Originally posted by Pae
I can accept that. My perspective is that I am a mac user and it has been my experience that their original claim is quite true. I don't have virus protection, and never needed it.
Actually, the fact is that even a basic XP with SP2 and a batch of updates (which is what I'm running - not the latest updates, but everything up to maybe 6-12 months ago) is immune to the most common external attacks. Most malware (this problem is way broader than the technical term "virus", so I'll use "malware" instead) comes from either:

1) An external intrusion - an unsolicited network-transported stream of data which affects operation
2) Execution of infected code - the classic virus; also trojan horse attacks
3) Vulnerabilities in an otherwise good and useful program such as a web browser, exploited maliciously.

Ultimately, you can't execute code on a computer unless that computer chooses to execute it. I had to argue this point with my sister a while ago - you fundamentally cannot reprogram a computer through its network port unless that computer is specifically choosing to respond in that way. Buffer overrun errors can result in the execution of arbitrary code, but they are (a) fairly easy to code against (which leaves you wondering why there are so many in Microsoft code), and (b) somewhat tedious to exploit, so only a pretty determined attack will succeed. (You may be able to crash something via a buffer overrun, but getting it to execute your own code is much harder.) This means that, for the most part, only major targets like the base Windows code and Internet Explorer are going to be targeted.

Microsoft has had a history of fairly poor security, this is true; but even Microsoft manage to fix a few problems now and then, no matter how much people may point cynically to the still-long bug list. A raw, unpatched, no service pack XP system is pretty vulnerable; but slap on SP2 (avoid SP3 for now, but once it's less buggy, you'll be able to say the same about it) and a bunch of patches, and even without enabling Automatic Updates, you're fairly safe. Of course, if you're doing something as idiotic as running a major bank server on Windows XP, then you'll want something a tad better than this; but for the average home user, it's not too bad. I've run happily for over a year like this, and practically all my problems can be pinpointed to a fault between the keyboard and the chair.

All it takes is a common-sense approach to code received from untrusted sources, and you're fairly safe against most attacks. Yes, you might get SYN-flooded or laid low with millions of fragmented pings, but neither attack is going to leave you infected with malware. Of course, you really DON'T want to leave NBT active on your internet connection, nor do you want to go executing code out of Picture.JPG.SCR files that strangers email you. Avoid Microsoft LookOut Express, and funnily enough, most email virosus don't work.

So, having "piled an awful lot of words onto one page", I guess I should put an executive summary down. Pae, you're quite probably safe, running without protection. But so would a Linux box be. So, definitely, is my OS/2 box. And so can a Windows box be, too. It's definitely easier for non-Windows to be safe, for numerous reasons, but there's nothing magical about Macs that keep them virus-free, nor anything accursed about Windows that means you spontaneously get attacked. It's just that Windows happens to be fairly buggy.