Ultimately, the big vulnerabilities affecting Macs require duping the user into making them work. Basically: Enter an admin password here to override safeties and install this malware that we're making you think is a good thing.
If you can dupe a user into doing that, you can probably also dupe a user into disabling malware protection to install the bad software. In fact, most of the time malware comes into a Mac based on an ad or pop tricking the user into thinking they already have a virus (when they don't) and this malware is actually some "mac cleaner" that will fix it.
The remaining problems - usually brought in by Adobe Flash bugs and OS vulnerabilities - are best fixed by patching the bugs. Malware scanners are limited in what they can do here, and require the vendor to issue definition updates... by which time Apple or Adobe have also put out their patch, fixing the source of the problem.
So bottom line: an educated user is the most effective anti-malware on Macs.