If only the new iPad could be so lucky to be so well protected. We’ve been using the tablet since its release, but nary an update is to be downloaded to advance the device’s security.

The 10.6.4 version of Snow Leopard, which is a 17-minute download on a middle-fast DSL line, introduces new protection to prevent back door attacks on Macs through the iPhoto software that ships with every system. A new feature called XProtect gets an update that keeps hackers from installing malware by fooling users into thinking iPhoto is at work, when damage is being done.

An update of a Mac’s operating system for security reasons — that’s a good idea. But Apple doesn’t have a practice of identifying security holes they patch with a new release. And sometimes a new OS version will make software stop running on a Mac. This is why backups are a vital complement to any security updating.Apple has brought out four updates to the Snow Leopard version of its OS now, updates that cover just a nine-month period. Not every one had a security benefit. But the state of security is so tenuous now that your Adobe PDF software, browser, and OS should be considered at risk if you haven’t seen an update in 90 days.

Browsers and Adobe software are the chief targets for hackers, since they cover so many more victims than just Apple’s products. More than 360 million people are using Firefox as a browser, for example, on both PCs and Macs. Adobe’s Flash and Acrobat readers run on hundreds of millions of systems. Adobe just introduced a 9.3.3 version of Acrobat to improve security.

As diligent as Apple and Adobe might be (some say Apple’s sluggish at best about security plugs), the vendors can’t do a thing to help secure your business if you don’t install updates. The rule of thumb was once “don’t install if you don’t need” an update. But security issues are much more serious by now. You can balance the time spent downloading and upgrading, the checks of your applications afterward, against the dangers of running an unprotected system.

About 30 minutes of downloading and watching mysterious messages — things like “optimizing” or “unpacking packages” or “moving items into place” or “registering components” — plus a reboot, and my iMac was running 10.6.4. I did the usual first step after an upgrade — started all the apps that matter to my workplace.

The Apple apps don’t need checking — Apple’s done that in its own labs. But the likes of Adobe CS apps, QuickBooks 2010, Microsoft Office apps and even reliables like Eudora, an antique mail program. 10.6.4 updates Apple’s Mail, as it turns out — so my add on Mail Tags software needs to be updated.

Halfway into a million-file scan, it's another two-plus hours to a clean bill of health

You want your Mac security tools to behave like Columbo, or Inspector Plodder from the play Sleuth. Not the fastest of detectives, but one that will not miss a detail. So it goes with the newest VirusBarrier X6 anti-virus and firewall product from Intego. You can set it and go, but you might as well go far away at first. Its initial inspections will take awhile.

On our 2.83 GHz iMac with 4GB of memory, that was more than four hours to do a full scan of our 150 GB of occupied hard disk. Full scan is a choice that the VirusBarrier setup prods you toward once you complete the easy install. Too bad that it’s so easy to send the tool into such thorough paces. VB X6 skips over the “check my malware file for updates” stop, so you notice that your file is “35 days out of date” amid a lengthy scan. We’d lead a user into NetUpdate, the VB checker for updated files, before starting a scan. This is also an “install and force a restart” program, not among our favorites.

A complete scan can be a once-in-a-great-while event, however. VB X6 has got one-0ff scan options for fresh files, or scan the folder, or whatever you want to drag onto nifty interface. The inspector is thorough enough to try to catch malicious scripts, the latest ploy in penetrating you Mac’s defenses. We were glad to see attention paid to a very long list of intrusion techniques like this. Drive-by attacks come out of scripts. You have to hope the malware file gets freshened up plenty to believe VB gets the job done. There’s good reason to believe it’s about 30 days or so between updates.

That’s because we’ve used the Intego products here since their V4 releases and watched NetUpdate finding fresh files at Intego HQ. VB X6 is one of those anti-virus products that arrives with 12 months of update subscriptions and collects a fresh $29.95 for the year that follows your first. By the time you’ve owned VB X6 for three years, you’ve bought the product twice. Of course, by 2013 there will be an X7, and you’ll have that year’s malware files included, if you buy it. (To recap: about $40 a year in cost of ownership, counting the updates, for Intego’s two-computer license.)

The genuine novelty of VirusBarrier comes from its extended controls over the Mac’s firewall. This was once called NetBarrier, just months ago, but now it’s included in the VB X6 package and called Network Protection. Intego used to charge $49.95 for NetBarrier all by itself. We know, because we bought it in December. By February Network Protection was included. While the upgrade to the X6 remains free until April for users who purchased late last year, if we’d waited two more months it would have been free and included.

We were not amused to learn that our X5 products that we’d bought in December got auto-updated to X6 during the install. If X6 had been a bust, we’d be reloading the older versions from a backup. How much nicer to leave an installed program alone and just load up a newer version.

The challenge in making firewall extenders like VB’s useful: You need to know your usual suspects when it comes to invasions of your Mac’s network. Intego does a much better job of explaining who to question than in previous releases in its online documentation. (Um, there are no docs if you can’t get online, like when you suspect an intrusion and want to pull your Web plug while you try to brace up your doors to the outside world.) The logs fill up with messages if want to watch over Inspector Plodder’s shoulder and suggest a new line of questioning. Deciphering them is beyond the average user’s ken, but we’ve got security whiz Steve Hardwick to do our decoding. You may not be so lucky.

This simple animation of your firewall's settings are the most likely view that business users will take of VB's Network Protection

Of course, these worrisome cases of attack are the best reason to invest in a thorough and plodding tool for protection. A MacScan study of our full system was complete in less than half the time, so we’re puzzled about whether VB X6 is more thorough or just eager to look at every single file. It was a puzzle how to tell VB not to examine those packed up download files the Mac expands to install software, or skip the acres of system preferences and files that only Apple installs on your system. You can shorten the time VB spends with all of these, but not eliminate them.

That’s symptomatic of the program’s downside — the need to tinker with its settings to tune up security. You can accept the defaults to get going, and tell VB to do a complete scan regular-like via a calendar. But you’d want to do this overnights. A good alternative is to rely on the “Real-Time Scan” feature, since it chews on about 10 percent of your Mac’s power all the time anyway. Anti-virus tools become a bog sometimes, the tar pit that your Mac tries to climb above while it stays safe — something like body armor you can’t sprint in while you wear it around.

The Web has become a combat zone, a place where a business can see hours killed off after a virus infection or a network home invasion. Nothing’s perfect, but it looks like if you want a beefy utility belt of security tools, and have the patience, budget and know-how to use them, VirusBarrier X6 will track down files with a criminal intent, and bar the door to unwelcome users.

The Mac enjoys an easier time in security because Apple’s product is a less juicy target. Malware and viruses are designed to make money for criminals, and the number of PCs out there running bareback is 10 times the number of Macs. Security by obscurity only works until it doesn’t. It’s just a matter of time, sad to say, before the criminals fan out and try to rob your system of power or privacy or both.

Anti-virus software (AV) is not just the paranoid geek’s tool anymore. The last virus we detected came off a Web page, and we last had data corrupted in 1997. But things have changed since Apple moved to Unix underneath it’s OS. Oh, and there’s that thing called the Internet, plus the Flash videos you may use to gather research (like from the Wall Street Journal’s site, now that they’re owned by Fox.) Flash, and Adobe’s Acrobat PDF files, are a big target for malware today.

You have more than one choice for a commercial AV tool for your systems (that wasn’t the case in ’97). What you buy probably should provide both firewall and virus protection. Two leading companies offer very different value propositions in their AV software. MacScan commits to a fixed price, while another supplier uses a subscription fee+purchase price model.

Today we look at MacScan, software built by a company that started tracking viruses in 2002 on the Mac. For five years MacScan didn’t even sell software; it simply created the definition files and patrolled the Web for criminal weapons. Since ’07 they’ve sold MacScan, which despite claims from its competitor Intego, still looks like a worthy value for AV.

Intego, whose products we’ve run at Bites HQ for more than three years, now sells a $49.95 X6 edition of VirusBarrier that protects two Macs. The MacScan 2.7 software protects three systems for the same price. (There’s also a 1-Mac license for MacScan for $29.95; Intego sells only its 2-Mac license.) Figuring the relative value requires you to consider the protection scope of such products. MacScan’s product manager told us at Macworld that the company ships along regular updates of the virus profiles, at no extra charge.

MacScan makes a significant point of examining Web cookies, a source of malware targets, in its regular process. A half-full iMac in our offices took more than an hour to probe with MacScan, but the AV software found nine tracking cookies in the first minute. And no viruses or other spyware. We got an option to disable these ad cookies after MacScan caught them.

A tracking cookie is not something you allow easily into your Mac. While you might not want to erase all of them, these are used by advertisers on Web sites to track your Internet use: where you browse, how you jump from links, even the information you enter into forms online. A fine article on the World Privacy Forum’s Web site explains that “allowing the tracking types of cookies to follow you around as you surf the Web is a lot like building a see-through house to live in, click by click.”

MacScan doesn’t reach any deeper into the malware world, though. It’s good at finding troublesome files on the system, but it won’t do a thing to block access to your computer. Apple’s firewall is the default for the MacScan user. While that’s better security than none, it might not be enough to keep prying spooks from hijacking your bandwidth.

Doing one thing well, and affordably, is noble and true to the Macintosh Way. We like to see more of what back doors might be open on our Macs, however. The extra features of firewall improvement are included with the new VirusBarrierX6. But they’re not easy to use, or so valuable that Intego could keep selling this super firewall that it once called NetBarrier as a standalone product. That’s for Monday, though.