Thanks! So, SIP has no impact on ransomwear, since SIP does not affect user files. If it is really the case that user files in any operating system are vulnerable simply because user files are not protected from such software (and cannot be protected per leman), then why would there even be a discussion as to relative vulnerability differences to ransomwear specifically of different OSes? I mean, why would anyone say/think that f.ex. (random example) - Windows is more vulnerable to ransomwear than OS X or Linux or whatever?
I guess I imagined that there could be some kind of feature in a given OS that detects when a program wants to encrypt a user file (shouldn't that be possible?) and a dialogue box could pop up with a warning to the effect "This program wants to encrypt your file. Do you want to proceed? Yes/No". Because if this is simply not possible, then the situation is pretty dire - doing backups is not going to be 100% effective, because the ransomwear can easily infect backups on external drives - in that show I watched, all the woman's backups on all external drives and even dropbox were attacked and encrypted.
So having Time Machine is not exactly a solution - unless Time Machine has some kind of sandbox wherein once a file has been saved by Time Machine, the only operation that is allowed on that file is a copy/paste one where you can do restoration, but you cannot alter the file on TM in any other way.
Also, I think that merely "being cautious" is not going to save you. The woman in that show who got all her files everywhere, including external drives and dropbox encrypted by ransomware clicked on a link to a video allegedly sent by her friend (and according to the show, it could be any file type, like f.ex. pdf files etc.). Now, you could say, "don't click on any links even from friends" - but how practical is it, when the bad guys can stage a Man In The Middle attack wherein they hijack an email or whatever and substitute a good file with ransomware... so f.ex. your friend could be on the other end of the phone, saying "OK, I'm sending you a pdf file 'Birthday Party Preparations.pdf'" and because his/her system is compromised, some malware automatically substitutes the ransomware with the same ostensible name "Birthday Party Preparations.pdf". Now you click, and you're hosed.
If that happens, what with MITM attacks, you could never click on any link to anything even with a person at the other end of the phone, not to mention any website. How practical is that?
That's why I wonder if it is possible for the OS to analyze a program before launching to see if it's encrypting and issue a warning or some other solutions, like the sandboxed TM I mentioned above.