@ELC:

Savor the flavor. If macs keep getting popular, it's only a matter of time before someone figures out how to put viruses on them, too.

What are these virii you speak of? Macs don't have any auto-spreadable virii.

They're susceptible to malware due to social engineering or the like, but the base OS is just not the same as Windows. Windows is simply easier to compromise, hence the need for not only virus scanning software, but malware/spyware scanning software, registry monitors, etc.

Ah, the joy of using Macintosh. I'll wave at you all as you scramble to see if you've lost money.

@Landru: Yeah, it's when he started working with Kanye.

Anyway, I'm not speaking hypothetically here. There are lots of MITM attacks that have been observed in the wild where an infected host hijacked traffic from an ostensibly protected host.

Static passwords are -not- secure enough to give access to any sort of banking information. There are just too many ways they can be found.

Sniffed traffic, trojans, keyloggers or even social engineering.

Change to a bank that offers a token generator and you avoid the whole issue of trojans stealing passwords as the password you use wont be valid in 60 seconds anyway. This blocks the "replay" attacks and requires the cracker to use the password within a minute of you typing it in. Not very likely that they will be able to do that. Not perfect but a hell of a lot better than static passwords.

As a further example. My bank (Postbanken, Norwegian) requires me to use one token password to log on. Then if I am transfering money to an account which I do not own it requires me to enter another token password which has to be -different- to the one used to log in. Works quite well. There are vulnerabilities but most attempts at cracking fail.

According to MSFT, this affects less than 1% of their install base.

In my book, anyone running unpatched software deserves what they get.

To this day, there is no known spreadable virus written for Macs "In the wild."

On our campus we have 100+ Macs, all running Sophos AV much to our faculties displeasure because they believe Macs don't get virus's.

Yet on any given day as many will have a virus quarantined because our egghead faculty think the same way you do.

Making matters worse, removing a virus from a Mac is usually more time consuming than a PC.

Maybe. Trojans have started doing man-in-the-middle attacks so being in relative network proximity to an infected host can cause your SSL transactions to be compromised.

The malware guys keep updating their product for a reason: each time they release a new version into the wild, it often has a two- to ten-day head start before the security software companies update their definition files to detect it. In fact, many of the "fake security" products (the ones that scream "YOU HAVE A VIRUS!!! and demand money to remove it) are never detected by the major firms' products.

Bottom line: You do need a current anti-virus program, plus all the Windows Updates, a healthy dose of skepticism applied to any unfamiliar Web site, and a quick hand on the network jack in case something starts to download itself despite those precautions.

I keep my Common Sense 2.0 updated often. No worries here :P

It generates some of the most secure passwords and builds AND permanently manages a unique password for each site.

1Password will also help flag spoofing sites too.

There are so many choices now, and usually new computers come with one of them (Usually Norton or McAfee) preinstalled with a 3- or 6- month subscription.

Keep them updated, and they'll detect these trojans.

'Cause if it's the latter, I'm safe. On the other hand, the former, I'm EECB'ing my bank tomorrow.