El Capitan ships with a new OS X feature: System Integrity Protection (SIP), also known as “rootless” mode. This reduces the attack surface for malware that relies on modifying system files by preventing any user, whether with system administrator (“root”) privileges or not from modifying a number of operating system directories and files.
It doesn’t eliminate the possibility of malware or folks finding a way to subvert this mode, but it does increase the difficulty of finding a hole to penetrate. All such changes discourage those who hack for profit or destruction, because the more time it takes and the less likely successful, the more often they turn to other operating systems and targets.
However, a few system-modifying and system-extending software programs can’t work properly under SIP, as I discussed back in July in covering this feature and a simple workaround available in the public betas. The golden master (final release candidate) and shipping version of El Capitan have a minor change that make it harder, but not impossible, to turn SIP off.
Early reports of problems with rootless mode seemed to indicate that a wider set of software might be unable to work with the restriction enabled, such as SuperDuper! from Shirt Pocket Software. However, Apple made changes during beta testing that resolved concerns with that app and others. (Shirt Pocket had to update SuperDuper! to deal with the omission of an open-source program, which breaks scheduled updates; those have to be re-created in the El Capitan-compatible release.)
At the moment, only a few widely used utilities won’t work with SIP enabled:
Default Folder 4.7 from St. Clair Software. However, developer is hard at work on version 5, which won’t need to bypass SIP. It’s expected out as early as the end of October, and is free to new purchasers of 4.7 from this point on.
BinaryAge will discontinue new development on its TotalFinder software that enhances the Finder, which will have some features missing. It will keep supporting TotalSpace2, a desktop spaces manager, but that app will require disabling SIP to function.
Rogue Amoeba has opted to discontinue Intermission, which it says wasn’t one of its big sellers, as it is incompatible with SIP, and incorporated its functionality into Audio Hijack.
There were previously concerns about a few utilities that have been resolved:
Surtees Studio’s Bartender 1.3—a menu bar app organizer—could work with SIP using a round-trip to Recovery with two restarts (disable, install, enable), but the developers were able to finish Bartender 2.0 in time for El Capitan’s release. The new version is fully compliant within SIP.
Sign up for Computerworld eNewsletters.