But that's the thing, you can't disable SIP from userland. It can only be disabled when booted into recovery mode. So yes, it absolutely does verify integrity, because it makes it so malware cannot embed itself into the system. Your last sentence there is 100% pure grade A FUD. You may as well just say "every security measure is bullshit, because if malware were to figure a way around it, then it wouldn't work". It's a meaningless statement.
It's a boot argument to the kernel, stored in NVRAM. These arguments are normally mutable. Apple had to write code to prevent modifying said arguments. Said code can have flaws.
But lets say you don't find a vulnerability in SIP userland detection, and instead find a kernel exploit to get around the protection:
If malware were to figure a way around it, then even antivirus software can't uninstall it. Only Apple can. It's not FUD.
Don't be alarmist, worst case a cleaning tool would have to be run from recovery mode, but nuke and pave is usually the recommended cause of action if you get a infected with a rootkit.
SIP holes will be found, and Apple will patch them just like other security flaws.
There are a few exceptions but generally you can stay one or two versions behind. While Apple annoyingly don't state how long they support OS releases, they currently ship security patches for 10.8 and 10.9. The last patch for Lion was just before the 10.10 release.
It is FUD since it is not impossible to make these changes, it's just (intentionally) more difficult than casually supplying a sudo password. Anyone can detect signature changes in a system directory and anyone can boot to a recovery volume (either the default Apple one or one provided by an anti-virus company, if desired) to make whatever corrective change they want.
This is absolutely FUD. Even if you're correct and malware finds a way around it, then it obviously doesn't work, which means antivirus software could use the same mechanism to kick out the malware.
