internet servers. The number of desktop instances of Linux is probably very small in comparison, I agree, but they could all suffer from security exploits.
2. Unless you are talking about specific kernel exploits (which ultimately may only ever cause a system to slow down or crash, rather than allow access to the system), then to say "Linux exploits" is meaningless because it depends what applications and services are running on top of that kernel - again, that will be determined by what that particular installation of Linux is expected to do.
3. Based on the above, then exploits onto a Linux system will occur as a result of an application exploit onto that system - e.g. OpenSSH, Apache Web Server, FTP, etc. Since those vulnerabilities invariably occur in programming errors within the source code, and that source code can probably be ported to a number of platforms including Windows or OS X, then those platforms might also be at risk of the same vulnerability.
I have no problem with anyone having a go at the low number of Linux desktops because most of who use it just use it and don't care how popular it is. (Yes, there are zealots in ALL user bases.) But if you are going to make a comment then do so from a position of knowledge, rather than basing that comment purely on the FUD you may have heard.
And to be honest, believing that a particular vulnerability *only* affects Linux may not strictly be true, as I have explained - and that could be dangerous from a seucrity perspective.
I'm not trying to offer any moral guidance here, I'm just stating the fact that if you go to dodgy parts of the Internet then you're more likely to pick up something nasty, especially if you download something that's some kind of executable program.
I stopped all that stuff years ago and haven't had a virus since - my view is that the amount of time I spent fixing virus-ridden PCs wasn't justified by the amount of money I saved running cracked software. If you or anyone else believes otherwise, that's fine, you now know the risks.
And whilst I agree there are no known viruses for Linux or OS X, in both cases you *should* pay more attention (than you would on Windows) to running daemons, stopping any that you don't need and keeping the ones you do need updated. That's standard UNIX security stuff across all the flavours of it.
OpenSSH is pretty good at the moment - it's like all software, when a new major release comes out, you're probably more likely to see vulnerabilities reported but after a few dot releases, it'll usually be pretty good. Having said that, 5.8 was released earlier this month and had a security fix from 5.7 so even I should have a look and see what that one's about.
All I'm really trying to say is maybe scan your systems to work out what's running and what version the stuff is - then keep an eye on the security alerts from CERT, Security Focus or wherever.
I don't want to argue semantics here but a virus scanner or an adware blocker do not keep a system up to date - they keep malware off it, you're (unintentionally?) mixing stuff up here.
The reason you need both of them is because of the amount of malware that makes use of flaws in extended privileges on Windows - that's partially down to bad design by forcing users to run in administrator privileges too much. I've not used any Windows beyond XP (mainly Linux) but I understand UACs are supposed to be a defence against letting software install with too high privileges.
But you can lock Windows down with user-only privileges, but how well that works for deeply-hooked applications like Outlook or IE I can't really say.
You do need to install updates (of course) but that's equally important on any OS - on a UNIX-like one, especially so if you're running network daemons that can be attacked from outside.
So by design, you're less likely to see a virus propogate across UNIX machines but it doesn't mean they're automatically safer because they do generally expose more potentially vulnerable daemons to the network - so more prone to different types of attack.
I own newtrally.org. If any readers would be interested in assisting me in all-terrain amphibian racing, please drop me a note at ideas@newtrally.org. My intent is to use this to promote newts rallying, and not to make a quick buck.
--
Why not make yourself a few dollars even - sell your laptop on eBay and go use a free computer at the local library!
They don't do Opera on Macs, do they? Jeez, imagine one of *THOSE* as a fanboi!
With shards of broken glass embedded into the top of the wall...
and machine gun nests on the other side of the wall...
surrounded by a moat filled with sharks with FRICKIN' LASER BEAMS IN THEIR HEADS!!!
Without wishing to be rude, see the reply I gave to the other comment - here's a couple I chose at random (possibly quite old) from Google:
OpenSSH vulnerability
SAMBA vulnerability
If you're paranoid about it then you subscribe to Security Focus or CERT and keep an eye open for any new ones - then turn the daemon off or restrict connectivity until it's been updated.
The point is not to get complacent about security - every OS needs to be watched for vulnerabilities and updated to fix them.
You need to be aware of what versions of daemons (like SSH, HTTP, FTP, SAMBA, etc. etc.) are running on your system currently.
You then sign up to security alerts, from your OS vendor, but preferably from somewhere like CERT who will report the vulnerabilities first. If a security vulnerability is reported on something you are running, then ideally you'd turn it off until it's fixed by the OS vendor; if you can't, then wrap some connectivity restrictions around it from a firewall, TCP wrappers or network ACLs to restrict what IP addresses can connect to it. Then patch it when the OS vendor releases an update.
Anyone who cares about security should do this - just because you run Apple doesn't make you special.
Just for the record, I'm 80% Linux user and 20% Windows XP user - not had a virus on either for as long as I can remember.
But let me tell you how that number of viruses got onto your friend's Windows machine - he put them there. Or you're exaggerating. Or a bit of both.
Yes, it may well be his virus detection didn't pick them up (does he use one and is it updated regularly?) but that many is a sure indication he's been downloading dodgy software, games, or serial cracks, probably via BitTorrent.
If your virus killer is up to date then you need to be confident that it can get to an executable and examine it before that executable runs and installs something dodgy on your PC. If that executable has been downloaded from a dodgy source, or copied from a friend, then it may well be virus ridden but compressed in a certain way such that the virus signature is concealed, and therefore not detected.
The obligatory car analogy would be having a car thief concealed behind the driver's seat and you locking the car with him still in it - in that case, the locks and windows on the car will be bugger all use in stopping the thief from stealing it.
Whatever operating system you use, if you install executables on it that you are not sure of the source of, then you can put something dodgy onto your machine, end of story. It just happens to be that Windows has a lot of dodgy software available for it.
Sorry, but if you believe that a virus scanner and maybe an adware blocker are the be all and end all of security on Windows, then you deserve what you get, I'm afraid. You also need some common sense in not bypassing the protection you do have by installing some dodgy executable or running a dodgy email attachment.
You should have read the opening sentences of his post a bit more carefully:
The medical model for disease works for computer viruses too. You need both a vulnerability and a vector.
That's the first line from the book "The Bluffer's Guide To Computers for Personnel Managers".
Two words, fanboi, if you can find your way to a shell prompt without help:
"man rsync"
Works for me every time.
We have to be at work on weekdays - we can't get our kicks snickering at you from behind our cappucinos when you sit there posing with your MacBooks in coffee shops.
See? Simple explanation really...
Ahem!
Buffer overflowing a network daemon so it drops to a root shell prompt without any form of password access can be done without your permission.
Actually, it needs to be "rm -rf /" or "rm -Rf /" on some systems.
And if you are stupid then I would recommend using "sudo" as it is more than likely configured to only let you run some (and hopefully less harmful) commands as root.
But let me guess, you're the sort of person who laughs at an eight year old kid who needs stabiliser wheels on their first bike because they're not yet good enough for only two wheels, right?
Hey! Watch it with all that foam and spittle, will ya? That was almost in my eye, that one!
Something like the Mac App Store, but cross platform and accepting only open source submissions.
Then that's absolutely nothing like the Mac App Store.
A fanboi's mouth when Steve Jobs asks to shit in it?
Oh, sorry, didn't realise it was a rhetorical one...
Nope, that application that turned your iPhone into a glass of beer that you could put to your lips and appear to drink from was ONLY on the iTunes store, thanks to superior quality software vetting by Apple.
You clearly have little concept of the differences between Windows and OS X (well, beyond "Windows sucks but Apple is cool, dude" anyway) so I'll try to explain it in simplistic terms.
Viruses and Trojans propagate easily through Windows systems because there is a common platform across many machines in which a piece of malware can run, and because a lot of Windows users run in administrator mode with deeply-embedded applications running with similar permissions, malware can get deeply into the system. Yep, a lot of that is bad design of the OS but that's how it is.
A UNIX-like system is not susceptible to the same type of malware propagation because there are many different variants of UNIX that don't frequently run common binaries (i.e. programs need to be compiled for each specific type of UNIX). However, a bigger barrier to virus propogation is the fact that UNIX instills in you from the outset to do as much as possible as a normal user and just change to root when you need to.
I am a huge fan and user of Linux but I tell you now, categorically, the above facts DO NOT AUTOMATICALLY MAKE YOU SAFE!
UNIX "presents" applications to the network ("daemons") that have been started from their own shell and if you manage to crash those daemons, then you can force the system to drop to a shell prompt. If that daemon was running with root permissions, then it will drop to a root shell prompt and you then have unrestricted access to the system to do what you like - this type of attack is known as a "buffer overflow attack" because it's purpose is to crash the daemon by sending either too much data for it to process or badly constructed data. And this is precisely why modern UNIX systems usually try to run daemons at normal user level, rather than root, so that in the case of a crash, it drops to a user shell only in which you can do a lot less damage because you are far more restricted at a permissions level.
Another form of attack is "brute forcing" where you try to break open an application by continually trying to send, say, a valid password to log into the system.
In both cases, such attacks need to be directed at a specific application, maybe even a specific version of that application with a known vulnerability that can be exploited. However, because it's possible to drive attacks from an automated program, a lot of machines can be tested very quickly for vulnerabilities.
If you have enough knowledge of what you are doing and don't believe me, make sure your machine is logging everything and then stick it in the DMZ of your home router, maybe run up Wireshark packet sniffing at the same time. I guarantee you that if not immediately, then within minutes you will see signs that something out on the Internet is having a look at what's running on your machine - a common one is brute forcing the SSH daemon where syslog will show you spurts of activity of something trying to get access to your machine by systematically trying common account names.
What's worse in your case is Apple markets their machines as being easy to use but, the fact is, you need to know a lot about UNIX before you can be relatively confident that you are safe. Incidentally, I got seriously into UNIX security about 8 years ago when I put a home server on the Internet, stupidly left an FTP service running, it got buffer overflowed and a script got installed on it to kick users from an IRC channel. I found out about it when my ISP disconnected my account due to complaints and it took me over two weeks of sending them logs and emailing them to get it reinstated. Suffice it to say, I've never been hacked since.
The moral of the story is "Don't get too complacent" and you'd be far better off reading a few books about UNIX security now rather than sitting there thinking it will never happen to you.
To be honest, if I was hit-whoring, I'd be more inclined to put "Windows Sucks For Security" rather than "Apple Sucks For Security" based on the respective user bases... just an observation.