Would you switch off System Integrity Protection?

[Hergesheimer]

Dear Forum,

It might be a stupid question: Would you switch off El Capitan's new security feature in order to install some problematic apps like XtraFinder, Bartender and NIS (yes I know it's not needed) or should I wait?

Even more important: Can I switch it back on again after I installed them without having problems? Has anyone tried it already? Many thanks.

Hergesheimer

 

[leman]

I would wait for these apps to get updated. Basically, if you rely on an app that is incompatible with the System Integrity Protection, then maybe you'd want to avoid the 10.11 beta. The problem is that people hacking around at core OS features sometimes introduce hard to find bugs, issues and weird system behaviour that persist across multiple backups and OS upgrades. E.g. at least some WiFi bugs in recent OS X versions can be traced down to people using disk image based backup restores in a way that is not supported by Apple and end up with a mismatched firmware as a result.

I have to agree that I am quite a bit exited about System Integrity Protection to be honest, especially because I use a lot of open-source UNIX/GNU/Linux tools. There have been a number of times when I have accidentally deleted or replaced important system files and rendered my OS installation inoperable. Making certain parts of the filesystem read-only at the kernel level forces the software developer to adopt reasonable coding and software packaging standards and also makes the system better organised.

 

[Hergesheimer]

I would wait for these apps to get updated. Basically, if you rely on an app that is incompatible with the System Integrity Protection, then maybe you'd want to avoid the 10.11 beta. The problem is that people hacking around at core OS features sometimes introduce hard to find bugs, issues and weird system behaviour that persist across multiple backups and OS upgrades. E.g. at least some WiFi bugs in recent OS X versions can be traced down to people using disk image based backup restores in a way that is not supported by Apple and end up with a mismatched firmware as a result.

I have to agree that I am quite a bit exited about System Integrity Protection to be honest, especially because I use a lot of open-source UNIX/GNU/Linux tools. There have been a number of times when I have accidentally deleted or replaced important system files and rendered my OS installation inoperable. Making certain parts of the filesystem read-only at the kernel level forces the software developer to adopt reasonable coding and software packaging standards and also makes the system better organised.

Thanks so much for your quick and helpful reply. I am indeed afraid to make the problem bigger by switching it off. I just hoped for a simple solution by installing those programs and putting it later on again and not corrupting the system by doing it.

So I will be patience and wait. Thanks again.

 

[Shirasaki]

For me I would turn it of to install some certain software, and turn it back on after completing installing it.

Sometimes I think, User Account Control, is way more convenient than System Integrity Protection.

 

[KALLT]

I have to agree that I am quite a bit exited about System Integrity Protection to be honest, especially because I use a lot of open-source UNIX/GNU/Linux tools. There have been a number of times when I have accidentally deleted or replaced important system files and rendered my OS installation inoperable. Making certain parts of the filesystem read-only at the kernel level forces the software developer to adopt reasonable coding and software packaging standards and also makes the system better organised.

I couldn’t have stated it better. I, too, like the fact that the core is not to be touched anymore and maintained by Apple itself. They even expunge everything that doesn’t belong there upon system install. Moreover, developers will now be forced to use the recommended locations, something they generally do on Linux. That may have a profound impact to the cleanliness of the system. The loss of plugins and tweaks is of course unfortunate, but perhaps we will see some more native applications because of that. I always thought that tweaks like TotalFinder were a bit dirty when they could have created their own Finder replacement instead.

Sometimes I think, User Account Control, is way more convenient than System Integrity Protection.

User Account Control was the bane of Windows Vista. It was terribly annoying and meaningless. People generally just click on everything that gets into their way. Apple explicitly made the case that many users even type their admin passwords willingly, whether they use a singular account or a separate user account. The fundamental problem is that people don’t understand what some applications do and why they need to provide additional privileges. Apple can’t control what happens outside of the App Store. In other words, Apple doesn’t trust root access anymore and I think the compromise they are now introducing is a fantastic step forward. It takes guts to do this and I respect Apple for doing it. Ultimately we all want systems that work flawlessly without having to worry about breaking them. For the experienced user it may be a loss of technical freedom, although Apple still allows you to turn off rootless, but for everyone else it can be a blessing. There is rarely a need to do system-level modifications and if you really want to do that on a regular basis then OS X is probably not the system you should use.

 

[MikhailT]

For me I would turn it of to install some certain software, and turn it back on after completing installing it.

Sometimes I think, User Account Control, is way more convenient than System Integrity Protection.

I don't think it's going to work like that, once you turn it back on, it will kill these apps from working again, especially when you update the OS and it will run its permission repair.

You can either have it on or have it off, you can't have the benefits for both.

 

[Shirasaki]

I couldn’t have stated it better. I, too, like the fact that the core is not to be touched anymore and maintained by Apple itself. They even expunge everything that doesn’t belong there upon system install. Moreover, developers will now be forced to use the recommended locations, something they generally do on Linux. That may have a profound impact to the cleanliness of the system. The loss of plugins and tweaks is of course unfortunate, but perhaps we will see some more native applications because of that. I always thought that tweaks like TotalFinder were a bit dirty when they could have created their own Finder replacement instead.



User Account Control was the bane of Windows Vista. It was terribly annoying and meaningless. People generally just click on everything that gets into their way. Apple explicitly made the case that many users even type their admin passwords willingly, whether they use a singular account or a separate user account. The fundamental problem is that people don’t understand what some applications do and why they need to provide additional privileges. Apple can’t control what happens outside of the App Store. In other words, Apple doesn’t trust root access anymore and I think the compromise they are now introducing is a fantastic step forward. It takes guts to do this and I respect Apple for doing it. Ultimately we all want systems that work flawlessly without having to worry about breaking them. For the experienced user it may be a loss of technical freedom, although Apple still allows you to turn off rootless, but for everyone else it can be a blessing. There is rarely a need to do system-level modifications and if you really want to do that on a regular basis then OS X is probably not the system you should use.

So Windows 7 provides a balance between endless meaningless-for-average-user clicks, and loss of system security. Under standard user, user cannot even do anything related to requesting elevated privilege, including modifying critical system files.

I don't need to modify system files in a regular basis, since this is not practical for me, and such is way beyond my daily workflow.

 

[Shirasaki]

I don't think it's going to work like that, once you turn it back on, it will kill these apps from working again, especially when you update the OS and it will run its permission repair.

You can either have it on or have it off, you can't have the benefits for both.

Well, I think, it depends.

For me, for example, I use paragon ntfs driver for Mac to r/w files under ntfs partition. When I use it under Yosemite, all works happily.

Under el capitan, if I need to install it, I need to disable sip. But I don't need to keep sip off in order to let it function properly. I have tested it for quite a long time (over months), and it is completely compatible with el capitan.

If app requires sip off to operate, I think I would try to find an alternative, rather than keeping using it. This is similar when I use Windows with UAC on.

 

[MikhailT]

Well, I think, it depends.

For me, for example, I use paragon ntfs driver for Mac to r/w files under ntfs partition. When I use it under Yosemite, all works happily.

Under el capitan, if I need to install it, I need to disable sip. But I don't need to keep sip off in order to let it function properly. I have tested it for quite a long time (over months), and it is completely compatible with el capitan.

If app requires sip off to operate, I think I would try to find an alternative, rather than keeping using it. This is similar when I use Windows with UAC on.

So, installing DB2 and DB3 never disabled Paragon? That seems wrong and renders SIP pointless, Apple is doing something horribly wrong in this situation.

Maybe the extension for NTFS is compatible with SIP but the installer itself isn't. For an example, the extension is in the right place but the docs, other non-essential tools are in the wrong location.

I'd contact Paragon to see what they say about this.

 

[leman]

The loss of plugins and tweaks is of course unfortunate, but perhaps we will see some more native applications because of that.

On the other hand, OS X now includes a standardised extension mechanism, along with some of the best inter-process API out there, and I expect these things to get more and more developed over the time.

I always thought that tweaks like TotalFinder were a bit dirty when they could have created their own Finder replacement instead.

Agree completely. Relying on undocumented, backdoor APIs is asking for trouble.

So Windows 7 provides a balance between endless meaningless-for-average-user clicks, and loss of system security. Under standard user, user cannot even do anything related to requesting elevated privilege, including modifying critical system files.

Well, OS X has had that long before Windows 7. And all these security measures (app signing, rootless protection, permission elevation dialogues) do not exclude each other, but complement each other. System Integrity Protection is something else entirely because it makes it impossible for any user (including the super administrator) to modify system files. The only authority to do so is the OS updater. The very nice thing about this is that it also adds an additional independent layer of protection. Even if malware or an attacker can discover a backdoor in the OS and gain elevated privileges, this protection level limits the harm they can do.

I don't need to modify system files in a regular basis, since this is not practical for me, and such is way beyond my daily workflow.

Nobody needs to modify system files on a regular basis in a consumer-class OS such as OS X. If you do, then you are probably using the wrong OS. In fact, people should not modify system files in OS X at all, simply because many aspects of the OS is not documented to the public. This is very different from Linux. Hacking is fun, but it has very limited practical benefit, beyond the fun aspect.

 

[\-V-/]

Sometimes I think, User Account Control, is way more convenient than System Integrity Protection.

UAC is worthless and annoying.

 

[KALLT]

Maybe the extension for NTFS is compatible with SIP but the installer itself isn't.

Pretty much this. SIP merely prevents writing operations and code injection. If the app does not do this, SIP won’t prevent it. The question is of course what happens when OS X is upgraded. Apple could clean up the system folders again with OS X 10.12, even minor updates to OS X 10.11.

 

[Shirasaki]

So, installing DB2 and DB3 never disabled Paragon? That seems wrong and renders SIP pointless, Apple is doing something horribly wrong in this situation.

Maybe the extension for NTFS is compatible with SIP but the installer itself isn't.

Never.

SIP may works not like either of us supposed to do. It protects core system files but doesn't prevent users from reading it. I think, since this utility is basically a driver, it should be compatible with even el capitan flawlessly.

Installer requires to write files to protected locations, which is not possible with sip enabled. And that is the problem.

I don't dig into this utility much to know where those files are.

 

[Shirasaki]

UAC is worthless and annoying.

In vista I agree.

In Windows 7 and later, I would probably not agree.

 

[leman]

So, installing DB2 and DB3 never disabled Paragon? That seems wrong and renders SIP pointless, Apple is doing something horribly wrong in this situation.

Yeah, this entirely depends on the exact behaviour of the system installer. Maybe it doesn't double-check, because it assumes that SIP has never been disabled in the first place. Maybe they will add such checks later. Thats exactly what I was talking about though when I mentioned 'unpredictable behaviour'.

BTW, SIP is not preventing use of custom kernel extensions. You still have write access to
/Library/Extensions/ folder. I am not sure why Paragon kext insists to be installed to /System/Library/Extensions/, there might or might not be a good reason for that.

 

[\-V-/]

In vista I agree.

In Windows 7 and later, I would probably not agree.

It does nothing to protect the average user. They don't even know what it is, they just click everything that pops up. SIP will [probably] be a lot better for the average user.

 

[Shirasaki]

On the other hand, OS X now includes a standardised extension mechanism, along with some of the best inter-process API out there, and I expect these things to get more and more developed over the time.



Agree completely. Relying on undocumented, backdoor APIs is asking for trouble.




Well, OS X has had that long before Windows 7. And all these security measures (app signing, rootless protection, permission elevation dialogues) do not exclude each other, but complement each other. System Integrity Protection is something else entirely because it makes it impossible for any user (including the super administrator) to modify system files. The only authority to do so is the OS updater. The very nice thing about this is that it also adds an additional independent layer of protection. Even if malware or an attacker can discover a backdoor in the OS and gain elevated privileges, this protection level limits the harm they can do.



Nobody needs to modify system files on a regular basis in a consumer-class OS such as OS X. If you do, then you are probably using the wrong OS. In fact, people should not modify system files in OS X at all, simply because many aspects of the OS is not documented to the public. This is very different from Linux. Hacking is fun, but it has very limited practical benefit, beyond the fun aspect.

I admit I know very few about UNIX and its history, since I am about to start learning operating system.

I am told that Windows didn't design much of security features when it was originally released since Internet was still a dream at that time. UNIX, in the contrary, included many security features during initial development since Internet was slowly becoming popular.

Nevertheless, although Windows may not be the pioneer of system level protection, it Does, however, bring system level protection to the public. From UAC, installing software freely on public computer becomes more difficult, through regular way.

Oh, if OS X is a consumer based operating system, I wonder what Windows would be categorised.

 

[Shirasaki]

It does nothing to protect the average user. They don't even know what it is, they just click everything that pops up. SIP will [probably] be a lot better for the average user.

If you use standard account and set group policy properly, you may never see any UAC pop up bothering you.

And it appears that your impression may still stick at Vista decade. No offence.

 

[MikhailT]

Yeah, this entirely depends on the exact behaviour of the system installer. Maybe it doesn't double-check, because it assumes that SIP has never been disabled in the first place. Maybe they will add such checks later. Thats exactly what I was talking about though when I mentioned 'unpredictable behaviour'.

BTW, SIP is not preventing use of custom kernel extensions. You still have write access to
/Library/Extensions/ folder. I am not sure why Paragon kext insists to be installed to /System/Library/Extensions/, there might or might not be a good reason for that.

That's because we have to wait for Paragon to update their app. El Cap and SIP is still brand new for everyone, it is going to take several months to make changes, validate it, and then release it.

The problem that I have is Apple can't claim the system is protected if it doesn't actually do anything when you turn it back on. It should've re-ran and migrated all the existing stuff into a different location, like it does when you install El Cap for the first time.

It does nothing to protect the average user. They don't even know what it is, they just click everything that pops up. SIP will [probably] be a lot better for the average user.

UAC and SIP are two entirely separate things and Windows had SIP-type of feature for years. One has to do with authentication, the other has to do with system integrity, two unrelated areas.

Microsoft actually started to protect its system files against modifications a long time ago, so Apple certainly isn't the first to do this, they were late to this, just like everything else.

And UAC does protect users, it has gotten much better over time. Windows' security has changed a lot and for the better since Windows 7. A lot of things are not being run as admin anymore without explicit permissions from users. People write to software companies bitching about getting too many UAC, which is causing companies to adapt to reduce the need to have admin-mandated features, which actually makes it safe for everyone.

Also, Apple has UAC just as well, install anything that requires admin access and you'll get prompted for your account password. This is just as risky as it is on Windows and some malware infections were available on OS X and iOS because people were accepting these access dialogs on OS X without thinking ahead. However by default, both platforms are better in security because it prompts first rather than letting it happen without prompting the user.

 

[ardchoille50]

I would never switch off system security just to install an app, I would rather do without the app.

 

[leman]

I am told that Windows didn't design much of security features when it was originally released since Internet was still a dream at that time. UNIX, in the contrary, included many security features during initial development since Internet was slowly becoming popular.

Its more that Windows was designed by a team that didn't care much about design in the first place. Its kind of a mess. They made some very bad API-wise decisions early on and because of their focus on bare-bones OS and backwards compatibility, this continued to be a bane of Windows for long time (and the reason why Windows has the reputation of being an insecure system). They started tightening up security with Vista, which — funnily enough — is the main reason why Vista has its bad reputation, as so many apps were just broken with the new security constraints.

Btw, UNIX was originally designed in the 70ties. First Linux kernel release was in 1991. Windows NT, which is the basis for all modern Windows, was released in 1993. So Windows is definitive a much younger system. Why is UNIX still so powerful nowadays? Because its a solid, scientific and well executed approach to designing an OS.

Nevertheless, although Windows may not be the pioneer of system level protection, it Does, however, bring system level protection to the public. From UAC, installing software freely on public computer becomes more difficult, through regular way.

Again, AFAIK OS X had UAC-like features (Authorisation Services framework) since its original release in 2001. I am not too familiar with history of these features, but I'd suspect it was available in some other OS way before that. As far as i am concerned, the UAC of Windows Vista (like so many others aspect of that OS) is not much more but a poor rip-off the OS X. Why do I think so? Because many of Windows security features, like UAC or Windows File Protection referred to by MikhailT are band-aids slapped on top of a system that was never designed with these features in mind. In contrast, OS X was.

Oh, if OS X is a consumer based operating system, I wonder what Windows would be categorised.

Its also a consumer based operating system. What I mean by it that the OS core is not supposed to be tweaked. For specialised applications that require a custom kernel or base system, you are much better of with a Linux or BSD distribution.

 

[leman]

Microsoft actually started to protect its system files against modifications a long time ago, so Apple certainly isn't the first to do this, they were late to this, just like everything else.

And their solution was an extremely tacky, convoluted and messy. I mean, they were watching certain files and replacing them when a change was detected. Talk about hunting flies with a cannon. In the end, it didn't achieve anything more than what UNIX file permissions were doing (it was actually easily abusable by a malicious user or program and also introduced a degree of system instability due to the sheer complexity of the solution). Both Windows File Protection and the current Windows Resource Protection system are easily bypassed by a privileged user. And Windows is currently using ACLs for its feel protection — something that OS X has been using since — again — 2001. You can't even compare these things with 10.11's SIP, which prevents write access to certain locations at the kernel level.

 

[Shirasaki]

Its more that Windows was designed by a team that didn't care much about design in the first place. Its kind of a mess. They made some very bad API-wise decisions early on and because of their focus on bare-bones OS and backwards compatibility, this continued to be a bane of Windows for long time (and the reason why Windows has the reputation of being an insecure system). They started tightening up security with Vista, which — funnily enough — is the main reason why Vista has its bad reputation, as so many apps were just broken with the new security constraints.

Btw, UNIX was originally designed in the 70ties. First Linux kernel release was in 1991. Windows NT, which is the basis for all modern Windows, was released in 1993. So Windows is definitive a much younger system. Why is UNIX still so powerful nowadays? Because its a solid, scientific and well executed approach to designing an OS.



Again, AFAIK OS X had UAC-like features (Authorisation Services framework) since its original release in 2001. I am not too familiar with history of these features, but I'd suspect it was available in some other OS way before that. As far as i am concerned, the UAC of Windows Vista (like so many others aspect of that OS) is not much more but a poor rip-off the OS X. Why do I think so? Because many of Windows security features, like UAC or Windows File Protection referred to by MikhailT are band-aids slapped on top of a system that was never designed with these features in mind. In contrast, OS X was.



Its also a consumer based operating system. What I mean by it that the OS core is not supposed to be tweaked. For specialised applications that require a custom kernel or base system, you are much better of with a Linux or BSD distribution.

First greatly thanks for your reply. I know a lot more than before about the development of operating system.

Then, I want to give up arguing with system implements security features first, and which is the second. This has no practical value except for entertainment (my two cents thought).

And if I see current and the latest version of both Windows and Mac OS X, either of them is safe enough when using it normally. This is a win win for most conventional users. I think, this should be more practical.

 

[leman]

And if I see current and the latest version of both Windows and Mac OS X, either of them is safe enough when using it normally. This is a win win for most conventional users. I think, this should be more practical.

Definitively. I think that modern day Windows is a great and secure system, and a huge difference from what it was in the XP era. In fact, I would recommend it over OS X to professionals that use their machine as a limited-task workstation (e.g. Photoshop ).

 

[Shirasaki]

Definitively. I think that modern day Windows is a great and secure system, and a huge difference from what it was in the XP era. In fact, I would recommend it over OS X to professionals that use their machine as a limited-task workstation (e.g. Photoshop ).

And there is no need to interpret system files and folders during workflow to ensure everything needed for work runs smoothly.