What is SIP on your Mac and when is it safe to turn it off?

Howard Oakley for Eclectic Light Company:

System Integrity Protection – SIP – is one of the primary mechanisms which macOS uses to protect itself. Introduced relatively recently in El Capitan (2015), you’ll find various recommendations that to fix problems with macOS or even with some apps, you should turn SIP off first. I hope in this article to convince you that it’s never safe to turn it off, and that Catalina makes that even more important with its new read-only system volume…

Before these recent changes to SIP, disabling it was often recommended as a first step when attempting to fix problems in macOS which were blamed on damaged services or Property Lists. I have had a steady succession of advanced users who have turned SIP off and then tried to repair what they thought were corrupted components within macOS. None of them, as far as I recall, was ever successful in tinkering in this way, and every case became rapidly worse once SIP was disabled and they started fiddling around with what should have been protected files…

And if any software vendor suggests that you should run your Mac with SIP disabled so that their software works, don’t trust them in the slightest. Look for an alternative product. Would you trust a mechanic who fixed a problem with your car by disabling the airbags and removing the seatbelts?

MacDailyNews Take: Handy rule of thumb: Don’t turn off SIP unless your name is Craig Federighi and you possess a mane of the Gods.

6 Comments

  1. It’s off and stays off – I’m running a number of GUI and UX apps (ClearDock, FinderPop etc) that customise my GUI and UX to the way I want – not Tim, not Jonny. The Mac GUI eye-candy is an eyesore in my opinion, indefensible in a professional work place.
    Mac OS slowly but surely removing any options, any choice. Apple/MacOS has become the embodiment of all that was attacked in the 1984 ‘Big Brother’ ad. Apple/Mac OS has come full circle, and it is up to the independents to provide options and alternatives to Apple – for the brief time left to them.

  2. Eric, you are one of the few that does it your way. They problem with your blanket statement is that there are more regular folks, like me for instance, that don’t want to tinker. I just want fully functional out of the box.

    1. Since when is user control in opposition to “fully functional out of the box”?

      I swear Apple sheep would happily wear Jony Ive designed handcuffs if it had an Apple logo on it. For all the bluster about maga freedom from the extremists on this site, you are dumb to place all your trust in the benevolence of a corporation that has proven itself far from fallible over the years, and getting generally less user friendly all the time.

      I’m going to stick beside the 1984 rebel girl in the orange shorts. Give me tech freedom!

  3. I have to turn off SIP after every system update in order to rename AppleThunderboltNHI.kext to AppleThunderboltNHI.kext.bak in order to stop the kernel panics caused by a bug Apple hasn’t been able to solve across two major and dozens of minor system updates.

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.