That’s probably true. If you know of Mac malware found in the wild that doesn’t work by tricking the user, then it should be easy to provide a few examples to rebut that argument. If you can’t, the argument still stands.

Of course it doesn’t mean that “there is no way to install malware without the active participation of the computer user—period.” There must be some way to pull this off, you’d need an unpatched vulnerability to weaponize and exploit and then to hijack a few websites to distribute the goods. I can’t see why it would be impossible (except that you probably couldn’t find one at the moment). And that’s not what that guy implied, he said that currently the threat is limited to a few trojans. True enough, this has been the case for the last 2 years. (The DNS changer trojan was first found in fall 07.)

Who said that “all the Windows malware is self-launching”? As a matter of fact, some Windows vulnerabilities are used in website drive-by-download attacks, that’s a big difference between Windows and OS X. User-launched malware matters but is less scary, it’s targeting the user. At least users can learn good security practices, learn to recognize social engineering, etc. The File Quarantine feature, which already existed in Leopard, has been enhanced and it could help, too.

In all, I don’t see how MacLand is getting to be more dangerous, the number of known malware didn’t increase dramatically.