Apple + Recommended + Security & Privacy

OS X El Capitan: Security and Privacy Features Overview

Posted on by

OS X El Capitan Security and Privacy overview

OS X El Capitan is now available, and it’s time to upgrade your Mac to Apple’s new operating system, if you so desire. El Capitan will run on all Macs that can run Yosemite, so if you’re running OS X 10.10, you should consider upgrading to OS X 10.11.

If you have older hardware, you may hesitate, thinking that El Capitan might slow down your Mac. Keep in mind that, historically, when Apple released a “revision” version of OS X, such as Mountain Lion or Snow Leopard, these newer operating systems were as fast, or even faster than their predecessors. I’ve only tested El Capitan on recent Macs, but if you’re hesitant, wait a week or so and see what the various Mac websites report about its speed on older Macs.

In addition to the widely-publicized features in a new operating system, there are always under-the-hood improvements that make the upgrade worthwhile. In OS X El Capitan, there are a few key security and privacy features that will make Macs much harder to attack, and that will protect your data.

El Capitan’s Basic Security Features

Last year, when OS X 10.10 was released, I wrote an overview of Yosemite’s security and privacy features. None of these features have changed; in fact, if you compare the Security & Privacy pane of System Preferences, you won’t see any differences. See that previous article to learn how to set your Mac’s basic security settings.

But Apple has incorporated several security features into OS X 10.11, some of which are quite important. Here’s a look at these new features.

Two-Factor Authentication

Apple has offered two-factor authentication for some time (here’s how you set it up), but with the release of iOS 9 and OS X El Capitan, Apple is changing the way this works. Previously, you had to save a recovery key, a long string of characters that Apple suggested you print out and store in a safe place. This presented a number of problems, however, such as people not saving it, losing it, or not being in the location where it was stored when they needed to access it.

It’s a good idea to turn on two-factor authentication, especially now that the process is a bit simpler. If, however, you get locked out of your account, it can take several days for Apple to reinstate it. If this happens, go to and follow the instructions. Apple will contact you and ask you a number of questions, so you can prove that you are, indeed, you, and have not been replaced by an alien or a cyborg.

Note that with the new Apple two-factor authentication, you should be running OS X El Capitan and iOS 9 on all your devices. So, if you’ve already updated your iOS devices to iOS 9, and you’re updating your Mac to El Capitan, then you can turn this on. Find out more here.

System Integrity Protection, or Rootless

This sounds quite technical, and it is, but System Integrity Protection, or Rootless, makes your Mac much more secure. This technology ensures that system files can only be modified by the Installer app, or by software updates that are installed through the App Store app. This means that even administrators can’t change or delete these files.

On a Unix-based operating system, such as OS X, each user has an account. There are standard users, who can only access their files, and administrators, who are allowed to alter other files, as well as install or delete applications. There’s also a hidden user called “root,” who has access to everything; this is the user with the master keys to the operating system. An administrator can have temporary root access to make changes to essential files, such as when installing applications.

The problem is not so much that an administrator will do damage to the operating system; if you accidentally delete a file, your Mac may not start up, and you’ll have to re-install OS X. The real risk is that if, say, an administrator downloads an application and installs it, he or she may be unwittingly installing malware. This application will be able to delete or change any files on the Mac, because of the administrative privileges of the person who installed it.

With System Integrity Protection, this changes. Administrators no longer have this root access, and won’t be able to change anything in the root System folder, or in a few hidden folders, such as /bin, /sbin, and /usr. However, the /usr/local folder will still be accessible to apps, because it’s long been used to house temporary files.

When you upgrade to El Capitan, some files that have been installed in the above directories might be removed; you may need to reinstall some of your apps. But most apps don’t install anything there, so few users will actually notice any changes.

Nevertheless, if you really need root access — and if you do, you know who you are — there will be a way to get this. Boot into the recovery partition, choose Utilities > System Configuration, and then uncheck Enforce System Integrity Protection. Click Apply Configuration, and then restart your Mac.

One side-effect of this is that the Disk Utility app will no longer let you repair permissions. Repairing permissions have long been a sort of voodoo that people hoped would fix certain problems on Macs, but actually, in most cases, did nothing. In the future, permissions will be checked and fixed, if needed, when you install or update software.

App Transport Security

When you see a web site URL, you may see that it’s prefaced by http://. This means hypertext transfer protocol, and it’s the backbone of the way the Internet uses web addresses; the http part of the URL indicates that you’re requesting a web server, as opposed to, say, an FTP server.

However, sometimes you see https:// before a URL; when you visit a web page with this type of URL, you also see a padlock in your browser’s address bar. Https is the secure version of the hypertext transfer protocol, and any data you send or receive is encrypted. This is essential when you enter a password or credit card number on a website to ensure that people capturing traffic at different web servers, or over insecure Wi-fi, can’t discover your credentials.

Security experts are increasingly pointing out the need for all web traffic to be secure, and to use https. As such, Apple has added App Transport Security, in both iOS 9 and El Capitan, which requires that any app that requests data via http use the secure version, or https.

Since apps you use may access web servers, Apple requires that they now only use https to ensure that your data cannot be compromised.

El Capitan also fixes a number of bugs and vulnerabilities in OS X. If only for the security features, it’s worth updating to El Capitan.

Further Reading

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →