After using apt-get for everything, going back to manually finding an (untrusted) executable, running it, hitting a bunch of next buttons -- seems insane.
It is quite bad. External dependencies are also nearly impractical this way, so all installers tend to embed their universe of dependencies, making for an even worse experience.
After simply using installers in Windows, dealing with conflicting package and library dependencies seems insane. I've been unable to use multiple applications on linux because of this issue whereas that would never happen on Windows where installers just have what they need without getting in each other's business.
So, I had to clean some viruses off a Windows 7 machine for a friend recently. I had to grab about six different bits of anti-malware software to do so. Some of that software came from famous vendors' sites where the downloaded software wasn't even protected by https. No real way to externally validate the item I was about to install on a system which is already known to be compromised.
Some of the installers tried to install bundled crapware - which is frequent in the Windows world, and you have to watch out for it with every installer.
I hadn't done any real work on Windows for so long that I'd forgotten the whole "is this even safe to download?" problem that Windows has with it's applications.
The (main) virus came through a user brainfart clicking on something she shouldn't have, so it got to install directly with admin privs. Amongst other things, it managed to block the MS AV from running properly and hijacked the DNS, which I had to manually reset. I can't recall how MS AV was blocked, sorry. Once it was all cleaned up I left it with MS AV active, though.
I'm not all that experienced in cleaning windows machines these days, but I do remember that each of the tools I ran cleared out something beyond just 'tracking cookies' - and each of them got something that the others didn't.
I certainly feel for mere mortals that have to do this sort of stuff on their own, given that the anti-malware websites frequently have the same garish in-your-face appearance and crappy download sites as malware-supply websites do.
What exactly is your point? Applications bundling their dependencies is the norm on all mass-market desktop and mobile platforms. So commercial developers of packaged software are used to it. Such developers even tend to bundle dependencies when targeting Linux, if they want to be distro-agnostic. In this respect, developers of open-source software are spoiled, because they can delegate dependency handling to the distro or, in many cases, the user.
Untrusted by whom? It's the same vendor whether it comes from their site or the package repository.
And maybe people include way too many dependencies in their projects if it's too much to manage manually. Also, installers are perfectly capable of managing dependencies.
It's the same vendor whether it comes from their site or the package repository.
Prove it.
The package manager allows you to cryptographically verify the binary was inspected by somebody you trust (the package maintainers). While windows has added code-signing/verification capabilities, many installers are unsigned, and those which are signed don't have a useful trust anchor.
That's what the mailing list / debbugs are for. Each package has a maintainer(s) who are responsible for looking after the package creation and upload.
A new upload creates an audit trail that could be checked if needed.
I don't know who uses those builds, though. We can be sure that the year of Linux on the desktop will never arrive if we expect end-users to unpack tarballs.
Edit: To make that last part a little more constructive, perhaps this will help with distro-agnostic packaging of official Linux builds of Firefox and other applications: https://wiki.gnome.org/Projects/SandboxedApps
Did you try to download the x86 build? If so, it's your fault. If they don't provide an arm build, or if you got the arm build, it's Mozilla's fault, not Debian's.
My contact details are in my profile - I'm happy to help you get this working if you're still interested. It can be hard to find correct instructions for things like manual installs, especially when distros like Raspbian can be slightly different from their upstream sources.
It is quite bad. External dependencies are also nearly impractical this way, so all installers tend to embed their universe of dependencies, making for an even worse experience.