And an outgoing packet/port access sniffer is a good idea, lot's of the uber nerds here recomend "Little Snitch", (lookin at you Trog). It's cheap insurance and you know who yer 'Mac is talking to.
later, and still me.

I was throwing that out just to be controversial mainly, but there is substance to it. Some people have been told that Firefox has no security flaws, but it's not true, it just has a different set. Historically, Firefox has been slower to fix security flaws that have been discovered, perhaps since they have no budget and few developers that can really fix that sort of thing. But all browsers have flaws, and most of them probably haven't been discovered by the good guys yet.

Hey, it's true though. There's not a single virus scanner out there that even bothers to check for the latest exploits on the Mac.

Little Snitch.

i recommend avoiding spyware and adware applications whenever possible.

None of the current offerings from the Mac OSX anti-mal-ware vendors do anything. They are selling "sugar pills" for non-existent disease!!! There is more mal-ware in the commercial apps than in the underground(for macs) As has been mentioned:
lil Snitch is good for detecting apps that call home without your permission.

Using Safari with the "Block Popups" mode enabled is the best assurance against problems at the moment.

Keeping up with the chatter here is probably your best starting point....

If something does come up, I'm sure the responsible voices here will communicate what the best solutions are very quickly when there is a need.

=B-)

there are three levels of access on your system (from practical experience):

User, Admin, Root (aka System).

Users have free read / write access to pretty much anything within their Home folder, and will likely never be prompted to enter a password for any changes made there.

Admins have the same access to their Home folder, plus read / write to the contents of /Applications and most of /Library, as well as a little bit of /System. They are not prompted for enter a password for changes to these locations.

Root has full access to the entire system. Root accounts are disabled by default and are recommended to stay disabled unless you have a specific reason and know what you are doing.


What that means in a practical sense, is that if you are using a restricted (aka "Standard" or "Managed") account you can only screw up the contents of your Home folder. While your data / documents might be hosed, you are not going to inadvertently install something that torpedos the system. If you attempt to install something that affects the area outside of your dominion, you will be prompted to enter an Admin's username and password.**

While if you are using an Admin account, you may be fooled into installing something that affects the system as a whole without ever being prompted for a password. Likewise, if you try to install something that modifies files owned by Root, you will be prompted for your password.**

By the way, entering your Admin username & password allows that account to temporarily assume the permissions level of the Root user. If you are unsure of the source of the application you are running that asks for it, it would be best to decline.

Oh, and another note. By default, the individual users on a system -- whether they are Admin or Restricted -- do not have access to read / write each other's files. If you create a restricted user, you pretty much need to assume that your new account won't have access to your previous documents. (You can bypass this by dumping the relevant materials into the Shared user folder, or by booting from an external drive and doing a Get Info on your internal drive and selecting "Ignore Permissions on this Volume".)

**This is assuming that the system is functioning correctly and that there isn't some unknown / unpatched security hole that allows an intruder to bypass the security structure. To my knowledge, the only currently *known* examples of this are a bug that Apple patched in the 10.4.7 update, and the Wireless card exploit documented in another thread. There may be others, and you may get hit by a car crossing the street tomorrow. It's an imperfect world.

Does this make sense? I'm glossing over a lot, but hopefully giving you the general picture.