Jesus Vigo reviews System Integrity Protection (SIP), one of El Capitan's newest security features. Find out how it impacts system security, how you can disable it, but why you shouldn't.
Apple has included a new security feature in OS X "El Capitan" to aid in maintaining system security. Dubbed System Integrity Protection (SIP), this technology minimizes the possibility of malware or known vulnerabilities from compromising a system due to unrestricted root access.
Similar to the NX bit found in just about all modern day computing devices, SIP protects the system from users with root access attempting to make changes—knowingly or unknowingly—to the protected directories containing system files, folders, and processes.
The concept is sometimes referred to as "rootless" by preventing changes, even though the user who is logged in may have root privileges on the device. This mitigates security threats, for example, by preventing the installation of malware to a protected directory or denying unauthorized user access to modify a system file.
Why would you ever want to disable this? Well, it doesn't affect the majority of OS X users—including power users—but the technology may disallow the installation of a particular update or software application that has been flagged as a false positive.
It is in these specific, yet rare instances that SIP could be disabled temporarily to allow for the process to proceed. Follow the steps below to learn how to disable SIP and re-enable it in the future.
Disabling System Integrity Protection
- Power on your Mac and hold down the [command]+[R] keys to access the Recovery Partition.
- From the Recovery Partition, click Utilities from the menu bar, and then select Terminal.
- Enter the following command into Terminal and press Enter to execute it:
- Once the command has executed, exit the Terminal and reboot the Mac. When you log back into OS X, SIP will be disabled.
To enable SIP, simply rerun the steps above, but change "disable" to "enable" to execute the command. Rebooting the Mac will once again enable SIP.
How does SIP work on your El Capitan installation? Is it invisible to you, or is it causing issues with your workflow? Let us know in the discussion thread below.
- What's in OS X El Capitan for business?
- How to fix five known issues affecting OS X El Capitan
- ZDNet: WWDC 2015: OS X 10.11 focuses on getting more from the hardware you already have
- CNET: OS X El Capitan review