I often hear people refer to third party commercial anti-virus software as “insurance”. The thing is, you don’t always need insurance. Not all possible eventualities are equal. When that volcano insurance salesman comes by, you may not want to give him or her a lot of your time…or money.
Here’s the deal. I don’t want anyone to get the impression that there is no malware for the Macintosh, or that I’m saying that there is none. I haven’t counted manually, but the archive of Mac malware examples that the consortium of anti-virus software manufacturers use has less than 200 examples, all of which have accrued since the advent of OS X, over 20 years ago. The thing is that just about all of those examples, at this time, either don’t work, or they don’t exist in the wild anymore, or the Macintosh has been hardened against them, or a combination of these. There just isn’t a lot of malware for the Macintosh. (The popular press has folks scared to death about malware. But that’s because they are talking about Windows, not the Mac. There are over a BILLION examples of malware for Windows. Windows users SHOULD be scared. But the Macintosh isn’t Windows.)
It isn’t that the Macintosh is “invulnerable”, it is that writing malware for the Macintosh is very hard… and expensive.
Modern malware is almost exclusively written for financial gain. (With the odd bit of malware written to target a particular socio-political group, usually in the far east. These exploits usually aren’t seen in the west.) Whether it is to serve up ads, or to scam users out of their money, it is all about a profit motive.
The Mac isn’t easy to write malware for. The Mac OS was designed for security, and Apple has been adding more and more layers of security with each new version over the past 20+ years. So, it takes a significant amount of time and money to write viable malware for the Macintosh. It’s not an endeavor for sociopathic teens with too much time on their hands as it often is for Windows. This means that it will take months to push out a new exploit for the Mac, representing a large investment in time and money. (I’ve heard speculation that it might take millions of dollars to write some types of common malware for the Mac.)
So, the bad guys need to create malware that will bring a large return on investment that will recoup their costs, and then some. The thing is, Apple has shown that they will reasonably quickly harden the Macintosh to any new malware. Plus, since it apparently has proven to be exceedingly difficult to write actual viruses (i.e. self-propagating/disseminating malware) for the Mac, any malware written for the Mac will almost certainly be a Trojan Horse that will be very difficult to disseminate to a large audience (because it is very difficult to spread a Trojan Horse anonymously and avoid prison) before the source that is disseminating it is discovered and shut down.
What that all means is that even if the bad guys can write effective malware for the Mac, it might turn out in the end that the entire endeavor is a money loser for them. This tends to make the Macintosh an unattractive target for creating sophisticated malware for. As a result, we don’t see a lot of malware written for the Macintosh.
I want to note that I’m on about half a dozen large Macintosh discussion forums. These comprise well over a quarter million Mac users. NO ONE on these forums is complaining about losing data or money to some virulent malicious malware, or any other sort of security breach. Ironically, the closest thing to that I see is a few people have been experiencing scary notifications imploring them to renew fictitious subscriptions to McAfee AV software.
If you are paranoid, and you feel that Apple’s built-in security features aren’t sufficient, I’ve already mentioned earlier in this thread several excellent tools that you can use to assuage your fears…all of which are free. You don’t need to be cheated out of your money by some company that makes Windows anti-virus software which they have crudely ported to the Macintosh.