Mac OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, thereâs no benefit from any other automated protection against malware.
The most effective defense against malware is your own intelligence. All known malware that affects an up-to-date Mac OS system takes the form of trojans that can only operate if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?
- Any website that prompts you to install a âcodec,â âplug-in,â or âcertificateâ that comes from that same site, or an unknown site, merely in order to use the site, is untrustworthy.
- A web operator who tells you that you have a âvirus,â or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim.
- âCrackedâ versions of commercial software downloaded from a bittorrent are likely to be infected.
- Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developerâs website. No intermediary is acceptable.
Disable Java (not JavaScript) in your web browser(s). Few websites have Java content nowadays, so you wonât be missing much. This setting is mandatory in Mac OS X 10.5.8 or earlier, because Java in those versions has bugs that make it unsafe to use on the Internet. Those bugs will probably never be fixed.
Follow these guidelines, and youâll be as safe from malware as you can reasonably be.
Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use ClamXav â nothing else.