alt Hacker NewsPeople obsess about SIP but just remember that SIP does nothing to prevent the most common type of malware (ransomware).
If you use SIP and use package managers (npm, cargo, pip, etc) outside of a VM you are substantially more vulnerable to attack than someone who doesn't use SIP and doesn't use package managers.
So if you want to fix your corners, you can do it guilt-free by adopting some better security practices around the malware delivery systems / package managers that you have installed on your computer.
Replies
SIP protects the OS, not you nor your files. If you run third party software that can run `rm` of course you're vulnerable to data loss. Apples and oranges.
SIP guarantees that you will be able to turn on your computer in safe mode and remove the malware, whereas without it your OS is toast.
Sure, if you run software from strangers on the internet, while explicitly giving them access to your systems, bad things can happen. But SIP is definitely a net good that makes many things directly impossible.
Do you have a system in mind that prevents the user from doing this?