Comment by zarzavat

Yes but it's the files that are the important part.

If I had malware then the fate of the hardware is at the bottom of my priority list, I'm probably going to be replacing it anyway. I'd be more concerned that someone is going to steal my AWS credentials to run a cryptominer and I get a bill for hundreds of thousands of dollars!

The only solution to malware is to not install it in the first place. By the time SIP is useful you are already very screwed. SIP makes you safer in the same way that having a parachute on a plane makes you safer, technically yes but the difference in safety is marginal.