With the new system integrity protection in OS X 10.11 does it no longer makes sense not to run as an administrator for day to day use like is common safe computing practices? OS X malware is comparatively rare when compared to windows but I'm of the kind that rather' she safe than sorry. Don't use an antivirus program but do have separated accounts for my mac even though I'm the only user. One an administrator user and another standard one for typical use. Would really appreciate someone more knowledgeable than me to explain in more detail what SIP actually does in El Capitan.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Being administrator no longer dangerous?
- Thread starter comics addict
- Start date
- Sort by reaction score
Check out the Wikipedia article, it is a short summary. In a nutshell: System Integrity Protection adds a new restricted flag to files and folders on the system that prevents even root from writing to it. Apple has added it to /System, /bin and /sbin as well as several stock applications, among other things. This means that root can no longer modify system files and common Apple applications are protected from code injection and runtime attachment.
If that is the risk you are worried about then SIP mitigates or potentially eliminates this. However, root does still exist beyond SIP and it will prevent write operations to common files on your system that surpass regular user access. Even though malware can probably not infect your core system anymore, it can still wreak havoc in your local library.
If you are already used to having two accounts and not using sudo, then I recommend you uphold that practice. SIP is just an additional protection layer, but there is no guarantee that it is impenetrable. Regular users don’t need sudo.
It also occurred to me the other day that SIP can be disabled easily by anyone who has access to your Mac (unless you have a firmware password). All it takes is a boot into Recovery and a simple Terminal command. If you are not aware that SIP has been turned off, you will be vulnerable.
If that is the risk you are worried about then SIP mitigates or potentially eliminates this. However, root does still exist beyond SIP and it will prevent write operations to common files on your system that surpass regular user access. Even though malware can probably not infect your core system anymore, it can still wreak havoc in your local library.
If you are already used to having two accounts and not using sudo, then I recommend you uphold that practice. SIP is just an additional protection layer, but there is no guarantee that it is impenetrable. Regular users don’t need sudo.
It also occurred to me the other day that SIP can be disabled easily by anyone who has access to your Mac (unless you have a firmware password). All it takes is a boot into Recovery and a simple Terminal command. If you are not aware that SIP has been turned off, you will be vulnerable.
Last edited:
Being an administrator has never really been dangerous. An admin account in OS X is an account that can REQUEST root access, it's not THE root almighty. SIP is just an additional layer of protection against people who like to mess with sudo too much and enter their root passwords without thinking.
Thanks for clarifying guys.I guess for my case it doesn't seem to harden my computer any more than I currently have it setup. It's simply another (rather important mind you) layer of security in addition to OS X.
Alternatively, you can use
Sudo passwd root
to set up a separate password for root user, rather than your administrator password.
Therefore, a much better system level protection could be:
Firmware password.
User login COMPLEX password.
Root unique COMPLEX password.
Administrator unique COMPLEX password.
Plus you may need to change those passwords regularly (a year or shorter).
Sudo passwd root
to set up a separate password for root user, rather than your administrator password.
Therefore, a much better system level protection could be:
Firmware password.
User login COMPLEX password.
Root unique COMPLEX password.
Administrator unique COMPLEX password.
Plus you may need to change those passwords regularly (a year or shorter).
Thanks but no thanks. I am a security-conscious user but I don't need that much hardening lol. Thanks for the tips though.
I am a security-conscious user but I don't need that much hardening lol. Thanks for the tips though.
Yeah. Even I have such sense, I would rather setting up a complex enough password for admin, and a unique password for root, and change it regularly, and open SIP, and no more.Thanks but no thanks.
Alternatively, you can use
Sudo passwd root
to set up a separate password for root user, rather than your administrator password.
Therefore, a much better system level protection could be:
Firmware password.
User login COMPLEX password.
Root unique COMPLEX password.
Administrator unique COMPLEX password.
Plus you may need to change those passwords regularly (a year or shorter).
The root user is not enabled by default on OS X. You’d need elevated privileges to enable it. I don’t see a particular reason why you would change the root password in this case. When the administrator account is compromised then the damage is already done. System Integrity Protection will protect the core system either way.
Oh, so you mean attackers can use a single administrator account to do anything they want to do, under Mac OS X?
Well, yes. That’s the point of elevating privileges using sudo. You are basically usurping the root account itself for the execution of the commands. That’s why people recommend using two separate accounts, one being a regular user, and only enter the administrator credentials when it is absolutely necessary. When you are running OS X on a single account and your password is compromised, malicious software can bypass security. That’s the whole point of System Integrity Protection, it is the equivalent of saying that root itself can no longer be trusted and shouldn’t be capable of modifying core system files.