Mac OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.
The most effective defense against malware is your own intelligence. All known malware that affects a fully-updated installation of Mac OS X 10.6 or later takes the form of trojans, which can only work if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?
- Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown site, merely in order to use the site, is untrustworthy.
- A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim.
- “Cracked” versions of commercial software downloaded from a bittorrent are likely to be infected.
- Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use ClamXav — nothing else.
No AV is sufficient to protect any Mac. They will all be fighting the last war and unable to detect anything newly emerging. No AV should give you a false sense of security. That said, Sophos, though there are reported problems from some, seems to be among the best.
ClamXav should not be thought of as meant only for Windows malware. It has a fairly comprehensive catalog of OS X malware definitions. I know several very advanced users who keep Sentry (the active scanning feature) turned on only for anything "where executables are likely to be created, such as /Applications, wherever your email client downloads attachments to, and of course your web browser's Downloads folder." They report no real hit to performance.
You will find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:
The User Tip (which you are welcome to print out and retain for future reference) seeks to offer guidance on the main security threats and how to avoid them, including how to prevent, detect and/or remove the Flashback Trojan.