OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn’t rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.
The most effective defense against malware is your own intelligence. All known malware on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of trojans, which can only work if the victim is duped into running them. If you’re smarter than the malware attacker thinks you are, you won’t be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?
- Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown site, merely in order to use the site, is untrustworthy.
- A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim.
- “Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
- Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
Never install any commercial “anti-virus” products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.