Most active commenters

    ←back to thread

    How the Zoom macOS installer does its job without you clicking ‘install’

    (twitter.com)
    796 points _Microft | 22 comments | 31 Mar 20 11:41 UTC | HN request time: 2.139s | source | bottom
    1. pottertheotter ◴[31 Mar 20 12:47 UTC] No.22736966[source]
    I installed Zoom on macOS yesterday and I thought that the install was crashing because this is not the expected behavior. I would double click the download, try to install, and then the installation program would "crash", so I'd try it again. Did that a few times before I realized it was installed. Until now I thought it had somehow gotten far enough in the installation process before crashing that I could at least use the application. I'd been hearing everyone raving about how Zoom was such better software than anything else, and my first experience was their installer doesn't even work.

    This was a horrible user experience for me, and I wasn't thinking about security implications at all.

    replies(4): >>22737035 #>>22738040 #>>22741429 #>>22743433 #
    2. macleginn ◴[31 Mar 20 13:00 UTC] No.22737035[source]
    Same here. I thought the process didn't finish until I tried launching the app (which I was supposed to do by clicking a link in the browser, which is also rather unintuitive).
    3. pehtis ◴[31 Mar 20 14:50 UTC] No.22738040[source]
    I would highly recommend checking all installers on macOS through Suspicious Package. It will give you a complete picture of all the installer scripts that will be run and all the files that will be written. I did just that for zoom and decided against installing it.
    replies(1): >>22739721 #
    4. twodayslate ◴[31 Mar 20 17:08 UTC] No.22739721[source]
    https://mothersruin.com/software/SuspiciousPackage/ for those curious
    replies(3): >>22740875 #>>22741650 #>>22744660 #
    5. 0xff00ffee ◴[31 Mar 20 18:37 UTC] No.22740875{3}[source]
    Oooh this is good. A few years ago I came home drunk and wanted to watch this old film that wasn't on any channels. I found it on some dubious website, which required me to install a player .dmg. I drunkenly typed in my password, and then an hour later was like: dafuq did I just do?!? Next day I re-imaged my mac because I'm both paranoid and don't know enough about secops.

    SuspiciousPackage wouldn't have helped combat Drunk Install Syndrome, but it might have been a helpful tool before I nuked my OS.

    Or maybe this is just good marketing for SuspiciousPackage, which is really malware. Well played.

    replies(1): >>22744841 #
    6. afandian ◴[31 Mar 20 19:25 UTC] No.22741429[source]
    I did this too and didn't put two and two together til now. I just assumed it was a buggy installer that broke with that version of MacOS and tried a different machine

    I've defended Zoom in the past for ethical 'slips', but weidly this has tipped me into hating it.

    replies(1): >>22741581 #
    7. enricotal ◴[31 Mar 20 19:37 UTC] No.22741581[source]
    Ok this is it... I was able to disinstall it with

    $ brew cask install zoomus $ brew cask uninstall zoomus

    so long and thank you for all the fish... Zoom

    replies(2): >>22742826 #>>22745056 #
    8. JadeNB ◴[31 Mar 20 19:44 UTC] No.22741650{3}[source]
    Similar functionality: unpkg (https://www.timdoug.com/unpkg/). See also https://stackoverflow.com/questions/11298855/how-to-unpack-a... . I think unpkg handles mpkg files, which I haven't encountered in the wild for quite a while now; I don't know about the others.
    9. angott ◴[31 Mar 20 21:29 UTC] No.22742826{3}[source]
    You can also use “brew cask zap zoomus” to remove preference files, browser plugins, logs.
    replies(1): >>22742836 #
    10. a-wu ◴[31 Mar 20 21:30 UTC] No.22742836{4}[source]
    Does this also work for non-brew installs?
    replies(2): >>22743367 #>>22745526 #
    11. szhu ◴[31 Mar 20 22:23 UTC] No.22743367{5}[source]
    Homebrew Cask's uninstall scripts are basically a community-maintained "best guess" at to how to full uninstall each piece of software. It's generally pretty reliable, and I do use it to remove non-brew installs sometimes.

    Note: I have contributed casks to Homebrew Cask before.

    12. yreg ◴[31 Mar 20 22:29 UTC] No.22743433[source]
    I too don't get how Zoom is considered "the superior software". Maybe the calls don't drop, but the experience is bad (at least on macOS).
    replies(2): >>22743535 #>>22744654 #
    13. 7ewis ◴[31 Mar 20 22:41 UTC] No.22743535[source]
    Said this on Reddit the other day and got downvoted.

    It _is_ bad on macOS. It used to be one of the better platforms to stream video content to others, but now it just lacks in many areas compared to most of its competitors.

    The worst bug I had was it essentially started muting random people on a call, but only for me. I could see their mouth moving, and thought it was a problem their side but turns out everyone else could hear them apart from me. I could hear everyone else too apart from them.

    14. shreyshrey ◴[01 Apr 20 01:10 UTC] No.22744654[source]
    Yes. My experience is really bad too in mac OS. I thought may be something wrong with my setup.
    15. paulschreiber ◴[01 Apr 20 01:11 UTC] No.22744660{3}[source]
    Pacifist is also handy https://www.charlessoft.com/
    16. mulmen ◴[01 Apr 20 01:52 UTC] No.22744841{4}[source]
    If you don’t trust SuspiciousPackage just run it through SuspiciousPackage.
    17. sneak ◴[01 Apr 20 02:36 UTC] No.22745056{3}[source]
    Presumably if you don't like Zoom's shadiness, you may not like Homebrew's bundled spyware either. Disable it with

        brew analytics off
    replies(3): >>22745156 #>>22746437 #>>22746804 #
    18. webmobdev ◴[01 Apr 20 02:56 UTC] No.22745156{4}[source]
    Or better yet, switch to MacPorts - https://www.macports.org/
    19. angott ◴[01 Apr 20 04:02 UTC] No.22745526{5}[source]
    You can add `--force` and zap will also work on non-brew installs. The paths are community-contributed, so watch out (you can print the paths with `brew cask cat <name>`).
    20. 8fingerlouie ◴[01 Apr 20 08:34 UTC] No.22746804{4}[source]
    Isn't that more like Debian popularity contest ?

    https://popcon.debian.org/

    replies(2): >>22746900 #>>22750263 #
    21. icebraining ◴[01 Apr 20 08:57 UTC] No.22746900{5}[source]
    popcon is opt-in.
    22. sneak ◴[01 Apr 20 16:12 UTC] No.22750263{5}[source]
    No. Homebrew sends a per-installation unique identifier to a third party (Google), tracking your location across different IPs, whether you want it to or not.

    Popcon is first-party, and is entirely opt-in. It doesn’t send anything unless you want it to.