[QUOTE=Ibex;2769762]But with an administrator account the entire system is accessible.
Or to put it another way… When a family member brings you their infected laptop to fix, it is the difference between creating a new user account, copying documents across & deleting the old one, and spending 2-3 days reinstalling everything![/QUOTE]
I think the ‘TrustedInstaller’ and ‘System’ accounts would be a better start for total system-wide access, but the Administrators group would definitively be enough for the user to have to reinstall the system.
The most secure system is one which is physically inaccessible - locked away in a vault with no cables connecting it to anything else and no wireless transceivers. And only switched on when absolutely necessary.[/QUOTE]
As long as you communicate at all, you will always be vulnerable
As written earlier, the obscurity of a system will always determine how vulnerable it is. In that context it should come as no surprise that at both ends, M$ is worst off and various Linux distros will sail along with no sign of malware at all. It still does not mean that the latter is invulnerable, only that they have so far not been exploited. If you surf using an ancient system, you will likewise be safe as there is no code tailored for the system on the net today, but there will of course be other inconveniences doing it that way (lack of i.e. Flash/HTML5 support or other).
In the coming years, Apple will be put on an ongoing and thorough security test as they have come above the radar and are a feasible target for whatever the malware-coder(s) want to achieve. I suspect Apple will have a hard time saying it is ‘the first time’ for very long…
With that being said, there is a good side-effect arising from such ‘non-controlled’ security tests (that is how we should view exploits) and that is more secure operating systems in the future. That is, if the company takes it seriously - which may come as a rude wake-up call… $0.02