Well, my number one defense has always been (regardless of operating system) to (a) not visit shady websites, (b) adblock, and (c) don't open email attachments from untrusted senders.

I've been using the free version of Sophos (http://www.sophos.com/en-us/products/free-tools/sophos-antiv...) on my MacBook for a year or two now, and haven't seen any problems yet. I'm not sure if that means it works, or if I just haven't caught anything yet.

1) Run the latest version of the OS and browsers, and check for updates often.

2) Run as a "normal" user account--not an admin.

3) Disable all auto-opening of so-called "safe" files.

4) Disable Java browser plugin entirely.

5) Configure browser to not load Flash or other plugin content unless I click to authorize it. Might require an extension like ClickToFlash in some browsers.

6) Be cautious. Stay away from sketchy sites and don't open emails and/or attachments that seem random, unexpected, or suspicious.

Same as with any platform:

1) You account is regular user, not one with elevated permissions

2) Keep system up to date

3) Use the most secure browser for the platform

4) Don't use Java or Flash on such browser (or plugins/extensions, as a matter of fact)

5) Know what you visit and use common sense

Never had a virus/spyware on Linux, OS X or Windows.

Something I've always wondered - if you use Parallels or VMWare to visit questionably risky sites in a VM, and only used that VM for that usage, wouldn't that essentially isolate the rest of your machine from exposure from any malware?

My strategy is don't do idiot stuff like:

- Not keeping your OS and the software you use up to date

- Open/run files that you are not fully aware of where it came from or from an idiot/spammy person

With this strategy I never got any virus at all... Not even in Windows XP!

Dont really have one!