You will find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:
The User Tip (which you are welcome to print out and retain for future reference) seeks to offer guidance on the main security threats and how to avoid them, including how to prevent, detect and/or remove the Flashback Trojan.
You will get many different, diametrically opposed opinions on this topic. Some things you should know before deciding for yourself if you need or want A-V software:
• "A-V" software attempts to protect you from all kinds of malware. The "V" does stand for virus, but that is just a historic reference to the first kind of malware that appeared many years ago. Many different types of malware now exist.
• Malware known as "trojans" tries to trick you into downloading & installing it by masquerading as something benign or useful. This may infect a legitimate web site that has been compromised or a counterfeit site masquerading as a legitimate one. It is increasingly difficult to tell if a site is what it claims to be or if it is infected.
• A type of web page based attack known as a "drive by" does not rely on tricking you into downloading anything. All you have to do is visit (drive by) the page for the malware to attempt to infect your computer. The most recent variants of the now famous FlashBack malware were spread by drive by attacks.
• No OS is invulnerable to malware - period. Apple has patched dozens of security vulnerabilities since OS X was first released & there is little doubt that other vulnerabilities still exist, waiting to be discovered & exploited.
• Apple quietly introduced its own proprietary form of A-V protection built into OS X in an update to Snow Leopard informally known as "X-Protect." It protects against a number of the more common, mostly trojan-based malware threats & occasionally is updated to protect against more. However, as of this date it is not capable of detecting the most recent attack methods.
• Essentially all security related features must be updated regularly to protect against newly discovered vulnerabilities. So called "zero day attacks" are attacks made before that occurs. Thus, it is important to update your software ASAP after an update is released.
• In general, A-V software is updated much more frequently than OS software, & most A-V products (including X-Protect) do this automatically.
• The most effective security is multi-layered; IOW, it protects at different levels in different ways so that even if one layer is penetrated, the next layer may stop the intrusion. So aside from A-V software & OS updates, you might want to consider other things, like OpenDNS or security related browser plug-ins.
It is also a good idea to be a bit skeptical of anything that in effect says, "Do this & you will be fully protected from all forms of malware," no matter where it comes from. (Please note that this is not intended to single out any individual or any other entity!)
Malware is constantly evolving & getting more sophisticated. It is now almost entirely created by criminals trying to make as much money as they can with as little risk to themselves as possible. OS X users that don't take these threats seriously are targets ripe for their attacks, the "low hanging fruit" they would be stupid to ignore.
It is a very poor bet to assume they are all that stupid.
There is no final victory, no end to this, any more than there is for any other kind of criminal activity. Effective security will always be a struggle between the good guys & the bad guys.
What really gets my goat is the typical boiler plate I often see here to the effect of the best defense you have is the one between your ears: be smart, don't do this, don't do that, you have to be tricked into giving your password etc. That's all fine, but I don't care how smart you are, if you were unfortunate enough to have Java enabled in the browser because you didn't know the past history of relentless Java exploits and you happened on one of the malicious Applets, you got infected. I think this was a game changer and the people who are still issuing that kind of boiler plate ought to give the whole topic a rethink.
As to whether or not to run AV -- whether it's worth the possible problems -- I really don't know the answer. I'd rather tell someone I don't know, than blow them off with some authoritative sounding crap.
T. Reed has a nuanced take on this. (See "Do I need anti-virus software?)
Then don't bother posting.
Why? It isn't an open and shut case. I don't think anyone really knows the answer either way. I'd take with more than a few grains of salt the opinion of anyone who says they do; I'd rather leave it up to the OP to take some time, do some more research, give them some things to think about, perhaps try one of the better AV programs and form their own opinion. Much better than one of the self appointed "experts" here telling them what to do.
I thought RC_R's reply was a good beginning.
As far as the user is concerned viruses and malware are one in the same. To say there are no viruses is incorrect. The chances of being infected is very slim and like you said will probably only happen if you visit sites that are not trustworthy but sometimes legitimate sites can get compromised and infect users.
Installed the java updates, but I'm unsure and really would like to ensure the security of my computer.
Would appreciate any help or advice on the matter, thanks!
I'm a fan of antivirus software. I run ClamXav on my mid-2007 MacBook and have found it's been most useful in detecting Windows viruses on USB sticks that have been used on Windows systems. For me, this is great because it enables me to clean the USB drives before using them on other Windows systems. Networked computers should be viewed as being promiscuous. We just can't be sure of who they'll interact with and whether the intentions of the other parties are good.
Many users think that OS X doesn't require antivirus software. I think that's misguided and potentially dangerous. While many of the exploits in the wild require user participation to succeed, drive-by exploits such as Flashback for which you've already patched your system can do a certain amount of damage even when running with reduced "general user" privileges.
Personally, I've found ClamXav Sentry to have very little impact on the performance of this system. As such, there's very little reason I can think of to avoid it.