←back to thread

How the Zoom macOS installer does its job without you clicking ‘install’

(twitter.com)
796 points _Microft | 5 comments | 31 Mar 20 11:41 UTC | HN request time: 0.628s | source
Show context
pottertheotter ◴[31 Mar 20 12:47 UTC] No.22736966[source]
I installed Zoom on macOS yesterday and I thought that the install was crashing because this is not the expected behavior. I would double click the download, try to install, and then the installation program would "crash", so I'd try it again. Did that a few times before I realized it was installed. Until now I thought it had somehow gotten far enough in the installation process before crashing that I could at least use the application. I'd been hearing everyone raving about how Zoom was such better software than anything else, and my first experience was their installer doesn't even work.

This was a horrible user experience for me, and I wasn't thinking about security implications at all.

replies(4): >>22737035 #>>22738040 #>>22741429 #>>22743433 #
pehtis ◴[31 Mar 20 14:50 UTC] No.22738040[source]
I would highly recommend checking all installers on macOS through Suspicious Package. It will give you a complete picture of all the installer scripts that will be run and all the files that will be written. I did just that for zoom and decided against installing it.
replies(1): >>22739721 #
1. twodayslate ◴[31 Mar 20 17:08 UTC] No.22739721[source]
https://mothersruin.com/software/SuspiciousPackage/ for those curious
replies(3): >>22740875 #>>22741650 #>>22744660 #
2. 0xff00ffee ◴[31 Mar 20 18:37 UTC] No.22740875[source]
Oooh this is good. A few years ago I came home drunk and wanted to watch this old film that wasn't on any channels. I found it on some dubious website, which required me to install a player .dmg. I drunkenly typed in my password, and then an hour later was like: dafuq did I just do?!? Next day I re-imaged my mac because I'm both paranoid and don't know enough about secops.

SuspiciousPackage wouldn't have helped combat Drunk Install Syndrome, but it might have been a helpful tool before I nuked my OS.

Or maybe this is just good marketing for SuspiciousPackage, which is really malware. Well played.

replies(1): >>22744841 #
3. JadeNB ◴[31 Mar 20 19:44 UTC] No.22741650[source]
Similar functionality: unpkg (https://www.timdoug.com/unpkg/). See also https://stackoverflow.com/questions/11298855/how-to-unpack-a... . I think unpkg handles mpkg files, which I haven't encountered in the wild for quite a while now; I don't know about the others.
4. paulschreiber ◴[01 Apr 20 01:11 UTC] No.22744660[source]
Pacifist is also handy https://www.charlessoft.com/
5. mulmen ◴[01 Apr 20 01:52 UTC] No.22744841[source]
If you don’t trust SuspiciousPackage just run it through SuspiciousPackage.