Most people will tell you none. You probably don't need one at all, but for the full scoop, see my [Mac Virus guide|http://www.reedcorner.net/guides/macvirus>.
If, after reading that, you want AV software, either [ClamXav|http://www.clamxav.com> or [Sophos Anti-Virus for Mac Home Edition|http://www.sophos.com/products/free-tools/free-mac-anti-virus> are good, and free.
I run Sophos on one computer and ClamXav on another.
On the one hand, Sophos is a commercial outfit, who makes their money in the enterprise server AV domain, so maybe they might be more responsive to when a threat emerges?
And without any corroborating evidence to backup my following assertion, it seems like sometimes clamav (not clamXav GUI) could be slow about getting threats (those few trojans that are out there) on the signature list -- but I guess somebody has to report it to them first as I doubt they are out there actively seeking out OS X threats. But clamXav turned out to be easier (for me, anyways) to create a unix-based automated unattended weekly scan of the entire hard drive using clamXav's underlying clamav scanning engine (clamXav interface won't let you get into hidden system directories like /usr, /etc, /var, etc., so using clamXav's scheduler wasn't a help for me). I think that Sophos can look at everything, but I don't know for certain.
My employer makes its employees, Windows and Apples alike, use McAfee. While I haven't had any problems with it, I doubt that it is any better than clam or sophos, and those two are free, McAfee isn't.
So really, I suspect that one is just as good as the other and vice versa. Just choose one or the other if you feel the need to use a malware scanner. Like I said, since I run some internet-accessible services, I do; doing so helps me sleep better at night:)
This is somewhat of a joke, read the part about virus defintion updates.
I guess this would be good if you always wanted to really be behind.
I would say that ClamXav and Sophos would be the best 2 free apps out there that seem current in their protection.
My experience is the following:
Norton AV (Norton System Works for MAc Vers. 3) used to be THE tool before 2000 or so. Than I got more and more suspicious because each and every time when my subscription for updating virus definition would end I got all of a sudden much more alerts. As soon as I paid again for one year subscription almost no alert came up anymore. For a while it I had the impression that Symantec would not really care anymore about Macintosh's community. In addition I had the feel that the rest of Symantec's suite for Macintosh had been deteriorating also i.a. not much interest by Symantec. Now those guys did wake up and offer new software to care for Macintosh. But I remain skeptical. Even for maintenance issues there are good and mostly free or shareware programs available which install much less hidden stuff.
As to sophos I had only one experiment with their customer service who seems to focus on rich companies. So I had the feel if I am not a big guy I should not waste their time … so I walked away. I still don't like their attitude for example when I met people from the at the German CeBit.
With VirusBarrier I had only problems because this software did get in-between so many "good" processes from professional programs (like Adobe Photoshop, Microsoft Office) and made them slow, freeze or crash that I just removed all software. I still have the feel, that the VirusBarrier programers focus on showing off how well the can interrupt my workflow instead of remaining in the background AND avoid to block so much of my processor power.
I must agree to what has been said before. You actually do not need an AV … but I like to add: If you communicate with others who have a PC it would be fair to avoid spreading viruses to them even if it does not hurt me. A virus or trojan may be in a picture or (latest news) in pdf-files. So - my biggest requirement is that a AV can be turned off when I want it to stop ALL activity (especially those in the background). So I have installed clam and clamX on an external drive which I also use to test new software. Whenever I know that I will not use my computer for 1 or 2 days I turn on ALL external drives starting via my MacBook from my external test-drive. Then I start a detailed scan of everything. Same applies when I exchange pictures or other files. Then I start from my test-drive and scan the folder with the respective files.
By the way - Kaspersky is also offering Mac-Software. I use their PC-Version with my Windows-XP in ParallelsDesktop. Works great and is free via a German Computer Magazin (Computer Bild). But they seem to have the same approach as Symantec used to have … shortly before the annual subscription expires the messages get more and more dramatic. But since the subscription for the PC (not the Mac!) is free - you just have to go through a certain routine i.e. its not so bad.
My proposal for protecting a Mac-computer:
Using the internet via a router with a firewall built in protects quite a bit already. Within the router configuration I have blocked access for ANY new device i.e. only the 2 MacBooks, our web-radio and the iPad are allowed access the internet. Any other device requires the input of the admin-password as well as the router-password and in case of WLAN that respective password. I learnt that passwords up to 15 character are at danger if attacked by brute force. So I have a much much longer (theoretically it could have up to 64 characters).
I have not activated the MacBook firewall to avoid similar mess a with running 2 AV at one time..
For formal stuff like online banking and other addresses which are for sure not "criminal"web-links like contacting public services at the cityhall or my public library I use Safari.
For the rest I use Firefox with the plug-ins NoScript, WOT (including community-exchange), Flagfox. Whatever alerts I get from those plug-ins I obey.
As permanently active software I only have installed LittleSnitch. That software is worth its 30 Euro (about 40-45 USD). It has shown many alerts on programs try to "call home". I am confident that LittleSnitch would show an alert the moment a a trojan would want to contact its home-server. But I am optimistic that I will not see such an alert in years to come.
Based on the comments in this threat I will now test nmap from http://nmap.org/
This should hopefully allow me to block ports in case of them being accidentally open allowing illegal access.
If someone can provide information or links which ports should have which open/close-status especially those ports mostly used by hackers for "viruses-action" I would appreciate it
I learnt that passwords up to 15 character are at danger if attacked by brute force.
So I have a much much longer (theoretically it could have up to 64 characters).
That's basically a problem for Windows. Not Mac OS X (or any other OS for that matter).
Based on the comments in this threat I will now test nmap from http://nmap.org/
This should hopefully allow me to block ports in case of them being accidentally
open allowing illegal access.
If you're in Germany, I'd think twice about that. I'm not sure how nmap is considered under StGB Section 202c.
Hi. G.Wolfman thank you very much for your warning ...
I was not aware of that fact. Even for IT-professionals it can be regarded by law enforcement that they prepare for a crime if they ONLY have the software nmap on their computer. The question if it would be a crime if you use it for "good" work like repairing your own computer problems is still open. The highes German court in Karlsruhe (Bundesverfassungsgericht) has already rejected a complaint that this law would be unconstitutional.
For the German readers here are interesting links:
If you have problems with these links search for 202c StGB hacker
By the way ... also Swiss computer users should be careful §143-144StGB
<Edited by Host>