[Correction, recantation added 2014-03-06 2:00 am. Apple has indeed revoked all Trojanized developer security certificates. Thank you Apple.]
If you're a Mac professional, please read Thomas' article:
Time to re-evaluate safety of Mac OS X
What Thomas has discovered going on, or rather FAILing, with Apple's XProtect is alarming:
• XProtect is not protecting Mac users from a considerable number of malware currently in the wild, despite having been provided with samples of that malware.
That's a bad strike against Apple security.
Please note that neither Thomas nor I are into FUD and doom mongering. I'm exactly the opposite. But when Apple pulls a face plant on Mac security, it's time to get ticked off and active.
Folks here already know I consider Apple's web documentation team to be CRAP.
After reading Thomas' evaluation, I now I also consider Apple's security team to also be CRAP.
Please DO YOUR JOB keeping Macs secure.
Thomas ends his post wondering if it's time to suggest Mac users install anti-malware software. I use it, and occasionally find it useful. For example: It discovered a version of the CoinThief Trojan on one of my Macs. I had inadvertently downloaded it from MacUpdate before anyone knew what it was.
What I recommend:
1) ClamXav - Donationware. OS X 10.6 - 10.9.
2) Sophos Anti-Virus 9 Home Edition - OS X 10.6 - 10.9.
1) Intego VirusBarrier - Currently for $39.99 bundled with NetBarrier as 'Mac Internet Security 2013'. Yearly signature updates cost extra. Demo available.
2) Sophos Endpoint AntiVirus - Designed for Enterprise users. Versions available for OS X 10.4 - 10.9. Contact Sophos for pricing. Demo available.
1) Little Snitch - Currently $34.95.
2) Intego NetBarrier - Included with VirusBarrier in the 'Mac Internet Security 2013' package @$39.99.
I recommend all of the above because they are all great software. Also, their developers are terrific supporters of the Mac platform, to whom I am most grateful.
There are plenty of other reasonable solutions. Be sure to read both user and expert reviews before trying them, as there are abysmal solutions well worth avoiding. (Hint: Avoid MacKeeper and Symantec Norton AntiVirus, IMHO).
Note: I get paid nothing for recommending anything or anyone.