Not surprisingly, both Sophos and Intego—each sells Mac security software—dismissed the update.
[macworld.com...]

Pardon my saying - "Too many people just open files they download and install the program due to negligence or plain stupidity".
If you install the software and enter Admin password - it does not matter how secure your machine is, MS DOS, Windows, UNIX, Mac etc.
That's what the "Trojan Horse" means - pretending to be something else and do the harm.
Although on Mac "out of the box" user installed Trojan can NOT change/delete/harm core system and system files. It's just does not have enough privileges.
Thank you Cnet for the update! From now-on I'll be visiting your website daily!

I have been using a mac since 2002. G3 iBook OS X 10.1. Over the last 8 years I have read all kinds of crazy speculations on why there is so little malware/trojans/viruses for the Mac. At the same time more and more proof that there is malware out there. ClamXAV is the only easy to find and free solution, but OS X 10.6 isn't very well supported. It appears that the ClamAV engine is included in the modern Mac OS. But I am not sure of even this. No mention of it per se from Mac gurus at large, or the Big Apple. BIg fat 50$ manuals for OS X 10.6 offer no advice at all beyond the standard warnings for Windows related problems like Word macros. Everyone always seems in total denial.

The fact is that Macs can pick up malware for Windows and sometimes pass it on. Many such packages show up in OS X as black box shaped icons with the letters 'exe'. Unfortunately, so does much real software. However, I have seen these icons on thumb drives, in peoples Downloads folder etc (where no legitimate executable file would be :). On occasion I have googled for the suspicious files name. It turns up to be a trojan for Windows.

Mac users are supposed to use anti viral software just to stop the spread of it, wether their particular machine is susceptible or not. Hardly anyone ever gets told this though. It is also extremely difficult and tedious to get good solid reliable info on this kind of security issue for Mac.

I just bought a new Macbook Pro running 10.6 "Snow Leopard" and was assured by all that it is pretty much impervious to malware etc. I just refuse to believe this, and am still searching around trying to figure out what to do. Am I supposed to rely on the invisible hand of Apple updates and this legendary secret presence of the dreaded ClamAV engine that is barely whispered about?

Part of the problem with Mac apps is that most of them require you type your system password to allow them to install, for no good reason. Apps which get a system password when installing can get deeper into the system. When OS X came out the idea was that only apps that really *needed* a system password to install would ask for one, but in practice it seems like nearly all of them do. When faced with the password prompt, a user who's unsure about the software has only two choices: Install and worry, or don't install and not get the benefit of the software they wanted to use. I blame Apple in part for putting users in this position. They should be leaning on developers to not have their install programs require a system password when it's not needed.