The simple fact is that malware has always existed for Mac OS (OS X and macOS), so the statement that a Mac can't get malware is patently, demonstrably and dangerously false.
A second fact is that Apple has done a good job with technology to make the macOS ecosystem largely immune to most threats. This "immune system" consists of sandboxed application design, entitlements to let developers express intent when they need out of the sandbox, signed code to prevent modifications that turn a known app malicious, App Store distribution, system integrity protection, XProtect file quarantine mechanism with a free online update service.
Historically and for many years; the scarcity of viruses, trojans and other malware that spread widely or affect a broad cross-section of Mac users has contributed to a perceived complacency about good security hygiene. The good news, is macs have a built in multi-layered defense system against virus and trojan/malevolent software. This means that most of the recent exploits rely on people unintentionally sabotaging themselves by self-defeating built in defenses. With a small investment of time, you can significantly decrease the need for additional anti-virus protection on OS X.
The calculus of whether running a specific antivirus package is a moving target (vendors typically react to bugs and threats - so what was true yesterday may not be true tomorrow). This makes general answers about the merits of software easily out-dated in a month's time (let alone the two and a half years that have passed since this question was first asked).
What hasn't changed for decades, is that each user should at least spend some time thinking about what is on their device and how painful total compromise might be to them. Based on how valuable your time is to you, it would be silly for someone that has paid IT staff to advise them to not spend $1,000 extra dollars on evaluating security to include potentially installing anti-virus software. It would also be silly for a casual home user to pay for software rather than invest some time to mitigate known risks in their behavior in response to a healthy fear of the unknown.
There are many cases where additional anti-virus protection is critically important. There are also many cases where it is totally un-needed. I would recommend anyone browse these few Apple knowledge base articles to gauge their "baseline security aptitude" and then reach out and learn more before spending any money on anti-virus software1.
- Use gatekeeper, automatic updates to apps and system files and malicious lists for quarantine.
- Protect your computer from harmful applications - the very basics
- Safety tips for handling email attachments and content downloaded from the Internet - a good primer on attachments and executable code
- Apple ID: Tips for protecting the security of your account - great tips on account hygiene, applicable for all online accounts
- Safari: Using encryption and secure connections - starts with the basics, but gets technical quickly. Perhaps better is about certificates to get started.
My only critique of the above articles would be the admonishment to frequently change passwords. This is of limited value when you start making unique passwords and don't as a matter of course enter those passwords on other computers. Changing passwords is of little use when your using them on compromised computers, since the new password is stolen as easily as the old one was.
Once you've mastered the basics, you should have absorbed the following ideas:
- how to use the OS X keychain for storing passwords
- considered or implemented having a few distinct passwords
- and have started securing your account passwords as well as your computer (by applying the tips on Securing Apple ID to other accounts)
After the basics, now it's time to think about increasing your overall security by spending money on anti-virus or a good unique password generation toolset2 to automate secure storage of stronger, unique passwords.
Without being proficient at the level of involvement in the linked articles above, spending money and potentially adding instability or slowness from anti-virus software might not make sense for many users. Furthermore, Apple is clearly intent on getting ahead of this problem with the one-two punch of the App Store model where spreading unsafe software installation practices is clearly working with GateKeeper to allow most people to have automated warnings when code is not signed to prevent tampering and assist in tracing the source of malware.
For most Mac users on Lion, the correct answer is to keep running anti-virus if you have it but not to run out and get it unless you have a good reason to spend time and money after getting up to speed on the basics of security.
Since Lion, Apple has hardened the OS faster than bad actors have been able to exploit the OS so for most people and most businesses, not needing additional software as your default option is a sane and probably correct choice.
1 especially with the likes of Mac Defender preying on people looking for legitimate anti-virus software
2 like 1Password