Despite having more security than ever before, the modern internet is rife with viruses, malicious software, and potential hackers. Developers have gone to great lengths in order to protect personal and business computers from these maladies, including antivirus and anti-malware programs. Unfortunately, a determined hacker or malicious user will always find a way around these safeguards.
That's where Apple's System Integrity Protection, or SIP, comes into play. Sometimes known simply as rootless, it's a native feature of macOS that was first seen in OS X El Capitan in 2015. It's been a staple in every release since, and it seems like it will be a mainstay for the foreseeable future. But what exactly is Apple's System Integrity Protection, and how does it work?
Introducing System Integrity Protection
According to Apple, the common root user presents a serious risk to overall system security. This is especially true on systems with only a single user account, as this sole account is designated as the administrator of the entire machine. If a virus or hacker manages to gain access, they'll have unrestricted access to the targeted system.
According to Apple, the common root user presents a serious risk to overall system security. This is especially true on systems with only a single user account, as this sole account is designated as the administrator of the entire machine. If a virus or hacker manages to gain access, they'll have unrestricted access to the targeted system.
System Integrity Protection aims to prevent that by implementing numerous security mechanisms at the kernel level. The most useful of these features automatically protects system files and directories from being modified without the correct permission - known in this instance as an entitlement. Even the root user cannot modify these processes.
In the past, these permission restrictions simply did not exist. Any piece of software that had access to the system's administrator credentials - which were normally given upon initial installation - could modify any system files as it saw fit. It's easy to see how a hacker, identity thief, or would-be malicious user could exploit this lack of security to their advantage.
Conversely, it's easy to see why Apple developed SIP in the first place. By restricting access to system files and folders right from the start, it's much more difficult to access and modify the system files. Specifically, SIP protects the following folders (and the files within them):
Any apps that come pre-installed on your Mac are protected via SIP, too. However, numerous folders are left unaffected by SIP. This gives third-party developers plenty of options to use when installing software and writing to your disk.
Since these directories don't really store any files or data that is critical to the safe operation of your system, they don't require the same level of protection that is seen in other areas. Not only does this increase the overall security of your entire machine, but it does so in a manner that still allows developers to create and release third-party apps that are safe and secure.
Although SIP can be disabled through macOS, it's not recommended. Doing so will result in reduced security across the board, which could leave your system - and the data stored within - vulnerable to identity thieves, hackers, or malicious software.