People obsess about SIP but just remember that SIP does nothing to prevent the most common type of malware (ransomware).
If you use SIP and use package managers (npm, cargo, pip, etc) outside of a VM you are substantially more vulnerable to attack than someone who doesn't use SIP and doesn't use package managers.
So if you want to fix your corners, you can do it guilt-free by adopting some better security practices around the malware delivery systems / package managers that you have installed on your computer.
SIP protects the OS, not you nor your files. If you run third party software that can run `rm` of course you're vulnerable to data loss. Apples and oranges.
SIP guarantees that you will be able to turn on your computer in safe mode and remove the malware, whereas without it your OS is toast.
Yes but it's the files that are the important part.
If I had malware then the fate of the hardware is at the bottom of my priority list, I'm probably going to be replacing it anyway. I'd be more concerned that someone is going to steal my AWS credentials to run a cryptominer and I get a bill for hundreds of thousands of dollars!
The only solution to malware is to not install it in the first place. By the time SIP is useful you are already very screwed. SIP makes you safer in the same way that having a parachute on a plane makes you safer, technically yes but the difference in safety is marginal.
SIP also backs some security mechanisms to ensure that they remain functional and not easily bypassable.
Sure, if you run software from strangers on the internet, while explicitly giving them access to your systems, bad things can happen. But SIP is definitely a net good that makes many things directly impossible.
Do you have a system in mind that prevents the user from doing this?
> Do you have a system in mind that prevents the user from doing this?
Sure, macOS could adopt an iPad-style security system that refuses to run all software outside the App Store. It works on iPhone and iPad just fine, all the prosumers love it.
It's not like native darwin triples are a popular compilation target. There wouldn't be any vast tragedy if the macOS shellutil authors were told to use zsh in a VM instead, it would separate the parts of macOS that Apple cares about from the parts they don't seriously support. WSL and Crostini achieves this on vastly weaker hardware with great results.
macOS does precisely that out of the box, doesn't it? You have to change some settings to run other software. I've got it set to: allow notarized, warn for internet downloads (even if notarized), everything else after explicit permission.