[highwaylights]

I don't think any major desktop OS handles this well.

I suspect the final form for software installation is probably where iOS and Android are going in the EU, where there's a single means of installing software to the device so that everything can be sandboxed properly, but the acquisition/update process can be pointed to a URL/Store that the user has pre-approved.

macOS comes pretty close to what I'd ideally want in an OS with regards to installation - independent packages that are certified/notarised, but I'd like to see the OS allow for user-specified authorities beyond just Apple. That being said, I'm not sure I'd ever use them as it's part of what I'm paying Apple for, I'm really thinking more of Linux there.

A kind of flatpak/snap approach, but that has signing of the package and centralised management of the permissions for the sandbox at an OS level would be ideal in my view. That way it's still free-as-in-speech as the user can specify which notarisation authority to use (or none at all).

I really don't understand why seperate programs are handling removing their mother program in 2023, that's registry spaghetti messy.

[irusensei]

Everyone is pointing at Windows but there are still installer software on MacOS. Normally crusty old corpoware like Citrix that needs to extend its tentacles to the whole system.

On Unix/Linux land the prevalence of pipe curl to bash type installers is not much different.

I normally keep both types away from my computers.

[Matl]

> On Unix/Linux land the prevalence of pipe curl to bash type installers is not much different.

This is a problem but only if you install software on Linux by manually going to the project page and copy-pasting whatever curl they have there, I think the difference is that mostly you're encouraged to go the package manager route, whereas on windows downloading .exes directly (ala the curl example) is the norm.

[sanitycheck]

It seems to be increasingly the case that package managers just don't have some software - or have a version that's years out of date. Perhaps the number of different ones available has become self-defeating.

Directly sudoing a curl-ed script is like running a binary on Windows with admin permissions and with Defender turned off, which makes it somewhat more scary to me.

On Windows I use Chocolatey when I can, and if I can't (or it looks dodgy anyway) I'll either just not install it or try it in a sandbox. Things that aren't choco-able are generally commercial software obtained from the vendor's download page, we theoretically trust those things somewhat. YMMV.

[Matl]

> Directly sudoing a curl-ed script is like running a binary on Windows with admin permissions and with Defender turned off,

Most people would just say yes to any prompt they get, those wise enough not to aren't running random curl scripts either.

As for Defender being any kind of protection, I have my doubts.

> it seems to be increasingly the case that package managers just don't have some software - or have a version that's years out of date.

This is entirely distro dependant, some are very up to date and have most things you'd want, especially if you include the likes of AUR in that. But then there's usually a Flatpak or an AppImage that you can use in the odd case that they don't.

[jjgreen]

Actually no, the problem with curl | bash is that it can be detected on the server, so if the server is compromised, it can serve you malware and you will never know about it. It is safe(r) to curl > file, inspect the file, then execute it under bash.

[yrro]

The result of inspecting such a file is usually a series of disgusted shudders, "this will do WHAT do my machine"?

[jjgreen]

Sometimes a smile at the clarity and simplicity of the authors shell code, sometimes.

[yrro]

A rare delight but it does happen

[madeofpalk]

Only installers I’ve seen are the .installer bundles, which leave behind a manifest for automated uninstalling.

[jjgreen]

On Unix/Linux land the prevalence of pipe curl to bash type installers is not much different.

True, but saying so will likely to earn you downvotes from those committed to this unhygenic practice ...

[tobias3]

You are basically describing what Windows has as appx/msix. The decentrialized notarization authorities are the code signing certificate providers.

[highwaylights]

I had not seen this, but it absolutely does (on the surface) seem like a solution to this problem. Thanks!

I’d need to educate myself a bit more in terms of whether there are third-party authorities beyond Microsoft for the packages.

Found this introductory video for anyone else interested:

https://www.youtube.com/watch?v=phrD081sMWc

Note: I didn’t intend the Surface pun above, but it happened and we can all be glad that it did.

[mike_hearn]

Yes there are a few certificate authorities. For example DigiCert, SSL.com and others. You can also create your own e.g. for enterprise deployments. Or you could even set up a public CA if you wanted to, the process is standardized.

So whilst Microsoft will sign for you if you distribute via their store, otherwise you pay per year for certificates and can distribute outside the store.

There are problems with the system (cost, bugs, usability problems) but it is decentralized.

[mschuster91]

> macOS comes pretty close to what I'd ideally want in an OS with regards to installation - independent packages that are certified/notarised, but I'd like to see the OS allow for user-specified authorities beyond just Apple.

It's easy to run unsigned binaries/app packages on macOS: right click on the .app, hold down Option, then click Open and confirm the warning.

[tmpX7dMeXU]

That is not a user-specified authority.

[TheNewsIsHere]

I would also like this option. I see why Apple finds it undesirable though. Software installation safeguards are a game of whack-a-mole with (e.g.) support scammers who ask grandma/Lee-in-accounting/Cindy-next-door to naively click through all the warnings.

The closest Apple comes to this capability is achieved via device Supervision and MDM, which might be comfortable for some of us here in this forum but obviously isn’t practical beyond more technical circles.

Baddies keep ruining all the fun for the rest of us.

[cm2187]

And being the only authority also happens to be conveniently aligned to their financial incentives.

[mschuster91]

> Baddies keep ruining all the fun for the rest of us.

IMHO the blame rather lies with our politicians who are unwilling to take the steps necessary to cut the baddies off from the Internet. Let's see just how fast India, Pakistan, Turkey and other scammer hotspots clean up their act when the US+EU threaten to cut them off from the Internet and SS7 unless the scam callcenters are closed down for good... the amount of corruption regularly exposed by scambaiters on Youtube is insane. Billions of dollars of damages each year [1] from that bullshit and our politicians don't. fucking. care.

[1] https://www.vibesofindia.com/fraudsters-in-india-cost-americ...

[resfirestar]

I’m more than a little skeptical that scams would be less of a problem if specific countries cracked down on large operations. For one thing it’s not clear how you’d ever get the whole world on board. Pressuring India is hard enough, try Myanmar, a place that doesn’t get along with the West at all and is already a hotspot for phone scams targeting Chinese speakers. And if centralized, relatively open operations overseas were no longer possible, it would likely become more like other types of fraud run by local gangs. So I’m all for pressuring India to crack down on scammers, but I don’t see how that would reduce the desire to tighten software controls on PCs.

[mschuster91]

> For one thing it’s not clear how you’d ever get the whole world on board.

You don't need the whole world. The Western world is enough - no Internet and phone service (both easily enforced by requiring providers to reject ASNs / phone country codes) means a lot of lost business for an affected country.

> Pressuring India is hard enough, try Myanmar, a place that doesn’t get along with the West at all and is already a hotspot for phone scams targeting Chinese speakers.

Honestly, that's China's problem to solve.

> So I’m all for pressuring India to crack down on scammers, but I don’t see how that would reduce the desire to tighten software controls on PCs.

When software vendors don't have to gate more and more features behind more and more obnoxious bullshit simply to whack-a-mole scammers, they won't.

[cto_of_antifa]

they probably don't do it because it's a bad solution.

[mschuster91]

Is it? I prefer to tackle problems at the source, and its crystal clear that overseas scammers are exploiting corrupt local law enforcement in conjunction with easy access to targets via the Internet and shady telephone providers.

[10000truths]

There is no Pareto optimal unicorn that provides both a democratized marketplace of software with low barriers to entry and an ironclad guarantee of security against compromise of personal user information. These two are fundamentally at odds. If anyone can produce and distribute software easily on a given platform, then so can people with malicious intent.

[gjsman-1000]

Or just run `sudo spctl --master-disable` one time; and it will change the allowed app sources to the invisible "Anywhere" option.

[alerighi]

> I suspect the final form for software installation is probably where iOS and Android are going in the EU, where there's a single means of installing software to the device so that everything can be sandboxed properly, but the acquisition/update process can be pointed to a URL/Store that the user has pre-approved.

Basically how Linux distributions works since the beginning. Tough at the start the installation source was not remote but a CD-ROM things didn't change.

You have a repository of packages (that can be on a local source as a CD or remote source such as an HTTP/FTP server), that have some sort of signature (on Linux usually the pagkage is signed with GPG) with some keys that the user trusts (and the default are installed on the system), and a software that allows to install, uninstall and update the packages.

Android/iOS arrived later, but they didn't invent anything.

[efreak]

Android/iOS didn't invent this, no, however you're missing the sandbox part. Most Linux package managers don't sandbox anything.

[brap]

iOS is the gold standard IMO. Apps are sandboxed, can only interact with the outside world via APIs (that the user needs to approve), one click uninstall and it’s all gone without a trace (at least in theory). Love it.

[fomine3]

I think Android does it better with third party store and sideload support. It seems that iOS depends some security to their own the AppStore. (example: disallow dynamic code generation like JIT)