Reading through comments and seeing your video on the topic, I am convinced that (paid) anti virus/anti malware software is not necessary for Macs assuming the MacOS is kept up to date. But how secure is a Mac when the MacOS isn’t up to date? People I help are often behind with MacOS updates for reasons such as unawareness; “I’ll get to it later”; “it will slow down my old Mac”, compatibility of older software etc.. This leaves me wondering how protected they are if their MacOS is not up to date and they do not have anti virus / anti malware software installed. What would you recommend there?
I’m asking this because, even though I always recommend that they check “Automatically keep my Mac up to date”, I cannot force these folks to update their Macs whenever MacOS updates come out. I’m not a fan of paying for unnecessary software that can bog a machine down. It’s also annoying when people I help get worried because they think they have an issue (and have done something wrong) but it is actually the anti malware software pointing out an ‘issue’ just as a means to upsell a service they don’t need. At the same time I would hate for them to be exposed to malware because their MacOS is one or two releases behind.
The weakest point in computer security is always the user. If the user refuses to take precautions, then that computer is going to be vulnerable.
This would be true no matter what you set up for them to protect them "automatically." Even if there existed a perfect anti-malware software solution, it would still be possible to ignore its warnings, override its settings, and let it fall behind on updates.
So there is no solution that will keep them safe. All you can do is to mitigate any potential damage.
I have my three rules here: https://macmost.com/virus-and-malware
If they want to ignore number 1 and not don't update, then they at least need to be super-vigilant about rule number 2, not installing software from sites they shouldn't trust.
I would tell someone that didn't want to do regular updates that they should never download and install anything from any website, or anything they receive in an email. They should only get software from the Mac App Store. But if they ignore rule 1, then I would imagine it is tough to get them to do rule 2.
Another thing I would do is make sure they are backing up. That way, when they do get something nasty on their Mac, they will at least have a chance of rescuing their data.
I guess the third thing is education. Teach then about phishing attacks. I think this is more of a threat now than malware. Let them know to not trust emails, phone calls and text messages. https://macmost.com/the-practical-guide-to-mac-security-part-6-social-engineering.html
And then there is the rest of security: strong unique passwords, 2-factor when available. It is more likely that their online accounts will be broken into than they will download some malware.