 |
 |
What's the Purpose of Installer's Initial User Prompt?
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
What's the point of Installer asking the user to allow it to determine if the package can be installed? The user already opened the package with the intent of installing the software, so what sense does that initial prompt make? I think I read something about it being related to security, but it does not request a password at that point so I do not see any security value in it. Installer only started behaving in this way recently, so Apple's engineers apparently thought it was necessary. I just don't get it, though.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
There is no "initial prompt" with the installer. There is only a prompt that asks whether it is ok to run an "program" while running the installer. An installer package has the option to include and run scripts (or full fledged applications afaik) before and after the installation. This could be a script that deletes the old version before installing for example. It could also be a script or app that deletes your hard drive, transmits personal data to a server in russia, installs a keylogger or whatever. Since the user might not expect that just the act of "installing" isn't just copying files but also means running apps, he now has been hereby warned and if there was a trojan in the package it was his own fault for running it.
(Last edited by TETENAL; Feb 8, 2006 at 10:51 AM.
)
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Mar 2002
Location: Boston
Status:
Offline
|
|
Originally Posted by Big Mac
What's the point of Installer asking the user to allow it to determine if the package can be installed?
One of the biggest issues with Windows/IE is the fact that programs can be installed without the user's knowledge. They go to a website, click on a link or the site itself, fire's off an active x that runs an installer in the background. adware and spyware frequently operate this way.
What Apple did was make sure this cannot happen by first allow the user to dis-allow this, and when an installer hits certain folders such as the library folder he needs to enter his password.
May seem like a pain, but I like it since I want control over what is getting installed.
Mike
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
Edit: Talking out my arse... delete post.
Do you mean this:
 ?
(Last edited by JKT; Feb 8, 2006 at 12:06 PM.
)
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Status:
Offline
|
|
Originally Posted by Big Mac
What's the point of Installer asking the user to allow it to determine if the package can be installed? The user already opened the package with the intent of installing the software, so what sense does that initial prompt make?
Because you can't assume that the user opened the package with the intent of installing any software. The password is a way of ensuring that someone with the authority to install software on the machine says that it's OK to go ahead.
I think I read something about it being related to security, but it does not request a password at that point so I do not see any security value in it. Installer only started behaving in this way recently, so Apple's engineers apparently thought it was necessary. I just don't get it, though.
Not all installers restrict themselves to doing only what they tell the user they're doing. The prompt is a means of making sure that the user knows that this is going on. That's an important part of security: the user has to be able to approve (or, more to the point, disapprove) of things like this.
|
|
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Okay, I see the dialog (which JKT thoughtfully captured above) is of extra, yet limited, security value, but the information provided by the sheet is of such a general nature that it does not really tell the user much of anything. IMO, Apple should update Installer so that the sheet contains some specific details about which files the program intends to modify.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
This dialog doesn't warn you that files are being modified. This dialog warns you that a program is being executed. A program can do anything. Arbitrary things. There is no way the Installer could determine what exactly the program will be doing. That's the special risk about it and that is why the Installer is warning you about it.
When there is no program executed during the installation and just files are being copied then you don't get this dialog.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
I see. . . well, it would just be nice to have the sheet provide some specific detail about the program, because in its current form I'm betting most people just blindly click okay.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
Originally Posted by Big Mac
I see. . . well, it would just be nice to have the sheet provide some specific detail about the program.
The only way I see how this could be possible were if the developer provided a description of the installer script/program. That wouldn't have stopped the iTunes installer script from erasing your hard drive though. And it wouldn't stop trojan authors with bad intentions.
But I agree with you that the dialog is not that helpful for the user. Basically what is does is, there is a principle problem (trojans) that has no or no convenient/easy/cheap solution currently, so that dialog transfers responsibility from the system (Apple) to the user.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Status:
Offline
|
|
Originally Posted by Big Mac
I see. . . well, it would just be nice to have the sheet provide some specific detail about the program, because in its current form I'm betting most people just blindly click okay.
There really isn't much you could do about this. Providing details like that essentially becomes what computer scientists call the halting problem: writing a program A which automatically determines whether a program B will successfully run without actually running program B, using no input except for program B's code, no matter what program B is. To date, nobody has ever been able to write a program that can do this, and whether or not it's even possible is a subject of fierce debate.
I guess the installer could rely on a developer-provided description which was somehow stored in the program. But getting around that is easy: the developer can simply lie about what the program does. Alternatively, I guess the installer could disallow running arbitrary applications, but instead allow the running of scripts in a specific language, like AppleScript or Python. The installer could then show the source code of the script, which the user could inspect to see if it really did what it claimed. However, that would require the user to read source code, and that's strictly a no-go.
|
|
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
