|Home » Learning Curve
3rd Party Software
What Apple put on your computer is one thing; what 3rd party vendors try to put on it is something else.
The best delivery format for 3rd party software downloads is bzip2. The compression of this engine is at times twice as good as GNU zip. The best way to compress for bzip2 is to first create a tar of the source directory and then zip it (Zippit, part of the AppleCore, does this seamlessly - you can also do it on your own from the command line).
Downloads compressed with bzip2 will expand and no more. There is no lurking intelligence to try to put files in any one location. Stuffit Expander on the OS X disk will deal with bzip2 files effortlessly. Earlier versions of Expander will leave the 'tar' file; later versions will remove it automatically. It's of little consequence once the download has been expanded.
Do not accept 'intelligent' downloads from 3rd party vendors with less than the greatest apprehension. There is no reason to use 'DMG' files other than to make things pretty, and 3rd party software using the Apple installer can be dangerous.
If 3rd party software asks for your password, delete it. There has to be a very good reason (which you should be able to understand) for having what normally becomes superuser access to your computer when you don't normally use it yourself.
Some command line utilities demand a 'SUID root' bit to run. Traceroute needs it, for example, to be able to fiddle with the 'TTL' field in the IP headers. But these command line utilities are difficult to hack, whilst GUI applications are a veritable duck shoot.
3rd party vendors may also want to muck about in areas of your disk where they're not allowed to go and don't need to go. If you give them your password, they can in essence do anything they want. Not to make you unnecessarily paranoid, but even an app that seems to behave properly could contain a backdoor to be exploited farther down the road.
GUI software should not need root access to run - and if there should be an exception to this rule, the vendor must be able to spell out the situation in a clear, honest, and convincing manner.
Exit all applications when you do a download, and do nothing between the download and the first run (and exit) of your new application. Get the application 'installed', then run it once and exit it properly - and then do the following Terminal trick:
sudo find / -newer <your download> >~/newer.txt
Where <your download> is the full path to your download. When the command finishes running, open ~/newer.txt. This file will contain all the files that have been created or modified since you completed your download.
It's a big mess in that file: you can immediately disregard all the paths that begin with /dev - those are just driver activities. But everything else is suspicious. See where your new app has put its footprints, and investigate each and every instance. Keep this file around if you decide to keep your application. You shouldn't need to run any uninstaller when you tire of it, and even if you do, check with this file to make sure the uninstaller worked correctly.