There are new security improvements coming in El Capitan (which is due to launch on 30 September) that should protect Mac users from malware, but unfortunately it may also mean that some of the software utilities you use no longer work.
What does Rootless mean for OS X El Capitan?
In OS X 10.11 El Capitan, System Integrity Protection, also known as rootless, will prevent the modification or removal of certain system files even by administrative overrides. This means that no user, application, or process will be able to write files or modify files in the root System folder or the /bin, /sbin, and /usr directories, which are hidden by default in OS X’s Finder. The /usr/local folder will still be accessible though.
By locking down the core system Apple will scupper the attempts of any malware to gain access to files, folders, running processes (software that manages tasks in the background) and system apps, such as the Finder and Dock. This might lead to some changes in third party apps you use regularly, for instance, prior to El Capitan Dropbox showed sync status in the Finder, luckily this won’t be gone completely, Apple has added generic code to support it.
How will Rootless effect app developers?
Kernel extensions will still be allowed, but developers will need a valid certificate from Apple to get them cryptographically signed.
However, developers of programs like SuperDuper are busy trying to adapt to the new way of working. SuperDuper needs to read everything on a drive to perform a clone and, to restore or write anywhere. Which could make it impossible to restore a volume without disabling System Integrity Protection.
How will Rootless effect me in OS X El Capitan?
These new security measures are designed to avoid the circumstances where a user is fooled by some malware and types in their password, allowing a Trojan horse to install.
When you update to El Capitan any non-Apple files in those directories will be removed. This might mean that some of the software you use no longer works, but it’s perhaps worth it if it removes horrors lucking within.
What this means is that it will no longer be the case that a superuser, or root, can do anything to the system. Root is something that is fundamental to Unix. However, because it is possible to have this root power on Unix (on which OS X is based) OS X is vulnerable to attack if a malicious user gains root access.
Can I disable Rootless in OS X El Capitan?
It will be possible to disable this protection, however. Boot into the recovery partition, and then choose Security Configuration from the Utilities menu then uncheck Enforce System Integrity Protection, click Apply Configuration, and restart.
Enhanced Disk Utility in El Capitan, but no Repair disk permissions
Another change in El Capitan is that Disk Utility has been completely overhauled and Repair disk permissions has gone. Repair disk permissions has long been a staple of the troubleshooters toolbox, but OS X 10.11 will automatically repair permissions during software updates, and permissions won’t be allowed to be changed at other times.
Changes to two-factor verification for Apple ID
When it announced its plans for El Capitan at WWDC in June, Apple also revealed that the way it carries out two-factor authentication would be changing in OS X 10.11 El Capitan and iOS 9.
Two-factor authentication is an optional additional layer of security for your Apple ID that is designed to prevent unauthorized access to your account. It makes it harder to hack into your account because the attacker needs not only your password, but also access to a device or phone number that belonging to you.
Apple’s current “two-step” system requires users to specify a trusted device or trusted phone number to which a four-digit code can be sent which you can use to confirm your identity. Without both the password and verification code you won’t be able to access your account.
Apple has posted an explanation of its plans for two-factor authentication in El Capitan and iOS 9, here. Similar to the existing system, users will set up at least one iOS and OS X device as “trusted devices.” These devices appear in a list in your Apple ID account and can be removed from there. They can be found in OS X in iCloud system preferences, by clicking Account Details, and in iOS 9 in Settings > iCloud > Account. You also have to verify at least one phone number.
Following set up, whenever you sign in with your Apple ID on a new device or browser, you will need to also verify your identity by entering your password plus a six-digit verification code that will be displayed automatically on any Apple devices you are already signed in to that are running iOS 9 or OS X El Capitan. If you don’t have one of your trusted Apple devices handy, you can receive the code on your phone via a text message or via phone call instead.
The current system will continue to work, so you needn't worry that it will break your current set up.
No need for the Recovery Key in iOS 9 and El Capitan
The current authentication process also involves a Recovery Key, which you need if you lose access to your Apple ID account.
Since users get this 14-character key when they set up the two-factor authentication, many have forgotten what they did with it when they actually require it and end up locked out of their Apple ID (and that means all the purchases you made with it are lost).
Should your account be attacked Apple might reset your password and leave you locked out of the account if you had lost this Recovery Key.
The good news is that Apple will no longer require the Recovery Key, instead the company will get in touch with you via a “verified phone number,” and you will have to provide detailed information to prove you’re the rightful owner of the Apple ID account.
With the new system, Apple customer support will work through a detailed recovery process with users rather than locking them out because they mislaid the Recovery Key they were sent years ago.