Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Private I: El Capitan's System Integrity Protection will shift utilities' functions

Glenn Fleishman | July 16, 2015
iOS is so locked down that disabling protections in order to install your own modifications is called "jailbreaking." But OS X has remained free and easy--until now. El Capitan adds some security improvements that should make OS X more resistant to exploitation by malware, but it will also mean a change or end to some software utilities on which you may rely.

So far, I've seen blog entries from Shirt Pocket about SuperDuper, St. Clair Software about Default Folder, and BinaryAge about TotalFinder and TotalSpaces2. I'm sure there are dozens of other developers writing up their short-term problems and sending email warning about updating to betas as well.

SuperDuper needs to read everything on a drive to perform a clone and, to restore, write anywhere. In an earlier developer build, El Capitan didn't allow SuperDuper to read the file that specifies that rootless mode is active, in a bit of irony, meaning that a restored system would disable it. That's already fixed in the public beta, but it will be impossible to restore a volume without disabling System Integrity Protection. Default Folder, on other hand, requires a thorough overhaul, and the folks at BinaryAge are unclear about their path forward.

Savvy users will be able to disable rootless. Boot into the recovery partition, and then choose Security Configuration from the Utilities menu. You can uncheck Enforce System Integrity Protection, click Apply Configuration, and restart. It seems unlikely that option will disappear in the shipping version of El Capitan, because there will always be cases in which you'll need full access.

This does take OS X further down the road towards an iOS-style full lockdown, but Apple made an effort to carve out only the most troubling aspects of unfettered root access. I don't see red flags yet in this implementation. While Apple has avoided easily and widely deployable malware in OS X, every step it takes to make future efforts fruitless without disabling the ability to install any software we choose is a good one.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.