That is not actually true. There are actually very few "trojanized" keyloggers for the Mac. Very little malware of any kind at all. I've been tracking it for years, and I only know of 30 different malware programs (not counting slightly modified variants of each) for the Mac. At this point, all of those are either extinct or exceedingly rare.
Its actually very true. I am not talking about Trojanised keyloggers, i am just talking about keyloggers in general. Do a google search and you will see that anyone can buy a keylogger and include it in their own open source software which 90% of people run without even thinking, and without even scanning because they believe Mac's dont need Malware scanners.
Most of the recent Mac malware has been used for targeting specific organizations, and is almost guaranteed not to be seen by anyone else.
Its very dangerous to think that just because you are not a big company, you are not a potential target. There is just way too much evidence to suggest the contrary.
Because of Gatekeeper, if you're running Mountain Lion. If you use the default settings, it will prevent software that is not signed by a registered developer from running. There's no way any hacker is going to register with Apple so that they can digitally sign their highly illegal software! And even if they did, Apple would simply revoke the certificate and add that software to their XProtect definitions so it would be identified as malware.
Like others have suggested here in this thread, the reality of Gatekeeper is that most people cannot use it because the software they need is not available on the Apple store. Anyone with even a passing interest in open source software will not be able to turn it on. It might be fine for the mom and pops out there, but most wont have it enabled. I agree if all your software falls under this banner than your security profile is lifted quite substantially, but otherwise if you are any sort of power user on a mac you will most likely have it disabled.
Note that firewalls have no role whatsoever in protecting you against malware, and most "network protection" software isn't doing a whole lot that is useful. A lot of malware these days is distributed through legit sites that have been hacked, and dedicated malware servers hop around. Buying software that will block access to known malicious sites isn't a reliable way of protecting yourself.
I agree with you here, but thats not what I was trying to say. There is no silver bullet for Malware protection, but if you are going to actually get some AV software, at least make sure you have some added protection that will be of use.
No one single function will save you, but multiple layers of security is always a benefit.
Having a firewall is not about reputation, its about ensuring you understand what communication is happening on you computer. Just because you cant rely on reputation for ensuring that you are protected against traffic going to malicious sites doesnt mean you should just throw your hands up in the air and get rid off all security alltogether.
At the end of the day, nobody cant stop targeted, well designed malware, but it doesnt hurt to have as many layers of security as possible to ensure you are not going to become a victim.
This thread has some great discussion in it, but anyone who thinks just because they are on a Mac they are automatically protected is just a potential victim in waiting.
Is it going to take an even greater Mac virus outbreak before people realise this? I for one would rather be a bit more proactive than this.