I haven't updated any machine past 10.7.1 on 10.7, and 10.6.3 on 10.6. That means I've been left out of security updates for over a year. I don't have anti-virus or anti-spyware on any of my Macs. Have my machines been infected? No. I've had Macs since 1992. Macs have built-in security much better by default. Root accounts are disabled by default. Network ports are closed by default. And .exe files won't execute on a Mac unless it has Windows installed. Not that updating security isn't a good idea, but it isn't essential. And Macs have run Windows natively since 2006. But the open firmware is an EFI, which is not standard to any other PC. Point is, unless you are really paranoid, or don't trust yourself when it comes to e-mail attachment judgement, or downloading software, or peer2peer software, your risk is minimal. You run a much greater risk at data loss through your own error, and hardware malfunction, than any security hazard.