The second a true self replicating virus hits OS X, it will be on every news agency and odds are you will learn how to defend yourself before any virus definitions get updated.
Your confidence in the ability of security experts to detect, analyze and distribute a work-around in a short time-frame for a zero day exploit (http://en.wikipedia.org/wiki/Zero-day_attack ) is cute.
(Safari has had zero days before: http://www.bing.com/search?q=zero+day+exploit+in+safari& )
Especially given that because hardly any OS X users run any sort of protection and likely don't have any sort of network monitoring, the only way they'll detect an infection to report to a security company is via dumb luck or the virus announcing itself.
I.e., there's a good chance a significant portion of users will be infected before the virus is analyzed.
The IP ranges of the big AV companies are well known. Any virus worth its salt these days avoids attacking those ranges to avoid detection...
with regards to AV definitions:
http://en.wikipedia.org/wiki/Checksum
http://en.wikipedia.org/wiki/Heuristics#Computer_science
Heuristics enables a scanner to detect something isn't quite right and report it, even if it has no explicit AV signature for a new virus.
Checksums enable detection of changes to system files...
Last edited: