First, as you correctly pointed out, needing to be utterly fucking stupid is a far cry from being safe.  The bagel worm for Windows demonstrated that (you received a zip file that you had to save, then open, then extract the executable contents, then run).  Why are people so stupid?

Second, not running as root is FAR from a magic bullet.  If you're on a single user machine then being infected as the main user is no better than being infected as root: ask CBB if he'd rather a virus wiped out his OS, or all his project files (but as we all know, CBB is sensible enough to keep offline backups).

Furthermore, if you really wanted root, it probably wouldn't be that hard to obtain.  I am not a Unix programmer, but if I were to want to do such a thing then (ignoring trying a host of privilege escalation exploits) I'd probably just alias 'su' to run my own program, then infect whoever you've su-ed to before returning the expected shell.  Eventually (and probably immediately) you'd get root.

No, I don't know if this would be possible in OSX's graphical environment, but you can see where I'm coming from.  Does OSX do automatic updates a-la Windows that require admin passwords?  If so, that's an obvious program to spoof.

I feel the urge to be violent towards virus writers.

---

"Engarde!" cried the larvae, huskily. - Scrymarch

How does this not raise the hairs on the backs of people's necks, when something like this is sent to them?

Does their spidey-sense not kick in?

I managed to run Windows 2000 until like '04 without even installing a servicepack or vulnerability patch. Never once got a piece of spyware, a virus, or any other crud.

And I didn't exactly stick to only the safe sites on the web, either.

Is there something in human nature that compels them to install some noname piece-of-crap mahjong clone that they found on google result #417 ? Do they have no choice but open that email promising farmsex pictures (when they could certainly find such pictures with GIS, and the only thing the purveyor would try to get from them in a subscription that is impossible to cancel) ?
--
Do not look directly into laser with remaining good eye.

I find it quite interesting that while PC users are tempted with porn, Mac users are tempted with screenshots of the next version of Mac OS X.

Because to some Mac users, it is porn.  In my old lab I put a picture of one of the new Macs, the cube I think, with a post-it note to label it "Nerd cheesecake."

"I don't have time for martial law, I have to get to the gym!" zarathus

Not being a gullible moron, I'd not type my administrative password to see a JPEG. Actually, now that I think about it, the real reason I'd not type it is because no JPEG is worth that amount of effort. Kind of like how, if you go to a fast food restaurant and there's a line, you leave, because the food isn't worth waiting in the line.

Realizing that the company who "revealed" this sells security software, I see why they're abusing the term "virus" to describe something that doesn't self-replicate, self-propagate, or even self-install or execute. My disappointment lies with Mac malware authors; I mean, COME ON, DUDES! There are buffer overflows that could be exploited in QuickTime that allow for arbitrary shell command execution, and this is the best you guys can do? I suppose all the real malware talent on the Mac platform is too busy doing their dayjob to bother writing virii, leaving this responsibility to basement-dwelling, slashbot script kiddies. Sad, really. As a Mac user, I feel so, I dunno, ... left out.

-
You can build the most elegant fountain in the world, but eventually a winged rat will be using it as a drinking bowl.