I'm not putting any words in your mouth. Saying that there is nothing to be concerned about is equivalent to saying that it's not a threat. In other words, if there's nothing to be concerned about, logically there can't be a threat (threats, after all, are what they are precisely because there is a concern about something happening).
I think that you are arguing semantics where it really isn't necessary. "Threat" is a term of art that computer users tend to use to describe individual pieces of malware. But if you want to go back and isolate and finely define (or re-define) all of the terms used in this thread, I guess there would be no harm in that. I'm not interested in doing that myself, though. I think that folks understand what I'm saying.
I'm not saying that every user needs to go install A/V but there's a particular irony in effectively discrediting A/V companies now and saying that, when the time comes, faith in them will somehow magically manifest itself.
Once again, you are putting words in my mouth. I haven't said that AV companies are evil, that their products don't work, or anything like that. (But they do tend to exaggerate to sell their products. I don't think that anyone who knows computers would argue that.) I have said that most Mac users don't need their products right now, and I stand by that. But that doesn't "discredit" them. In another thread here on Mac-forums I've even linked to a comparison test that showed that some Mac AV software is surprisingly effective. It's effective against malware that no one here is likely to ever encounter, but it is effective nonetheless.
Vouching for reactive security against malware is terrible advice.
Where have I said that "reactive security" is the *only* way to go? Why do you insist on putting words in my mouth?
Sure, there are a number of small things that one can do to decrease one's potential exposure to malware: turn off Java in your browser (or don't install it at all if you don't need it), turn off "open safe files", don't click on links in e-mails if you aren't absolutely sure that they are to somewhere safe, etc.
Didn't I just recommend some of this to help folks avoid the Javascript scareware that fools folks into believing that it is Cryptolocker?
Why not establish best computing practices now, encourage people to critically think about malware and be open to the idea that viruses and more pernicious malware is coming.
And where have I said that Mac users shouldn't do all that? I've frequently given links to sites that instruct in such practices.
Why don't you write us a long post on "best computing practices" if you think that is important?
I certainly believe that more malware is coming. In fact I'd be willing to bet on it.
However, I wouldn't bet that it is sure to be "more pernicious." In fact, I believe that the MacDefender debacle, where the perpetrators were all caught and put into Russian prison after they spent a huge amount of time and money creating their Mac malware, will act as a cautionary tale to organized crime syndicates contemplating pursuing Mac malware as a viable means of making money.
Time will tell. But since Mac AV software doesn't work against as-yet unknown malware (it requires that a sample be found, examined, and that an update be created and pushed out to users), I certainly don't recommend that folks purchase AV software to protect themselves from malware that doesn't exist yet, and which may never exist, or which may at some point exist but never be a concern.