El Capitan System Integrity Protection helps keep malware away

System Integrity Protection (SIP) is a new way of managing access to essential system files in OS X El Capitan, but it's kicking some older software to the curb. So why is Apple implementing it?

Malware is a really serious problem not just on Windows but the Mac too—it seems like almost every week, we get a new report of some sort of malware or adware that's attacking Apple users. Most of these outbreaks are contained quickly, fortunately, and mitigated by the built-in anti-malware and technologies like Gatekeeper.

Apple can always do better, and in El Capitan, they have. To help bolster the Mac's security against malware infections, Apple's come up with System Integrity Protection

Before El Capitan, people could easily modify, or allow to be modified, core system files used by OS X by entering their administrator password. It's how, for example, we grant software installers "root" access to setup apps.

That's why, El Capitan has gone "rootless". System Integrity Protection makes sure the vital system files are safe from modification. This is a good thing: It should reduce the likelihood that you can accidentally infect yourself with malware, or that someone can gain access to your Mac or your files by escalating privilege exploits remotely.

If you use system-modifying utilities and system extensions that made essential changes to the way OS X works, however, you may notice that they no longer function or need to be updated.

SIP created problems for some developers during El Capitan's public beta development period over the summer. In many cases those problems have either been straightened out or are getting straightened out now. So check with the makers of the apps you use to see if they have updates.

And of course stay tuned to iMore, because we'll report on key updates as they become available.

Of course, you do have ultimate control over what happens on your Mac, so you can deactivate System Integrity Protection if you want to. I strongly advise against doing this, but I completely understand that you may be dependent on software that has to work regardless. I'll just reiterate one last time that SIP has been instituted in El Capitan for a reason: To protect you and to protect your Mac. Apple takes your privacy very seriously.

How to turn off System Integrity Protection in El Capitan

  1. Click the menu.
  2. Select Restart...
  3. Hold down command-R to boot into the Recovery System.
  4. Click the Utilities menu and select Terminal.
  5. Type csrutil disable and press return.
  6. Close the Terminal app.
  7. Click the menu and select Restart....

If you decide later you want to re-engage SIP (and I earnestly hope that you do), repeat these steps, changing csrutil disable to csrutil enable instead.

Again, SIP has been instituted in El Capitan for a reason — to improve OS X security, and reduce the risk of anyone who isn't supposed to from getting to your data. But as in all things, your mileage may vary. Just be careful!

macOS High Sierra


macOS Sierra