How the Zoom macOS installer does its job without you clicking ‘install’

(twitter.com)

796 points _Microft | 1 comments | 31 Mar 20 11:41 UTC | HN request time: 0s | source

Show context

pottertheotter ◴[31 Mar 20 12:47 UTC] No.22736966[source]▶

I installed Zoom on macOS yesterday and I thought that the install was crashing because this is not the expected behavior. I would double click the download, try to install, and then the installation program would "crash", so I'd try it again. Did that a few times before I realized it was installed. Until now I thought it had somehow gotten far enough in the installation process before crashing that I could at least use the application. I'd been hearing everyone raving about how Zoom was such better software than anything else, and my first experience was their installer doesn't even work.

This was a horrible user experience for me, and I wasn't thinking about security implications at all.

replies(4): >>22737035 #>>22738040 #>>22741429 #>>22743433 #

pehtis ◴[31 Mar 20 14:50 UTC] No.22738040[source]▶

>>22736966 #

I would highly recommend checking all installers on macOS through Suspicious Package. It will give you a complete picture of all the installer scripts that will be run and all the files that will be written. I did just that for zoom and decided against installing it.

replies(1): >>22739721 #

twodayslate ◴[31 Mar 20 17:08 UTC] No.22739721[source]▶

>>22738040 #

https://mothersruin.com/software/SuspiciousPackage/ for those curious

replies(3): >>22740875 #>>22741650 #>>22744660 #

1. JadeNB ◴[31 Mar 20 19:44 UTC] No.22741650{3}[source]▶

>>22739721 #

Similar functionality: unpkg (https://www.timdoug.com/unpkg/). See also https://stackoverflow.com/questions/11298855/how-to-unpack-a... . I think unpkg handles mpkg files, which I haven't encountered in the wild for quite a while now; I don't know about the others.

↑