My experience is the following:
Norton AV (Norton System Works for MAc Vers. 3) used to be THE tool before 2000 or so. Than I got more and more suspicious because each and every time when my subscription for updating virus definition would end I got all of a sudden much more alerts. As soon as I paid again for one year subscription almost no alert came up anymore. For a while it I had the impression that Symantec would not really care anymore about Macintosh's community. In addition I had the feel that the rest of Symantec's suite for Macintosh had been deteriorating also i.a. not much interest by Symantec. Now those guys did wake up and offer new software to care for Macintosh. But I remain skeptical. Even for maintenance issues there are good and mostly free or shareware programs available which install much less hidden stuff.
As to sophos I had only one experiment with their customer service who seems to focus on rich companies. So I had the feel if I am not a big guy I should not waste their time … so I walked away. I still don't like their attitude for example when I met people from the at the German CeBit.
With VirusBarrier I had only problems because this software did get in-between so many "good" processes from professional programs (like Adobe Photoshop, Microsoft Office) and made them slow, freeze or crash that I just removed all software. I still have the feel, that the VirusBarrier programers focus on showing off how well the can interrupt my workflow instead of remaining in the background AND avoid to block so much of my processor power.
I must agree to what has been said before. You actually do not need an AV … but I like to add: If you communicate with others who have a PC it would be fair to avoid spreading viruses to them even if it does not hurt me. A virus or trojan may be in a picture or (latest news) in pdf-files. So - my biggest requirement is that a AV can be turned off when I want it to stop ALL activity (especially those in the background). So I have installed clam and clamX on an external drive which I also use to test new software. Whenever I know that I will not use my computer for 1 or 2 days I turn on ALL external drives starting via my MacBook from my external test-drive. Then I start a detailed scan of everything. Same applies when I exchange pictures or other files. Then I start from my test-drive and scan the folder with the respective files.
By the way - Kaspersky is also offering Mac-Software. I use their PC-Version with my Windows-XP in ParallelsDesktop. Works great and is free via a German Computer Magazin (Computer Bild). But they seem to have the same approach as Symantec used to have … shortly before the annual subscription expires the messages get more and more dramatic. But since the subscription for the PC (not the Mac!) is free - you just have to go through a certain routine i.e. its not so bad.
My proposal for protecting a Mac-computer:
Using the internet via a router with a firewall built in protects quite a bit already. Within the router configuration I have blocked access for ANY new device i.e. only the 2 MacBooks, our web-radio and the iPad are allowed access the internet. Any other device requires the input of the admin-password as well as the router-password and in case of WLAN that respective password. I learnt that passwords up to 15 character are at danger if attacked by brute force. So I have a much much longer (theoretically it could have up to 64 characters).
I have not activated the MacBook firewall to avoid similar mess a with running 2 AV at one time..
For formal stuff like online banking and other addresses which are for sure not "criminal"web-links like contacting public services at the cityhall or my public library I use Safari.
For the rest I use Firefox with the plug-ins NoScript, WOT (including community-exchange), Flagfox. Whatever alerts I get from those plug-ins I obey.
As permanently active software I only have installed LittleSnitch. That software is worth its 30 Euro (about 40-45 USD). It has shown many alerts on programs try to "call home". I am confident that LittleSnitch would show an alert the moment a a trojan would want to contact its home-server. But I am optimistic that I will not see such an alert in years to come.
Based on the comments in this threat I will now test nmap from
http://nmap.org/
This should hopefully allow me to block ports in case of them being accidentally open allowing illegal access.
If someone can provide information or links which ports should have which open/close-status especially those ports mostly used by hackers for "viruses-action" I would appreciate it