Why shouldn't you disable the System Integrity Protection feature on the Mac?

Every new release of Apple's desktop operating system seems to pose more restrictions for users than the previous version. System Integration Protection - Protection of system integration (or SIP) can be the biggest change.

Every new release of Apple's desktop operating system seems to pose more restrictions for users than the previous version. System Integration Protection - Protection of system integration (or SIP) can be the biggest change.

When introduced with OS X 10.11 El Capitan, SIP is limited in the ability to modify certain folders for users. While some people condemn Apple's latest security technology as a means to control users, it turns out to be a good reason.

There are very few reasons to disable this feature. Let's find out through the following article.

What is System Integration Protection (SIP)?

SIP is a security feature designed to protect the most vulnerable parts of the operating system. In short, it prevents even a user with root access (using the sudo command) from modifying certain locations on the primary partition. This means keeping Mac users safe, like previous software restrictions introduced by Gatekeeper.

This may be a measure to cope with the growing number of threats from malware. Mac is now a big target for malware. It's not hard to find simple old ransomware, spyware, keylogger or adware targeting Apple's platform.

Why shouldn't you disable the System Integrity Protection feature on the Mac? Picture 1Why shouldn't you disable the System Integrity Protection feature on the Mac? Picture 1

SIP protects some core areas of the drive where the operating system is installed, including / System, / bin, / sbin, / usr (not / usr / local). Some symbolic links from / etc, / tmp, and / var are also protected, although the destination directories are not. Safety measures prevent processes that do not have sufficient privileges (including administrative users with root access) to write to these directories and files stored inside.

This technology also prevents other 'risky' activities. Apple is concerned that changes made on these parts of the system could put your Mac at risk and damage the operating system. Blocking root administrator access to protect a Mac from sudo-level commands is done remotely and locally.

So why do users want to disable this feature?

When the feature is first introduced, some applications rely on modifying certain protected folders or files that are no longer active. As a rule, these are 'invasive' modifications, changing the way many core elements of first-party operating systems and applications work. Certain backup and recovery tools and applications that are specifically handled through the operation of other devices are also affected.

If you want to use the software depending on the modification to work, you will have to turn off SIP first. There is no way to create an exception for a given application if it lacks mandatory privileges. This has led to speculation that the change will affect smaller developers who lack the means to work with Apple to ensure their software continues to function.

Why shouldn't you disable the System Integrity Protection feature on the Mac? Picture 2Why shouldn't you disable the System Integrity Protection feature on the Mac? Picture 2

Although this may be true, many original applications that do not work on El Capitan have been rewritten to fit this operating system. Bartender is such an application. This is the means to clean up icons on the Mac menu bar. The Bartender initially only operated with OS X 10.10 and below, while the Bartender 2 worked with El Capitan and above. Default Folder X, another application designed to enhance Open and Save dialogs, has been completely rewritten for El Capitan and later versions. Now it works quite perfectly.

Not all applications are completely rewritten and some applications still need to disable SIP to function. Fortunately, this is usually only temporary, as in the case of Winclone. This Boot Camp copy and backup solution requires users to disable SIP to write to protected areas of the drive. This feature can be turned on again later.

Why shouldn't you disable the System Integrity Protection feature on the Mac? Picture 3Why shouldn't you disable the System Integrity Protection feature on the Mac? Picture 3

SwitchResX is another application that requires SIP to be disabled. It provides advanced control on the external monitor, based on the specific resolution specified in the protected file. Once the screen is configured, users can restore SIP until they need to make another change. Other applications such as XtraFinder (and many other applications that change the look and functionality of Finder) require this feature to be enabled with a decryption method using the csrutil command enable --without debug.

Due to this change, some applications have stopped growing completely. Other applications only disable SIP temporarily, then reactivate. The main thing here is that it is very troublesome for applications to modify system interface or behavior or built-in features (such as Finder, Spotlight or dock), first to consumers. Most of Google 's quick search or passing through frequently asked questions is still enough.

How to disable SIP?

If you decide to turn off SIP, be aware that your Mac is technically as safe as if you were running OS X 10.10 Mavericks. You will still need to provide root access to write to certain areas of the drive or require administrative rights. You can also re-enable SIP easily if you decide to do this later.

Most Mac users will never need to disable SIP. In addition, you should enable this feature unless you encounter obstacles. If you need to make changes to a directory that is protected or using software without privileges, here's what to do to disable SIP:

  1. Restart the Mac by clicking on the Apple icon at the top left and selecting Restart .
  2. Hold Command + R while the Mac starts to enter Recovery Mode .
  3. Once the Mac has booted, go to Utilities and launch Terminal .
  4. Type csrutil disable and press Enter .
  5. Reboot the Mac as usual.

All done! You can easily re-enable this feature by rebooting into Recovery Mode , launching Terminal and typing csrutil clear , then pressing Enter .

Have you turned off SIP?

You may be willing to take the opportunity and turn off SIP. Perhaps you don't want Apple to order what you can and can't change. An application may request to turn off SIP, or you prefer to tweak the system. If you have turned off this feature, we'd love to know why.

There are very few reasons to turn this feature off unless absolutely necessary. Remember, reinstalling macOS is capable of re-enabling this feature. It is also possible that Apple will continue to introduce security and control features with each new macOS release.

See more:

  1. Secure Mac network services
  2. Encrypt external drives on Mac OS X Lion
  3. Tips to increase security for Mac OS X
4.1 ★ | 15 Vote