Best Argument: Apple's fault
Apple needed this reality check
A decade ago, in response to a string of debilitating network worm attacks, Microsoft implemented “Trustworthy Computing,” a major initiative aimed at making the world’s most widely used operating system more resilient to malicious hacker attacks. It worked. The security posture of the Windows operating system has improved and Microsoft’s security response process is now the standard that others -- like Adobe -- are copying.
Now it’s Apple’s turn. The company must use the Flashback attack as a reality check and reject the security-by-PR approach that tricked its user base into complacency. Apple needs to take the security game seriously. We are no longer in 2006 when Macs were deemed safe from attacks and cute commercials could be used to sell an operating system. Flashback is the first major Mac botnet but you can bet there will be more. Apple cannot afford to ignore the lesson of Flashback.
Users have the power
There are many reasons that we use and love our Macs so passionately. First and foremost is a nearly flawless user experience. Apple has, without a doubt, set the bar for great software integrated seamlessly with hardware that is at once elegant, artful, and totally usable.
None of that, however, is worth a hill of beans if using Apple products means exposure to malware that the company ignores without a media frenzy. Of even greater concern, though, is a user base blissfully unaware of security issues without said media frenzy. Sure, we should be able to expect our OS vendor of choice to proactively address security issues. But if we don't back up those expectations with our pocketbooks, Apple will never take the same leadership role in security that they have in hardware and software design (or, for that matter, that Microsoft did when users began to walk away).
It's squarely on Apple's shoulders
What I really liked about this debate is that it got past all of the hype and scare tactics that always surround big security incidents and tried to get at the real threats and provide users with some actionable tips for dealing with current and future security threats on Macs. Chris was right on the mark about the fact that users who own Apple products have had a false sense of complacency for too long and they need to demand better security practices from Apple, and move to other products if security is important to them and Apple doesn't deliver any meaningful improvements in its security practices.
Ultimately, we have to place the onus for the Flashback Trojan squarely on Apple's shoulders. The company dragged its feet for almost two months in getting out a security patch, and once it did, it released it quietly in the background without alerting users. These are not the practices of a company that is serious about running a highly secure platform that is accountable to its users. That's why Ryan clearly wins this one.