This is really a great point.... but pls help me understand further with (1.) I know there has been a long debate regarding virus and malware. Just a newbie question from a very satisfied switcher (I can't live without my mac).
Sure thing.
A Virus is a program that is designed to cause irreparable harm (or at least annoyance) to your computer and you (deleting files, erasing the HD, etc). But that's not the worse part of a virus -- the worst part is that it is self-replicating, ie it will use the resources of your computer to send itself to other computers, which magnifies the harm.
The reason OS X is immune to viruses and is likely to stay that was is that applications simply aren't allowed to do this on Macs without the express involvement of the user -- and of course viruses don't want you to know they are even present, so of course they aren't going to ask your permission! Mac OS X *requires* an admin password to make any changes to the system.
Of course viruses are malware, but because the Mac is immune to viruses (and likely to stay that way), all OTHER forms of malware (worms, Trojans, phishing, bots) tend to be referred to as "malware" on the Mac. Macs *can* be vulnerable to Trojans and phishing threats because they try to FOOL the user into giving permission to install something they shouldn't. Once a malicious program has admin access, it still can't do a great deal of harm but it sure can be annoying (things like redirecting your DNS to other sites, for example).
A previous version of Flashback tried to fool people into installing it by masquerading as a Flash upgrade. Of course, any experienced Mac user would spot in a second that the installer wasn't legit, but most users aren't experts and that's how it gained a foothold (likewise with the "MacDefender" Trojan a year or two ago). Luckily, most Mac malware is still comically easy to avoid, even for the technology-challenged, which is why most attacks never get very far.
The most recent version of Flashback gave up on the idea of trying to fool users (since it wasn't working once word got out) and instead utilized a vulnerability in Java (which already has admin privileges) to get into systems WITHOUT the user being involved or aware. THAT was what freaked a lot of people out, though the "threat" was actually fairly minimal and the servers that the Flashback bot would have reported to were shut down. Turns out governments ARE good for something, who knew!
Anyway, between Apple's XProtect, keeping software up-to-date from legitimate sources, paying attention to the Mac community (through news sites and forums like this one) and not falling for "scare-ware" as I call it, you're not likely to ever be at much risk. The next version of OS X, for example, is introducing a feature called "sandboxing" (already working on most browsers) that would have stopped this Java Flashback stone cold. Mountain Lion will also (we hope) make it easier for users to have and manage "complex" passwords that are more resistant to brute-force attacks (though we've been pretty safe in that regard so far, it's definitely an area of weakness).
Bottom line: common sense should continue to be your first line of defense. If you really want to run an anti-malware program, well, that's your choice -- but there are several good FREE ones, so at least don't fall for paying for one!