My thought (with no research done) is, Mac malware is 90% phishing/user tricking, 9.99% Word macros and 0.01% possibly real (it can happen, it just so rarely does, and it can be something unix-wide). Windows is 70% user tricking, 25% because (nearly?) everything is run with admin privileges, and 5% zero-day/could attack an unprivileged account.<p>I'd like to know where I'm wrong so I can comfortably tell people this.