31 October 2007 @ 19:05Caution: A Little Perspective

If you can get some unsuspecting user, on any operating system, to install your software, you can gain complete control of their computer.

There is a grey zone between trusting third-party developers and being trusting of any third-party (to the point of installing a trojan).

Everyone should exercise caution when it comes to installing anything, especially something that asks for administrator authentication. You should ask yourself, “Why does this installer need an administrator password?”

In many cases, the tools necessary to check the installer you just downloaded are right there in your Utilities folder. You can right-click the package to “Show Package Contents”. Then navigate to “Contents/Resources/”, and open the preflight and postflight files in a text editor. Look for anything suspicious. If you are not sure what it all means, there are plenty of forums and communities on the internet that can help you understand. The other thing you can do is drag the package onto Installer.app, then in the Menu bar select “Show Files”. This will show you every file that the Installer is installing and where it is to be installed. Again, if it doesn’t make sense, just ask someone.