McAfee SiteAdvisor software, a free download -- a good addition?

You don't need that software; there are no viruses for Mac OS X, so it can't possibly protect you from something that doesn't exist. And the fact that it only works with Firefox is another sign you don't need or want it.

Joe --
Golden's right on the money.
Are you aware that you have a "Fraudulent website" warning system
already installed on your Mac?

It's in Safari > Preferences> Security>
"Warn when visiting a fraudulent website" box should be checked.

If you don't download things you're not entirely certain are safe,
you'll fine.

I don't wish to start a firestorm here--I mean this to be constructive and helpful, not to start an argument--but there are numerous other exploits, mostly running through Javascript, besides viruses. "Fraudulent Website" won't protect you against those. It may be true that Macs are far less vulnerable to these, and most aren't even directed at them, but some are platform independent. Macs aren't bullet proof.

And, there are plenty of sites, without being "fraudulent"--they won't make it onto Google's fraudulent list--that have either been hacked directly or indirectly (unintentionally, possibly through an advertising script, or XSS, Cross Site Scripting), or are directly intent on delivering a dirty payload of one kind or another. And, like a Trojan, or other similar malware, you don't get to make a decision to "Install" or not. There's so much more to this.

Firefox is the only browser--with the Add-On NoScript--I'm aware of that supports protection against these JS exploits.

It seems to me that even if there's only a small chance of picking something up, one would choose to take the path that would reduce that risk. I would love to see Apple offer some sort of Javascript protection with Safari.

And Site Advisor, or anything similar (like WOT), while far from perfect, can warn you about possible threats where Fraudulent Website probably won't.

Message was edited by: WZZZ

Firefox with NoScript is definitely a PITA at the beginning, until you get used to it, and as it learns your preferences. Eventually, it pretty much gets out of the way and isn't very much trouble (a little, sometimes.) I think it's one reason, among others, Safari users are reluctant to switch over. I know I was one. I still use Safari as my secondary browser, but FF when I want to feel safer.

There's nothing to fear, and there's no reason to use Firefox over Safari. Firefox is certainly awash with extensions that let you do more things with it, but it sacrifices speed and compatibility when Firefox is updated.

There are some JavaScript exploits, but you as the user must still let those be executed, and they can do no harm to your Mac, since root access is needed, and that can only be accomplished by you providing the administrator password.

Don't be paranoid over something that is so inconsequential and unlikely to happen. I've been doing this a long time and I've never had a problem yet.

Joe, before you make a decision, have a look at the NoScript FAQ's, especially ClearClick and Clickjacking, XSS, and ABE. These exploits happen without or without your permission or authentication.

http://noscript.net/faq#qa6_1

and

http://noscript.net/features

and, more general,

http://noscript.net/

Message was edited by: WZZZ

And there are reports of exploits gaining root privileges without user consent

There are no reports of that; those were for very specific exploits in the past that do not apply to recent versions of Safari.

I forgot to mention, even if you prefer to stay with Safari, you can always use Site Advisor to check on any site you feel may be doubtful. You don't have to use it as an add-on in Firefox. Just enter the URL.

http://www.siteadvisor.com/

The same with WOT and Norton.

http://www.mywot.com/

https://safeweb.norton.com/