System Integrity Protection (SIP) is a way of managing access to essential system files in macOS, but it's kicking some older software to the curb and takes away a lot of the control the user has over the system. So why is Apple implementing it?

Malware is a really serious problem not just on Windows but the Mac too—it seems like almost every week, we get a new report of some sort of malware or adware that's attacking Apple users. Most of these outbreaks are contained quickly, fortunately, and mitigated by the built-in anti-malware and technologies like Gatekeeper.

To help bolster the Mac's security against malware infections, Apple's come up with System Integrity Protection

Before El Capitan, people could easily modify, or allow to be modified, core system files used by macOS by entering their root password. It's how, for example, we grant software installers root access to setup apps.

That's why El Capitan has gone "rootless". System Integrity Protection makes sure the vital system files are safe from modification. This is a good thing in a sense as It should reduce the likelihood that you can accidentally infect yourself with malware, or that someone can gain access to your Mac or your files by escalating privilege exploits remotely.

But for us modders it's actually a very bad thing in its own way. This security feature locks down the system by a lot, making a lot of modifications simply impossible to do.

SIP created problems for some developers. In many cases, those problems have either been straightened out or are getting straightened out now. So check with the makers of the apps you use to see if they have updates, however, some utilities cannot adjust to this change and do indeed need you to disable the feature.

Of course, if you do want to have ultimate control over your Mac, you can deactivate System Integrity Protection. Just keep in mind that SIP has been instituted in El Capitan for a reason: To protect you and to protect your Mac.

How to turn off System Integrity Protection in macOS

  1. Click the Apple menu.

  2. Select Restart...

  3. Hold down command-R to boot into the Recovery System.

  4. Click the Utilities menu and select Terminal.

  5. Type csrutil disable and press return.

  6. Close the

  7. Click the menu and select Restart....

If you decide later you want to re-engage SIP, repeat these steps, changing csrutil disable to csrutil enable instead.

If you really are a security freak and don't want to put your system at any unnecessary risk this maybe isn't for you. If you want to keep a secure system (or as secure as it can be), then changing the security settings may be a very bad idea.

However, if you're a power user who knows what they are downloading and who don't download a bunch of crap from the interwebs, you shouldn't have to worry too much about disabling SIP.