When news like the rampaging Conficker virus hits, Mac users often feel a certain sense of comfort — if not smug superiority — knowing it doesn’t affect them.

Stuart Goldenberg

But just how relaxed (or smug) should Mac users be? It’s true that very few viruses have been written for Macs — and none are spreading actively right now. Similarly, hacker programs distributed by malicious Web sites typically run only on PCs.

Yet Macs’ relative safety is primarily due to their still-slim market share. They’re simply a waste of time for today’s attackers, who are trying to accomplish crime on a large scale by infiltrating millions of computers. And there’s nothing inherently more secure about a Mac. Researchers found 26 vulnerabilities in OS X in 2008, about the same as in Windows Vista (27), according to the security software maker Symantec. If its market share rises enough, the Mac will become a target and attacks will succeed.

So, what does this mean for Mac users? Should they buy security software just to be safe? Are there steps to take to minimize risk? I called up Rich Mogull, founder of the security consultancy Securosis and a contributor to the Mac news site TidBITS, to get some answers.

Here’s the lowdown:

* For most, security software isn’t necessary. “The risk to Mac users at this time is too low, and the benefits provided by extra software are not worth the cost,” Mogull says. (Products from Symantec run from $50 a year to $90, while Intego’s sell for $40 to $100. See product reviews here.) The exceptions: people whose employers require it and people who are into pornography, online gambling or file sharing. On sketchy sites, you could stumble upon a Trojan horse for Macs, “and they are pretty bad if you get one,” he says.

* Use the built-in firewall, especially if you use a laptop in cafes, hotels or other public places. Go to “System Preferences,” click “Security” and then “Firewall.” Mogull recommends choosing “Set access for specific services and applications,” and then allow connections as you need them.

* Use e-mail services that provide virus and spam filtering, like Yahoo Mail, Hotmail, Gmail or Apple’s own MobileMe. These providers will quickly block any new viruses.

* For browsing the Web, consider using Firefox with the no-script plug-in. Some users will find it annoyingly disruptive to have every JavaScript blocked, but it’s a blessing “for the really paranoid, like me,” Mogull says. Also consider using one browser just for banking, a tactic that will protect you from some Web-based attacks.

* Say yes to the software updates Apple sends your way. Many are fixes for security vulnerabilities that could leave you open to attack.

* Keep in mind that many common scams exploit the vulnerabilities of humans, not machines. You are not immune from “phishing” scams that aim to trick you into disclosing sensitive information that can be used in fraud schemes.

So be cool, just not too comfy.