Engineer to be secure
"Why not engineer the product (OSX) to be secure? "
"Sure.. nothing can be guaranteed to be 100% secure at any time.. but as a vulnerability is discovered it should be fixed.. and if there is a period before the fix is delivered then the OS vendor and their product needs to be able to cope by itself... not require the customer to buy an "extra product"."
Vulnerabilities ARE fixed as discovered (although, I've found Apple MUCH slower about doing this than say Canonical...), and "if there is a period before the fix is delivered then the OS vendor and their product needs to be able to cope by itself" is nonsense. People are HAND designing these viruses and spyware to successfully affect the system. These systems are *designed* to be secure but people do make mistakes... if coders were perfect there'd be no security updates. (That said I run Ubuntu rather than OSX).
That said, I'm thinking this may cover things pretty well:
"if you run an unknown app and it suddenly asks for Admin rights, you can be fairly confident it's probably up to no good." The big difference on the Mac (and Unixes in general), THEY DON'T JUST RANDOMLY DECIDE TO RUN CODE. (Also, Ubuntu at least has stack smashing and etc. support, that the app can't just request to turn off like in Vista.)