From Apple's page About System Integrity Protection on your Mac
Before System Integrity Protection, the root user had no permission
restrictions, so it could access any system folder or app on your Mac.
Software obtained root-level access when you entered your
administrator name and password to install the software. That allowed
the software to modify or overwrite any system file or app.
So, based on the premise of your question, a good sys admin would have used strong passwords, admin permissions to only users/apps that you trust and only using sudo
when necessary.
Ok...let's look at a hypothetical, but entirely plausible scenario: Installing VirtualBox.
Assume for a moment, that the VirtalBox site got hacked and a malicious version of VB was uploaded and made available as genuine. Since to install VB it requires root
privileges, you would invariably use sudo
to install it (this is why it asks you for your password).
Without SIP, it could write to any of the protected areas as root installing itself with full admin privileges to do whatever nefarious things it wanted to do. It's important to note that the security practices you enumerated in your question never came into play.
It's just another layer of protection.
A Mac with SIP is no more or less safe than a Windows 10 machine with System Protection enabled. "Linux" is too broad a topic to make a statement. However, there is Oracle "Hardened" Linux (version of RedHat Enterprise) that has these features.
Time Machine backup protection isn't related to System Integrity Protection — SIP is for protecting system files. Instead, TMSafetyNet.kext is responsible for enforcing protection of backups and permitting Time Machine to make changes only.
You can edit backups using the ‘bypass’ CLI tool.
sudo /System/Library/Extensions/TMSafetyNet.kext/Contents/MacOS/bypass
Append the tool you want to use at the end as if you were using it normally, for example:
sudo …/bypass rm -rf /Volumes/Backups/Backups.backupdb/path/to/folder
This protection of backups predates the introduction of SIP, but I imagine the file protection feature of SIP was inspired by how the Time Machine backups protection works, so they have their similarities.
Best Answer
SelfControl
SelfControl is an open source project aimed at restricting distractions:
Pi-Hole
To block distracting websites and services on all your devices, consider blocking them on your network using Pi-Hole.
With this approach you avoid needing to modify your macOS configuration.