If I might offer a correction: "...not aware how risky it is to use a fully-featured OS..." Although the kernel of iOS is similar, an iPad might appear more secure because it simply lacks features - such as a file system and extensible modular device drivers.Thanks everyone. I was not aware how risky it is to use a Mac. As I said earlier, I had actually planned to be iPad only as I get older, and have fewer things to commit to memory, maintain, and worry about being compromised. I feel like it's just as likely that I could make one of the errors you are all explaining when I'm logged into the Admin account, which would be needed, so maybe the Mac is not for me after all. I've got until Jan 8th to return it if I decide to, so at least I wouldn't be out any money.
It's a shame that Apple allows us to set it up with such risk without any warnings.
IOS is generally tighter because it can afford to be; expectations of its intended demographic are managed. If an iPad fulfills your use cases, it could be a prudent security decision to dispense with the attack surface inherent in a full-featured OS. Cheaper, too.
Certain (many) use cases require a full range of full-power apps, a fully journaling, fully auditable file system, with multiple levels of encryption, and ability to curate and transfer files ad-hoc and offline. Furthermore, there's no IOS version of an app that holds a candle to its counterpart on a Mac or Windows or Linux/Unix.
MacOS (and Windows and Linux) IS more secure these days, as one would certainly hope. And Mac OS is replete with warnings, prompts and alerts. However, if one needs a full-featured OS, and there are security controls available, those controls should be invoked, however frustrating it might seem. Consensus of the world's focused, skilled, experienced IT security professionals are not wrong about restricting normal daily operations from admin permissions.
No single precaution is a silver bullet. User Vs. Admin account segregation is a basic start, not a whole solution.
OMG, just go with an admin account, it’s the default, and thereafter never give permissions without knowing why. It’s that simple.
Defaults are constructed for lowest common denominators. Apple literally advises segregating daily use from admin access. Apple decided they couldn't force this issue because the LCD's would get angry and start comments with "OMG."
Everyone needs to understand that a skilled hack isn't going to prompt for permission. That's what HACKING is, and when it's done right, it starts with a quitet, low-key toehold, then works to elevate to admin, then establishes persistence. ONLY THEN might you see any signs of exploitation.
The nasty stuff, the genuine large scale threats, are not ransoming your porn and taxes, or stealing stupid bitcoin wallets. They simply persist until called up by their command and control to execute larger distributed hacks. We discover and disable this kind of thing all the time; a few incidents are published, must remain under wraps (it's boring). And our advice is always the same: At very least, just to start, don't daily drive a *** **** admin account.