Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

New security features in El Capitan & iOS 9

Karen Haslam | July 27, 2015
Macs might not get viruses (note: not entirely true) but that doesn't mean that Apple isn't taking secutiry seriously in OS X El Capitan.


There are new security improvements coming in El Capitan this autumn that should protect Mac users from malware, but unfortunately it may also mean that some of the software utilities you use no longer work.

In OS X 10.11 System Integrity Protection, also known as rootless, will prevent the modification or removal of certain system files even by administrative overrides. This means that no user, application, or process will be able to write files or modify files in the root System folder or the /bin, /sbin, and /usr directories, which are hidden by default in OS X's Finder. The /usr/local folder will still be accessible though.

By locking down the core system Apple will scupper the attempts of any malware to gain access to files, folders, running processes (software that manages tasks in the background) and system apps, such as the Finder and Dock. This might lead to some changes in third party apps you use regularly, for instance, prior to El Capitan Dropbox showed sync status in the Finder, luckily this won't be gone completely, Apple has added generic code to support it.

Similarly Kernel extensions will still be allowed, but developers will need a valid certificate from Apple to get them cryptographically signed.

However, developers of programs like SuperDuper will be busy trying to adapt to the new way of working. SuperDuper needs to read everything on a drive to perform a clone and, to restore or write anywhere. Which could make it impossible to restore a volume without disabling System Integrity Protection.

This is designed to avoid the circumstances where a user is fooled by some malware and types in their password, allowing a Trojan horse to install.

When you update to El Capitan any non-Apple files in those directories will be removed. This might mean that some of the software you use no longer works, but it's perhaps worth it if it removes horrors lucking within.

What this means is that it will no longer be the case that a superuser, or root, can do anything to the system. Root is something that is fundamental to Unix. However, because it is possible to have this root power on Unix (on which OS X is based) OS X is vulnerable to attack if a malicious user gains root access.

It will be possible to disable this protection, however. Boot into the recovery partition, and then choose Security Configuration from the Utilities menu then uncheck Enforce System Integrity Protection, click Apply Configuration, and restart.

Another change in El Capitan is that Disk Utility has been completely overhauled and Repair disk permissions has gone. Repair disk permissions has long been a staple of the troubleshooters toolbox, but OS X 10.11 will automatically repair permissions during software updates, and permissions won't be allowed to be changed at other times.


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.