Mac OS X users are notably resistant to the ploys of anti-virus, anti-malware, and security-monitoring software offered for our platform. "What - me worry?" could be our motto, as well as, "Not paying for that!" Over the long haul, that attitude has served us well, but the nature and diversity of risks has increased, and is likely to get worse.
McAfee Internet Security tries to address the virus, malware, and Trojan Horse issue directly, but also includes a robust, configurable firewall along with a Firefox plug-in that vets and reports on search result links. Despite my many years without such software installed, I'm strongly tempted to continue to use the package after testing because it's a multipronged and easy-to-manage extra layer that doesn't seem to slow my computer down one bit, while providing useful information and the right degree of control to block remote access.
The fundamental problem with a tool that prevents the execution of malicious software has been that the damage is usually done by the rapid spread of such attacks before the protective program has been updated. McAfee, like other anti-virus software makers, is constantly monitoring and testing for new vectors and writing defenses against them, and pushes out responses to discoveries in the wild quite rapidly. The software is set to pull down updates every four hours, too.
Given that only a handful of Trojans and viruses have appeared in recent years for the Mac, and that they are laughable in their ability for users with any degree of proper caution to avoid, this part of the security suite might seem useless. But I'll argue it is not.
First, it prevents you from passing on Windows viruses that may be sent as attachments that you then guilelessly hand off to friends, relatives, or colleagues using an unpatched version of Windows. (This is also useful when copying files back and forth between a virtual Windows machine or a Boot Camp volume.) Second, you can recommend this software to those who might not have the instinct to stay away from unknown software or attachments. A relative might appreciate having this software installed to prevent them from making a bad choice due to their lack of computer knowledge--especially if they try to install Trojans masquerading as legitimate files. Third, if someone else uses your computer without the same care you have, you're protected there, too, against old threats and new ones. True, Apple has built virus defenses into Snow Leopard and Lion that are regularly updated. Consider McAfee a more explicit second line of defense.
I tested McAfee's virus protection against the very few known Trojan horses and other exploits that have been discovered, such as MacDefender. McAfee refused to let me launch or uncompress the archives containing the malicious files, and put them into a Quarantine area to make it simple to review them in a list and then delete them. I tried sending myself a virus via email, and McAfee prevented that from downloading as well. The software can defang the malicious part of infected files, but all the files I tested were entirely comprised of malware.
The McAfee software has three more active components, however, that can protect you if a Trojan appears before they've detected and issued a fix, as well as to help you identify malicious Web sites you should avoid. These components let you review programs before allowing them to launch, use a firewall to prevent intrusions (useful to prevent unintended access to file sharing, even), and a Firefox extension that brands the safety of search engine results.
An Application Protection component, configured via the program's preferences, monitors software when it launches, and puts itself in the way with a pop-up prompt. You choose whether to launch with or without network access provided to the program, and allow the program to be launched once (just when you approve it) or always thereafter. Or you can deny a launch altogether. You can modify choices for individual programs or background processes later through preferences.
Such controls generally prevent software that you didn't intentionally install from being able to run and take over your Internet connection. Of course, this can't protect against exploits that use techniques to gain root access to your Mac, and install software that runs beneath the user interface's service. Apple has patched many such holes, although there is little evidence that such attacks were made from Web sites or via email.
Firewall and Firefox
The firewall is simpler than many full-featured programs, and I appreciate that. For most people, being able to click a few buttons is better than an ocean of pulldown menus and configurations. I particularly like that you can shut down all incoming or outgoing traffic or both with a couple of clicks without having to disable your network interface. You can create custom rules--only certain kinds of traffic may originate from your computer to specific addresses, or block all but a handful of services from receiving signals from the outside world. You can also define trusted networks.
Firewalls have the benefit of keeping normal services you may have switched on, like VNC-based screen-sharing (a somewhat insecure option in the Screen Sharing service in the Sharing system preferences), from being accessible or crackable when you're on an open network, such as at a coffeeshop.
If you use Firefox, McAfee's Site Advisor add-on is a big help in examining search results on Google and other engines. It's more tightly integrated with Yahoo (where it disables dangerous links entirely), but works just fine with others. When you perform a search, the advisor tags each result with a green, yellow, red, or question mark icon. McAfee constantly spiders Web sites looking for malware and other problems, and rates sites accordingly. A McAfee seal of approval appears on ecommerce sites that the firm separately evaluates.
It's a hard sell to tell someone who has had no problems and expects none to pony up hard-earned cash for a product that seems unnecessary. But I find the prophylactic effects of McAfee Internet Security aren't as interesting as the amount of information and control the software provides over the routine function of your system and network connections.