There are many different opinions on this matter, but ultimately you're the only one who can decide. You should do so if possession of the full facts. Read my Mac Malware Guide.
Note that although ClamXav definitely won't cause any performance or stability problems, some testing I did recently shows that it doesn't do a great job of detecting Mac malware. See Mac anti-virus detection rates.
I'd say better having more security than less.
I'm a security consultant and since years I've considered OSX as saver than anything.
Unfortunately, let's face reality here, it's not true anymore. Not for a lack of security consideration from Apple. They take it seriously indeed with lots of nice stuff. But with the importance of the target that OSX has become over the years, with all our pleasure to see the apple stuff growing in the field.
Now Apple's OS is a nice target for malwares, as nie as Android where malwares grow over too many % last year.... Though the attack surface is still less than windows and all, but it's nevertheless attackable.
The issue comes first from the user (saying yes to anything) and from other programs (java, flash, for the main parts), that offers some openings to attacks. The OSX itself could still leave some blind spots, such as the Personal Firewall not active by default...
For a non connected user, I'd say you can live years without any security setups.
But for an online user, better adding security than ignoring it!
The safe things to consider (my favorites):
- use an Antivirus, whether Sophos, Clamxav, Bitdefender, Virus Barrier, .... some free some not. But skip the ones that popup on you browset saying you have been infected !!!! (look at the I use Sophos but it's honestly difficult to say which one is most effective than an other one.
- use this antivirus WHEN you download any file from Internet, moreover programs... and run a full scan every week. (yeah I know I'm paranoid ! :-) )
- disable "Open safe files" in Safari... it's a again a shame to consider correctly downloaded files from being "good". Some may be evil and your AV should be here for this... but is it active?
- use a safe surf without add-ons and scripts: not easy today but wise anyway. Use "noscript" in Firefox, "scriptno" in Chrome or "Javascrip blocker" in Safari. You DON'T WANT any site to run any program on your machin, do you? What it means is that some sites can have some bad contents with scripts doing the bad things. Even trusted sites and forums can refer to other sites where these bad things resides without knowing it.
- some add'ons to Safari / Firefow et all: Adblock, noscript, ghostery,
- prevent from login to any site with the same account (say "email@example.com" for example) and use DIFFERENT passwords... Not easy to remember? use Lastpass or similar
- activate the personel firewall (NOT active by default, a shame) to prevent any unwanted entrance to your world. Again if you stay at home, less demanded; but much more important on public wifi (I should say mandatory)... At least it covers the usual inbounds (what enters your machine, defaults are still large). It does not cover the outbounds (what programs use your machine to go to internet...), "Little Snitch" is a good tool to use for this.
Ok I know you can consider that I'm overly paranoid... and you probably right! :-) but what the **** to be safer than not? Nice to consider, isn't it? ;-)
Have a safe OS and surf!
Except for the fact that all of the AV software currently available can't protect you from something that has not been written yet. The virus must be written and discovered and then the AV software has to be update to detect it. Currently I see the AV software as a waste of comptuer source and offering the users a false sense of security. Hence my recommentation to AV them at the current time.
I agree with you on this. Most AV use virus databases that always need to be updated. And these do not cover the most advanced threats over there (we call them APT for Advanced Persistend Threats, such as Duqu, Flame or most commonly known Stuxnet).
So better having the a security minded behaviour than letting the (best?) tools doing all the job!
Even the ones that I listed above are not alone here. The user has to be also self conscious that what he does has some importance. If he decides to launch a program that the AV (as an example) told him not to run... he takes the responsibility...
You have very good points in your (long) post. Hey Arucker17, please give you view on such outgoing discussion!!! obviously I found someone with interesting ideas ;-) (not against mine btw, at least I want to believe it).
We shoud not rely only on a single antivirus, that is a fact. They do cover a portion of our activity on internet (and elsewhere also). But they do not cover everything.
And other commin soltware usage are a good thing to monnitor. Eventhough this is a common practise to use either Flash and/or Java, both have security flaws that can be exploited today. And probably more to discover!!! even in those or other softs. Both Adobe (for flash) and Sun (for Java) are not exactly what we call good security minded companies.
So better rely on less softwares than more.
For Arucker17. You are safer on Mac than on Windows. But pay attention to what kind of content you accept anyway. Its commonly known/practice that MacOS has a better security footprint that Windows but it does not mean immunity either. So using some good security practice will hekp in the future anyway.